Skip to main content

Dependency Tree

Users with IQ Server version 132 and above can access the Dependency Tree page. This view displays the Direct and Transitive components of the report as a dependency tree sorted by threat level.

Note

Note that the dependency tree is only available for npm, Maven, and applications with a CycloneDX SBOM that includes dependency information.

103907719.png

Note

Note that older reports might not have the dependency info and need to be re-scanned (not re-evaluated).

Access the Dependency Tree

From the Application Composition Report, click the "View Dependency Tree" button above the Policy Violations Table.

108960997.png

Additional Dependency Tree features

Sorting

Note

Threat level indicators match the threat level colors in the Application Composition Report.

Dependencies in the Dependency Tree are sorted (descending) according to the threat level within their nested level.

100140614.png
100140612.png

Filtering

Note

Note that the filter functionality is case-insensitive.

You can filter the Dependency Tree using a search term. The dependency tree will filter and all matches will be highlighted.

103907720.png

Component Details Page navigation

When you select a dependency, you are redirected to the Component Details Page for that dependency.