Skip to main content

Repository Component Details Page

Click on an individual component on the Repository Results page (or in the Sonatype Repository Firewall) dashboard to view the Component Details Page. The top section of the component details page contains links to access:

Policy Violations: View all policies violated by the selected component, and view existing or apply new waivers for the component.

Security: View all security policies violated by the selected component, view the component vulnerabilities, and view existing or apply waivers for the component.

Legal: View the effective, declared, and observed licenses for the component, legal policy violations, review the legal obligations and view existing or apply waivers for the component.

Labels: Assign and manage labels for the selected component.

137206232.png

The Component Information section contains the match state, identification source, and other component data. Click on View Coordinates button to find out the exact component coordinates.

Clicking on the Re-evaluate Component button will evaluate policies on this component. When re-evaluating a quarantined component, if the new evaluation does not have policy evaluations, the component is released from quarantine.

The Risk Remediation section contains the version of the component that is recommended for safe use by our research team.

137206219.png

The Compare Versions table contains a comparative analysis of the current and selected component versions, to help decide the remediation action.

Compare Versions table:

Component Profile

What it means

Version

The version no. of the component

Highest Policy Threat

The highest threat level policy that has been violated, as well as the total number of violations. The value may be NA if all threats have been waived.

Security Violation Threat

The security violation threat level.

Highest CVSS Score

The highest threat level security vulnerability and the total number of security vulnerabilities. The value may be NA if all threats have been waived.

License Violation Threat

The license violation threat level.

Effective License

Any licenses included in the Declared or Observed Group, or the overridden license.

Quality Violation Threat

The quality violation threat level.

Other Violation Threat

Other violation threat level.

Integrity Rating

The level of suspiciousness (Suspicious, Normal) of this version as determined by our machine-learning intelligence. Versions that are marked suspicious may be malicious. The value may be Not Applicable if no integrity data is applicable.

Cataloged

The age of the component based on when it was first added into the source from which it was identified.

First Evaluation

Date when the component was first evaluated.

Latest Evaluation

Latest evaluation date for the component.

Quarantined

Date when the component was quarantined.

Released from Quarantine

Date when the component was released from quarantine.

Waiving Repository Policy Violations

Policy violations for components found in your repositories can be waived with multiple options for the scope and target of the waiver. To waive violations, verify that your assigned role has the permission: Waive Policy Violation.

View/Remove Existing Waivers

137206282.png

Click on Policy Violations tab (or Security or Legal tab) for the repository component.

To review all existing waivers that apply to this component, click on View Existing Waivers button.

137206283.png

Review and delete the component waiver, if needed and close the page.

Add a new Component Waiver

On the Policy Violations (or Security or Legal) tab, scroll over to the row that displays the violation. Click on the caret-right icon to open the Violation Details page.

137206289.png

Click on Manage Waivers button.

To create a new waiver, click the Add Waiver button. ReferAdding a Waiver for more information.

137206284.png

The available options for the Scope of component waivers are Repository, All Repositories, or the Root Organization.

Click Waive to complete the waiver creation.

Note

Waivers are applied the next time policies are evaluated for the affected components.