Applications¶
An application represents all the source code projects that contribute to building your software. This could include multiple microservices, both the backend and frontend components, or various Maven modules. If you want to review whether an application is Open Source compliant, you need to consider all components which are needed for running the application.
Overview¶
The application overview shows an overview of important figures of the whole application. This means it aggregates all projects within the application.
Projects¶
The list of all projects in an application can be opened by selecting "Projects" in the second level navigation. A list of all projects which are part of the current application will be presented. For each application, the current default branch, the number of components, vulnerabilities (per severity) and licenses (per category) will be listed.
Source code is usually maintained in branches. Within Licensight all data which is presented usually refers to the default branch which is configured here in the projects. In general it is assumed that the default branch is named "main". If you want to change this behavior you can configure a different default branch for each project by selecting the configuration wheel next to the name of the project. Select the name of the default branch from the list of projects.
Services¶
Services can be manually maintained for an application. It is important to create a complete representation of an application which does not only consider the source code. External components such as a database also need to be considered when assessing compliance or vulnerabilities. This is why the "Services" section allows to add all components which are not part of the source code.
Licenses¶
The licenses section gives an overview of all licenses used within an application.
Policy Violations¶
In the policy violation section, it is possible to assign a policy to an application. After a policy has been assigned, a list of violations will be displayed. It is also possible to review decisions.
Vulnerabilities¶
The application might contain open-source components with known vulnerabilities. All known vulnerabilities will be listed here, details of the vulnerabilities (e.g. severity, fixed version etc.) can be reviewed in the detail page.
Components¶
In the component list, all open-source components which are part of the application can be reviewed. Details of the components will be shown in the detail page.
Reports¶
To create a report (such as an aggregated SBOM or a compliance report or the copyright notice) of a specific version of the application the report section can be used. All created reports will be archived.
Team¶
In the team section, it is possible to invite other users to the application. Refer to "Granting access to applications" to figure out which permissions are available.