Versions Compared

Old Version 18

changes.mady.by.user Michelle Friedman

Saved on

compared with

New Version Current

changes.mady.by.user Michelle Friedman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Overview

The Due Diligence Report enables you to view due diligence information on each open-source library for the selected scope, in order to comply with appropriate legal requirements.

NOTE: A few closed-source licenses are still currently supported in order to avoid altering existing data.

Accessing the Report

  1. From the main menu, select Reports > Due Diligence. The Due Diligence Report page is displayed.

  2. Select the scope for which the report should be created. The default scope is Organizational; however you can select any individual product and/or project for your data scope from the dropdown menus next to the report name. Do as follows:

    1. Open the All Products dropdown menu and select the product on which you want to base the report. 

    2. If you want to base the report on specific projects, open the All Projects dropdown menu and select one or multiple projects in the selected product.

    3. If you want to include a custom attribute in the report, open the Select Custom Attributes dropdown menu, select the attribute's context (Organizational, Product or Project), then select the custom attribute. A new column will be displayed in the table with the custom attribute's name as its title, and the value per library (if defined).

  3. To further filter the report in order to view properties with a specific value, do the following:

    1. Expand the Filter area, select a property and enter a value by which to filter.
      Property options are: License (default), Risk, Library, Copyright, Project and Product.

    2. Click Filter.

  4. Select at least one License Type - by default, they are all selected:

    • Open Source

    • Closed Source

    • Unknown

  5. Click Apply and wait for the data to load into the report table.

The Due Diligence Report is generated.

...

Understanding the Report Data

The Due Diligence Report provides the following columns of information:

  • License: The name of the license for the library

  • License Type: The type of license (Open Source, Closed Source, Unknown)

  • Risk: The license copyright risk score. For details, see Risk Score Attribution.

  • Library: Name of the open source library. Click the library name to be forwarded to its Library Details page.

  • License Reference: Includes an indication as to where the license was found

  • Copyright: The range of years for the library's copyright

  • Homepage: Link to the homepage of the library

  • Author: Name of the author of the library

  • Project: The project where the library is used

  • Product: The product where the library is used

  • Custom Attribute: Displayed only if a custom attribute was selected in Select Custom Attribute in the scope area. For details, see Setting Custom Attributes.

  • Level: The level of the license, root or nested

Exporting the Report

To export the report, click the Export dropdown menu at the top right corner of the report, and select the required export format:

  • Excel

  • JSON

  • XML

The exported report will reflect the selected scope (organization, product, or project) and filters.

For examples of exported report types, see https://whitesource.atlassian.net/wiki/spaces/WD/pages/1897922806/Copy+of+Working+with+WhiteSource+Reports#Exporting-a-Report.This page is available at: https://docs.mend.io/bundle/sca_user_guide/page/the_due_diligence_report.html