Component Info View

Visualization Chart

The visualization chart shown below shows a number of properties for different, available versions of the selected component. Older versions are displayed on the left and newer versions on the right. Click on any section in the visualization, and all information for that particular version will be highlighted, with the specific version number at the bottom. In addition, the details for that version of the component will display in the right-hand list of properties. Arrows to the left and right of the visualization allow you to view the full range of available versions.

The properties displayed include:

Field

Description

PopularityThe relative popularity of a version as compared to all other component versions.
Policy ThreatThe heatmap marker colors represent the highest policy threat levels for each version across all policy types, with no marker indicating no threat.
SecurityThe heatmap marker colors represent the highest policy threat levels for each version across security violation policies, with no marker indicating no threat.
LicenseThe heatmap marker colors represent the highest policy threat levels for each version across licensing policies, with no marker indicating no threat.
QualityThe heatmap marker colors represent the highest policy threat levels for each version across quality policies, with no marker indicating no threat.
OtherThe heatmap marker colors represent the highest policy threat levels for each version across other policies, with no marker indicating no threat.

You will likely notice a number of colors within the visualization chart. The value for each of these colors is as follows:

For Popularity

  • Grey - any versions older than the current version.
  • Green - newer, but within the same major version of the component.
  • Blue - newer component versions, but with a greater major version than the current component.

For Policy Threat

  • Blue - no security or license risk
  • Yellow - minor security or license risk
  • Orange - medium security or license risk
  • Red - severe security or license risk

Version Details

The details of a specific component and version as displayed in the image below include properties about the component and provide access to further features:

Field

Description

Component Identifiers (May be different, depending on language and component manager)Various different fields used to uniquely identify a component, i.e. Group and Artifact for maven dependencies, ID for Nuget Packages and Name for NPM dependencies.
VersionThe version of the component.
Overridden LicenseThe value of a license override configured in your IQ Server.
Declared LicenseThe software license declared by the developer of the project, which in some cases, is identified during research by Sonatype, or directly from the Maven POM file.
Observed LicenseThe licenses found by the IQ Server in a source code analysis.
Highest Policy ThreatThe highest threat level policy that has been violated, as well as the total number of violations.
Highest Security ThreatThe highest security threat level, as well as the number of issues, found with the respective level.
CatalogedThe age of the component in the Central Repository.
Identification SourceThe catalog in which a component identification match was found. This includes either a match made by Sonatype (e.g. the catalog of the Central Repository), or a match made manually (i.e. through the IQ Server claiming process).
WebsiteIf available, an information icon providing a link to the project is displayed.
View DetailsPress this button to display the details view for the selected component.
Migrate to Selected (Only applicable to IDE plugins)Press this button to start a project refactoring that allows you to change all usages of the current component to a different version.

Recommended Versions (Only applicable to IDE plugins)

Provides suggestions for different versions of the selected component which do not suffer from the same policy violations as the current version.

By clicking on the version hyperlink, the recommended version is selected in the version graph, and details are populated in the right-hand list of properties.

Recommended Versions

Recommended versions are dependant on the availability of a newer version of the selected component which do not have any IQ policy violations. If such a version does not exist, no recommendations are displayed.