Dependencies
The Dependencies section contains information about project dependencies (libraries, packages, modules).
Dependencies Overview
Displays a list of all dependencies with key data:
- Name and Version
- Dependency Type
- Origin
- Security Issues (number of issues related to this dependency)
- Project (used in the listed projects)
Dependency Details
Selecting a specific dependency provides detailed information:
- Library Name
- Version
- Library Description
- PURL (Package URL)
- Licenses
Project Dependencies
For each project, the capability to view dependencies from SBOM reports is provided on the Dependencies tab. The main components are located on the Components tab. The generation of VEX reports based on SBOM is also available on the VEX reports tab.
Creating a VEX Report
❕ VEX reports are generated according to the CycloneDX standard in JSON format.
To create a VEX report, follow these steps:
- In the Projects → Project Name → Dependencies section, on the VEX Reports tab, click the Create VEX Report button.
- In the opened form, fill in the following data to generate the report:
- SBOM Files - select one or more SBOM files from the list of previously uploaded ones, on the basis of which the report will be generated.
- Report Metadata - a list of metadata for building the report, with the ability to specify specific product metadata (e.g., version, release, source, etc.). The following metadata are mandatory:
- Organization Name
- Organization URL
- Then click the Create VEX Report button.
After that, the report will be available in the list on the VEX Reports tab. To download the report, click the ⭳ button in the row of the corresponding report. The ability to delete a generated report using the 🗑 button is also provided.