Component Info View
The visualization chart shown below shows a number of properties for different, available versions of the selected component. Older versions are displayed on the left and newer versions on the right. Click on any section in the visualization, and all information for that particular version will be highlighted, with the specific version number at the bottom. In addition, the details for that version of the component will display in the right-hand list of properties. Arrows to the left and right of the visualization allow you to view the full range of available versions.
The properties displayed include:
|Popularity||The relative popularity of a version as compared to all other component versions.|
|Policy Threat||The heatmap marker colors represent the highest policy threat levels for each version across all policy types, with no marker indicating no threat.|
|Security||The heatmap marker colors represent the highest policy threat levels for each version across security violation policies, with no marker indicating no threat.|
|License||The heatmap marker colors represent the highest policy threat levels for each version across licensing policies, with no marker indicating no threat.|
|Quality||The heatmap marker colors represent the highest policy threat levels for each version across quality policies, with no marker indicating no threat.|
|Other||The heatmap marker colors represent the highest policy threat levels for each version across other policies, with no marker indicating no threat.|
You will likely notice a number of colors within the visualization chart. The value for each of these colors is as follows:
- Grey - any versions older than the current version.
- Green - newer, but within the same major version of the component.
- Blue - newer component versions, but with a greater major version than the current component.
For Policy Threat
- Blue - no security or license risk
- Yellow - minor security or license risk
- Orange - medium security or license risk
- Red - severe security or license risk
The details of a specific component and version as displayed in the image below include properties about the component and provide access to further features:
|Component Identifiers (May be different, depending on language and component manager)||Various different fields used to uniquely identify a component, i.e. Group and Artifact for maven dependencies, ID for Nuget Packages and Name for NPM dependencies.|
|Version||The version of the component.|
|Overridden License||The value of a license override configured in your IQ Server.|
|Declared License||The software license declared by the developer of the project, which in some cases, is identified during research by Sonatype, or directly from the Maven POM file.|
|Observed License||The licenses found by the IQ Server in a source code analysis.|
|Highest Policy Threat||The highest threat level policy that has been violated, as well as the total number of violations.|
|Highest Security Threat||The highest security threat level, as well as the number of issues, found with the respective level.|
|Cataloged||The age of the component in the Central Repository.|
|Identification Source||The catalog in which a component identification match was found. This includes either a match made by Sonatype (e.g. the catalog of the Central Repository), or a match made manually (i.e. through the IQ Server claiming process).|
|Website||If available, an information icon providing a link to the project is displayed.|
|View Details||Press this button to display the details view for the selected component.|
|Migrate to Selected (Only applicable to IDE plugins)||Press this button to start a project refactoring that allows you to change all usages of the current component to a different version.|
Recommended Versions (Only applicable to IDE plugins)
Provides suggestions for different versions of the selected component which do not suffer from the same policy violations as the current version.
By clicking on the version hyperlink, the recommended version is selected in the version graph, and details are populated in the right-hand list of properties.
Recommended versions are dependant on the availability of a newer version of the selected component which do not have any IQ policy violations. If such a version does not exist, no recommendations are displayed.