Searching for Components
At the top of the Components module you can enter a variety of parameters to search for specific components. Click search to run the query.
|A free-text term to search for in the name of the component|
|Specifies when the component was last modified in Xray. You can select one of the preset time ranges, or specify a custom range.|
|Specifies whether you are searching for a Package, a Build or a File or|
|Restricts search results to the specified package type|
|Only components with vulnerabilities with the specified severity and above will be displayed|
The search results are displayed in a table showing the following parameters
|Indicates if the component is a package, a build or a file|
|The name of the component|
|The latest version of the component where applicable ("files" don't have versions)|
|Indicates when the component was last modified in Xray (e.g., last indexed or status changed)|
|The number of issues detected in the component|
|Indicates the highest severity of any of the issues found for the component. "Normal" means no issues were found.|
To drill down and view the details about a component, click its name in the list of search results. The Component Details view is split up into three panels:
- Summary Strip
- Versions Panel
- Details Panel
The strip at the top of the Component Details view varies slightly depending on whether the component is a package, a build or a file, and displays a summary of the components most basic information.
For a package, the summary strip displays:
- The package type logo for quick and easy identification
- Latest Version: The latest version of the package that is available. The "Internal" version shows the latest version that is hosted by your Artifactory instance, and "Public" shows the latest version that is publicly available on the external web.
- Created: The package's creation date
- Last Updated: Last time the package was indexed or modified
- Status: The highest severity of any vulnerability found in the package
For a build, the summary strip displays:
- The logo of the CI server that ran the build with a link for direct and easy access to the build in Artifactory
- Status: The highest severity of any vulnerability found in the build
- Last Updated: Last time the build was indexed or modified
- Created: The build's creation date
- Latest Version: The latest version of the build that is available.
For a file, the summary strip displays:
- A file icon
- Status: The higher of the highest severity watch violation and highest severity of any vulnerability found in the file
- Last Updated: Last time the file was indexed or modified
- Created: The file's creation date
The Versions panel displays all the versions of the selected component that have been indexed by Xray. Select any of these versions to display detailed information about them. If publicly available versions of the selected component are available, Xray will display the Include Public checkbox. When set, Xray will also display those versions in the list, however, note that when selecting one of these versions, Xray may not be able to display additional information.
Select any version displayed in the Versions panel to get a list of issues detected in that specific version.
The details panel displays several details about the selected component including:
- Violations: These are violations to filters defined on a watch. They are only reported for the root component, not for its dependencies.
- Security: Known security vulnerabiliites for the selected component
- Licenses: OSS licenses used by the component
- Locations: Locations where the files of the component can be found
- Descendants: Components that the selected component includes (depends on)
- Ancestors: Components that include (depend on) the selected component
To focus on specific violations, you may filter the list displayed using the Filter by Summary field.
The Violations tab of the Details panel provides the set of versions that are infected with the violation. The set can include a range of versions and specific versions in any combination. For example,
"2.0ga, 2.0_rc9, 2.0_rc10, 2.0_rc11, 2.0.1, 2.1.0 ≤ version ≤ 188.8.131.52".
The Fix Versions tab of the Details panel provides remediation information for the violation. This field indicates in which version of the selected components the violation has been fixed giving you the opportunity to upgrade to that version and thus remedy the violation.
The Actions menu in the Details panel lets you perform the following actions on the selected component:
Scan for Violations: Scans the current component for violations
Assign Custom Issue: Lets you specify a custom issue and assign it to the component:
|A descriptive title for the issue.|
|The ID of the component to which the issue was assigned.|
|A more description of the issue.|
|The issue severity|
|The issue type|
|Allows you to add custom properties to the issue|
Assign a Custom License: Lets you assign a custom license to a component:
A license created by a user is tagged as a Custom license and can be deleted by users assigned with the Manage Components permission. The custom license is assigned to a specific version and is propagated to parent components and is part of their license list. It triggers an impact analysis and generates violoations in case it matches criteria of any existing Watches.
The new license is included in the scan the next time a security report is generated.
The Locations tab allows you to easily navigate from Xray directly to the component in Artifactory, by hovering over the component and clicking on More Info.
Getting Your Component License Reports
- Click Components and run the filter to search for your builds or required artifacts associated with the build.
- Click Licenses tab in the Details area.
- Click Export.
- In the Export as dialog, select the target report format: CSV or JSON.
The file is downloaded to your local drive.
CSV format report example
JSON format report example
To examine the details of a violation, click the violation in the list displayed on the Component Details panel to display the Violoation Details popup.
The Impact panel of the Violoation Details popup provides a list of all components which are impacted by this violation. Select any component in the list to view the full hierarchy of components affected.
Watch the Screencast
Watch this screencast to learn how to use Xray's component-centric navigation.