Versions Compared

Old Version 7

changes.mady.by.user Kiuwan Editor User

Saved on

compared with

New Version 8

changes.mady.by.user Kiuwan Editor User

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

Table of Contents

Components Inventory

If you are a developer, you most probably will access to build systems where external components are “identified”.

...

Info

Kiuwan Insight analyzes your application software, discovering all external dependencies, and builds a Components Inventory that lets you track of any external piece of code that could be part of your application.

 

Supported languages and resources

Info

Kiuwan Insights uses the following resources to extract information on 3rd party dependencies.

...

Info

Components Inventory is accessible trough Insights >> Components tab.

 

Insights >> Components

Insight >> Components tab displays Components Inventory:

  1. Overall Information on Components – aggregated information on number and type of components
  2. List of Components – detailed listing of components
  3. Component detail – detailed information on selected component

 

 

Overall Information on Components

 

  • Number of components by language
  • Number of components by Security Risk level (High, Medium, Low and None)
  • Alerts :
    • Components with High Security Risk
    • Components being used with different versions that might be cause conflicts
    • Etc.

 

List of Components

Kiuwan Insights provides a full listing of all those components being used by your application.

...

  • Component name and description
  • Used version(s)
  • Its filename (i.e. physical container) (.jar, .dll, .js, etc)
  • Programming language
  • Obsolescence risk (see Obsolescence Risk )
  • License risk (see XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
  • Security risk (see XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)

 

Security risk

Info
titleSecurity Risk

A component’s Security Risk is based on CVSS v2 Base Scores (Severities) of its vulnerabilities:

  • If the selected component has more than one vulnerability, Kiuwan will label the component with the highest severity value of all the vulnerabilities of the component.
  • If the selected component has only one vulnerability, the Severity of that vulnerability will be the Security Risk of the component.


Please visit XXXXXXXXXXXXXXXXX for further information on CVSS v2 Base Scores (Severities) of vulnerabilities.

 

Obsolescence risk

Info
titleObsolescence Risk

A component’s Obsolescence Risk is a measure of the risk level relative to:

  • the antiquity of your version respect to the latest version, and
  • how active is the component

Both values are combined in the Obsolescence Risk to provide a value of the risk associated to using outdated or “dead” components.


 Please visit XXXXXXXXXXXXXXXXX for further information on Obsolescence.

 

License risk

Info
titleLicense Risk

A component’s License Risk is a measure of the risk level relative to legal implications of used components’ licenses.

...

Please visit XXXXXXXXXXXXXXXXX for further information on Licenses.

 

Component details

By clicking on a component, you will have access to the following information:

  • Description of the component
  • License of the component
  • Found vulnerabilities of the selected component:
    • CVE identifier, and link to NIST National Vulnerability Database desc page
    • CWE type, and link to MITRE Common Weakness Enumeration desc page
    • Vulnerability description
    • Severity (more on this at XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)

 

Duplicated components

Info

With Kiuwan Insights you can identify different versions of the same component used by your application.

...