Users with IQ Server version 132 and above can access the Dependency Tree page. This view displays the Direct and Transitive components of the report as a dependency tree sorted by threat level.
Note that only the dependency tree is only available for npm, Maven, and applications with a CycloneDX SBOM that includes dependency information.
Note that older reports might not have the dependency info and need to be re-scanned (not re-evaluated).
Access the Dependency Tree
From the Application Composition Report, click the "View Dependency Tree" button above the Policy Violations Table.
Additional Dependency Tree features
Threat level indicators match the threat level colors in the Application Composition Report.
Dependencies in the Dependency Tree are sorted (descending) according to the threat level within their nested level.
Note that the filter functionality is case insensitive.
You can filter the Dependency Tree using a search term. The dependency tree will filter and all matches will be highlighted.
Component Details Page navigation
When you select a dependency, you are redirected to the Component Details Page for that dependency.