...
Introduction
...
...
...
Open Source repositories provides huge amounts of software that lets you to build new applications very fast and robustly.
But not all are benefits; there might be also some drawbacks when using open source components.
First obvious question has to do with how much open source software is your application using.
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
At a glance, Kiuwan Insights provides visual indicators that quickly let you to know the different levels of risk associated to every external component.
Every component is assigned a level (High, Medium, Low or None) on three different risk metrics:
- Security Risk (due to vulnerabilities introduced by components)
- Obsolescence Risk (due to using obsolete components)
- License Risk (due to legal implications of used components’ licenses)
Components Inventory
If you are a developer, you most probably will access to build systems where external components are “identified”.
But, are those 3rd party components part of a “controlled” inventory? Most probably, don’t.
...
...
...
...
...
...
...
.Net
...
- Nuget
...
- Nuget
...
Python
...
- PyPI
- GitHub
...
- PyPI
- Requirements (txt file with declared deps)
...
Swift
...
- Cocoapods
- GitHub
...
- Podspec
- Package
...
Php
...
- Packagist
...
- Composer
From these sources, Kiuwan Insight builds the Components Inventory of your application.
Info |
---|
Components Inventory is accessible trough Insights >> Components tab. |
Insights >> Components
Insight >> Components tab displays Components Inventory:
- Overall Information on Components – aggregated information on number and type of components
- List of Components – detailed listing of components
- Component detail – detailed information on selected component
Overall Information on Components
- Number of components by language
- Number of components by Security Risk level (High, Medium, Low and None)
- Alerts :
- Components with High Security Risk
- Components being used with different versions that might be cause conflicts
- Etc.
List of Components
Kiuwan Insights provides a full listing of all those components being used by your application.
For every 3rd party component, you will have access to detailed component information such as:
- Component name and description
- Used version(s)
- Its filename (i.e. physical container) (.jar, .dll, .js, etc)
- Programming language
- Obsolescence risk (see XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
- License risk (see XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
- Security risk (see XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
Security risk
Info | ||
---|---|---|
| ||
A component’s Security Risk is based on CVSS v2 Base Scores (Severities) of its vulnerabilities:
|
...
Obsolescence risk
Info | ||
---|---|---|
| ||
A component’s Obsolescence Risk is a measure of the risk level relative to:
Both values are combined in the Obsolescence Risk to provide a value of the risk associated to using outdated or “dead” components. |
...
License risk
Info | ||
---|---|---|
| ||
A component’s License Risk is a measure of the risk level relative to legal implications of used components’ licenses. |
Please visit XXXXXXXXXXXXXXXXX for further information on Licenses.
...