| Table of Contents |
|---|
Overview
| Info |
|---|
For customers with Security Alerts: View By Vulnerability enabled, note the following changes:
|
This document explains the main usages of Mend's Product dashboard.
The Product dashboard displays detailed information regarding a specific Product. The dashboard is accessed from the Products menu item of the main menu.
The Product dashboard's main goal is to provide the user with a view of the Products' open-source status. Clicking on the Products dropdown menu displays a sub-menu that includes a search mechanism for finding products, and the last ten products that were viewed.
You can also create a new product from this menu.
Product Actions Menu
The buttons above the dashboard enable you to perform various actions on the specific product.
...
The following actions can be taken:
...
Add Project: Add a new project to a product. NOTE: Projects names are case sensitive.
...
Policies: Create relevant policies for a specific product.
...
Compare to other Products: Compare the product information to other products in the organization. For details, see The Product Comparison Report.
...
Request History: Opens the Requests History report for the product. For details, see The Request History Report.
...
page
...
Modify the product name
Copy the product token
Add tags to the product
Delete the product
Product Alerts
The Product Alerts pane shows valuable information about actual library (component) alerts generated for a product.
...
For a detailed description of the alert type categories shown above, see here.
New Version Alerts
The New Versions category shows the number of alerts triggered for scanned libraries that were found to be out-of-date (i.e., not having the latest version).
Whenever an out-of-date library is located in the inventory, a new alert is generated and displayed in the Alerts report. To access this report, from the project or product pages, click the number in the New Versions panel in the dashboard.
The Alert shows the out-of-date library as well as indicating what is the new version.
NOTE: Multiple version alert(s) only apply to direct dependencies and not to transitive dependencies.
Vulnerability Analysis
The Vulnerability Analysis pane provides an analysis of your organization’s vulnerabilities.
...
Reported Vulnerability: Shows the library distribution based on the highest vulnerability severity – High, Medium, or Low.
Clicking on the pie chart launches the Security Alerts: View by Library screen, where you can review vulnerability statistics, such as the number of reported vulnerabilities and ignored alerts for a selected library, and ignore and activate (restore) a selection of vulnerability alerts associated with a library.Effective Vulnerability: Shows the vulnerability severity distribution based on an effectiveness indicator (i.e., shield).
You can select to view the effective vulnerability in two modes: Severity-based view (includes severity) or Effectiveness-based view.
Clicking on the Effective Vulnerability graph launches the Security Alerts: View by Vulnerability screen, where you can manage the alerts per vulnerability according to specific products/projects. For example, use this screen to ignore alerts of a specific vulnerability across all libraries in the selected scope.Library Statistics:
o Vulnerable: The total count of vulnerable libraries.
o Vulnerable & Outdated: The total count of outdated and vulnerable libraries (counts the libraries that have newer versions and include vulnerabilities).
o Outdated: The total count of outdated libraries (counts the libraries that have newer versions).
Analysis Statistics:
o Analysis Coverage: The percentage of analyzed libraries (excluding libraries marked with a grey shield) from the total count of libraries that can be analyzed.
o Effective or Non-Analyzed: Overall Effective Vulnerability Index which reflects the relative portion of security alerts that are not marked with a green shield.
o Non-Effective: Non-Effective Vulnerability Index which reflects the relative portion of security alerts that are marked with a green shield.
Project Summary
The Project Summary pane shows a list of all the projects and the number of libraries for each project. Clicking on one of the projects will display the relevant project page.
...
Libraries
The Libraries pane shows detailed information about the product’s libraries (components).
...
The following attributes are listed:
Library: Clicking the library name redirects you to the specific library page.
Licenses: The licenses that are associated with the library.
Occurrences: The number of occurrences of the library per project.
From the Actions dropdown menu in this section, you can perform the following actions on selected libraries in the list:
Set Attribute Value: Select an attribute and assign it a value that will be applied to all the selected libraries in the product.
Mark as In-House: Mark the selected libraries as In-House libraries. You also have the option to mark all instances of the selected libraries as In-House libraries.
Add to Whitelist: Add the selected libraries to the Whitelist libraries approved for usage by your company.
Assign License: Assign a license to the selected libraries from the License dropdown list. Enter a Liability Reference to explain why you chose this license and optionally, enter any additional comments. In License Text (Optional), you can manually override the text to your library's specific license text.
Request Resolution: Make a resolution request for the selected libraries according to License (default) and/or Copyright. Note that a resolution request only affects libraries which do not have assigned licenses or copyrights.
From the Export dropdown menu in this section, you can export the information to Excel/XML so it may be shared with others.
License Analysis
The product page also provides license distribution data in which you can see the licenses resolution in your organization.
The number of libraries in use and the number of different license types are also displayed.
...
Pointing to any part of the chart will show the relevant license.
Pending Tasks
Pending Tasks are a way to automatically create tasks for any new libraries added to your inventory. You can find them on the home screen or on the Product and Project dashboards. When enabled, any plugin request with a new library will create a task that will be assigned to the Default Approver (Admin > Assignments). Tasks are only created when the inventory is updated.
...
Clicking More… will redirect you to the Organizational Pending Tasks page, where you can view the pending tasks in greater detail.
In the Organizational Pending Tasks page, you can select one or multiple pending tasks, and then click More Information (relevant only in Vulnerability-based Alerts organizations). The Library Vulnerabilities and Licenses pop-up screen is displayed, enabling you to view the number of vulnerable libraries plus license information for the selected components.
Requested by Me
Requested By Me displays the user the update requests sent by the user from the plugins regarding new libraries. Clicking More.. will redirect you to Organizational Tasks page.
...
is available at: https://docs.mend.io/bundle/sca_user_guide/page/understanding_the_product_dashboard.html