The Alerts tab displays the Library Alerts view within the relevant context (organization, product or project). It provides all the alerts regarding the specific library, such as Policy violations, Vulnerabilities, New available version, and so on.
Attributes & Notices
The Attributes & Notices tab displays the following:
Custom Attributes: Documenting usages of this library in your project or the home page for the library.
Notices: General comments on the library.
Versions & Trends
The Versions and Trends tab displays the following:
Known Versions: View any known versions of the library. In addition, you can compare the current and older versions of the library.
Vulnerability:View library security trends for a specific library across different versions, color-coded according to severity (red, orange, or yellow). Do any of the following:
In Versions, expand a library's version for general information about its security history across different versions. This information contains a link to the library's CVE page.
Filter a version for high, medium, or low severities, or no vulnerabilities at all. To do so, click the version's selector icon and select the required filter.
The Aggregated Data tab displays vulnerabilities, licenses, policies, violations and library information for the dependent libraries. Users must select the product and project scope first. This information is unique, in other words each combination of vulnerability+library will be displayed just once, and similarly for violations and licenses.
Aggregated Licenses: Displays aggregated data for licenses for direct and transitive dependencies. The number in parenthesis displays the aggregated number of licenses.
Aggregated Policies: Displays aggregated policy violations data per project, with policy name, library, and creation date. The number in parenthesis displays the aggregated policies data.
Aggregated Library Vulnerabilities: Displays aggregated direct and transitive vulnerability information for the library. The number in parenthesis displays the aggregated library vulnerability data.
Additionally, context-based selection is available, depending on how the user arrived at the screen:
If the user arrived from the Project page, the product and project are selected.
If the user arrived from the Product page, the current product (if the user reached this screen from a product) and the last viewed project are selected
If the user arrived from a general view (i.e., a report or search, without a context), the last viewed product and project are selected.
To access Impact Analysis, from the library's name on top, click View Impact Analysis.
Impact Analysis provides better control of the libraries you use and greater understanding of the popularity factor of each library. You can view how the library is being used within your organization, in which projects those libraries are used and whether they are direct or transitive dependencies, and which project has a library as a dependency and under which library.
To see the full dependency tree path that led to the library, from the Impact Analysis screen, click Dependency Path.