Contents:
|
If you are a developer, you most probably will access to build systems where external components are “identified”.
But, are those 3rd party components part of a “controlled” inventory? Most probably, don’t.
Kiuwan Insight analyzes your application software, discovering all external dependencies, and builds a Components Inventory that lets you track of any external piece of code that could be part of your application. |
Kiuwan Insights uses the following resources to extract information on 3rd party dependencies. |
Supported languages | Supported repositories | Supported build systems |
Java |
|
|
Javascript |
|
|
.Net |
|
|
Python |
|
|
Swift |
|
|
Php |
|
|
From these sources, Kiuwan Insight builds the Components Inventory of your application.
Components Inventory is accessible trough Insights >> Components tab. |
Insight >> Components tab displays Components Inventory:
Kiuwan Insights provides a full listing of all those components being used by your application.
For every 3rd party component, you will have access to detailed component information such as:
A component’s Security Risk is based on CVSS v2 Base Scores (Severities) of its vulnerabilities:
|
Please visit CVSS v2 for further information on CVSS v2 Base Scores (Severities) of vulnerabilities.
A component’s Obsolescence Risk is a measure of the risk level relative to:
Both values are combined in the Obsolescence Risk to provide a value of the risk associated to using outdated or “dead” components. |
Please visit Obsolescence Risk for further information on Obsolescence Risk.
A component’s License Risk is a measure of the risk level relative to legal implications of used components’ licenses. |
Please visit Insights Licenses for further information on Licenses.
By clicking on a component, you will have access to the following information:
With Kiuwan Insights you can identify different versions of the same component used by your application. |
Below example shows that the analyzed application is incorporating two different version of ZKoss common library: 8.0.1 and 6.0.0
Most probably, this component duplication is not intended, and it’s something that would produce maintainability headaches when upgrading to a newer version of the library.