| Table of Contents |
|---|
Overview
The WhiteSource Mend Home page provides immediate visibility of your organization’s open source inventory (open source files), together with potential security vulnerabilities, license compliance, and easy to understand dashboards.
The following type of information is displayed on the WhiteSource Mend Home page:
A dedicated summary count of system category alerts reported for a given Organization, Product or Project, including the total count of policy violations, versions, licenses, quality and security alerts.
An up-to-date overview of security risks and their severity for your components across all products (applications).
A list of the products and the number of projects and libraries per product. By default, the top 10 products with the most projects are displayed.
Detailed information about the product libraries (components).
License distribution data in which you can see the licenses resolution in your organization and check for licenses that might not comply with your company’s policy.
A list of unanswered update requests sent from the plugins regarding new libraries.
A list of update requests sent by the user from the plugins regarding new libraries.
NOTE: By default, all products are visible on the dashboard. If you want to prevent specific products from being seen by specific users or groups, you must update the product page.
Accessing the Home Page
The WhiteSource Mend Home page opens immediately after logging in to WhiteSourceMend. If required, you can change the default Home page that will be displayed when you log in.
...
To reset the initial home page, clear the Set as Home Page checkbox at the top right of the page.
Organization Alerts
The Organizational Alerts pane enables you to view a dedicated summary count of system category alerts reported for a given Organization, Product or Project, including the total count of policy violations, versions, licenses, quality and security alerts. Additionally, you can click each alert type to display an Alert View corresponding to its category, enabling you to perform selected actions on the listed alerts (e.g., ignore alerts).
...
Alert Type | Category | Description |
|---|---|---|
Policy | Violations | An alert is triggered upon meeting a condition inconsistent with defined policy. |
Libraries | New Versions | An alert is triggered for any scanned library found to be out-of-date (i.e., not having the latest version). |
Multiple Versions | An alert is triggered for any library that appears twice or more in different versions within a certain product. | |
Multiple Licenses | An alert is triggered for any library that has more than one license. | |
Rejected in Use | An alert is triggered for any library that created a request which was later rejected. | |
Security | Per-Library Alerts | The total number of libraries with alerts (regardless of project occurrences). For example, the alert count for a Product with two Projects where each features an alert for the same library will be "one" and will be displayed in one row noting two project occurrences. The color scheme is as follows: Red: The number of libraries with High maximum alert severity Orange: The number of libraries with Medium maximum alert severity Yellow: The number of libraries with Low maximum alert severity |
Per-Vulnerability Alerts | The total number of vulnerability alerts (e.g., a CVE alert). For example, the alert count for the same CVE recorded in three separate occurrences will be "one", and will be displayed in one row noting three occurrences. The color scheme is as follows:
|
Vulnerability Analysis
The Vulnerability Analysis pane provides an analysis of your organization’s vulnerabilities.
...
o Non-Effective: Non-Effective Vulnerability Index which reflects the relative portion of security alerts that are marked with a green shield.
Product Summary (Top 10)
The Top 10 Products section lists the products and the number of projects, number of libraries, number and severity of vulnerable libraries, and number of licenses per product. By default, the top 10 products with the most projects are displayed.
...
Clicking a library changes the License Distribution to reflect the selection, as displayed in the License Distribution pane.
License Distribution
This pane provides license distribution data in which you can see the licenses resolution for products in your organization, and enabling you to check for licenses that might not comply with your company’s policy.
...
Total number of license types for the product.
A pie chart showing the distribution of licenses. Hovering on a section in the chart shows the number of licenses of that type and its percentage out of all the licenses.
...
Pending Tasks
Pending Tasks display the unanswered update requests sent from the plugins for new libraries that are added to your inventory.
Clicking More.. directs you to the Organizational Pending Tasks page, where you can select one or multiple pending tasks, and then click More Information (relevant only in Vulnerability-based Alerts organizations). The Library Vulnerabilities and Licenses pop-up screen is displayed, enabling you to view the number of vulnerable libraries plus license information for the selected components.
...
User Requests (Requested by Me)
The Requested By Me table displays the update requests sent by the user from the plugins regarding new libraries.
...