Threatrix Documentation
Threatrix
  • Getting Started
  • Developer Quick Start
  • SecureShip
    • Artifactory Scanning
    • ThreatAgent Scanning
  • Threat Center
    • Creating Account
      • OAuth Login
    • Entity Dashboard
    • User Profile
  • AICertify
    • Reviewing Results
  • codecertify
    • Quick Start
    • Project Summary Tab
    • Components Tab
      • Custom Components
        • Adding
        • Editing
        • Important Notes
      • Header Panel
      • Module Tree Panel
      • Results Panel
        • Card View
        • Risk Graph View
      • Audit History
    • Assets Tab
      • Custom Asset Matches
        • Adding Asset Match
  • securecore
    • Project Dashboard
    • ThreatScan
    • Scan Results
  • Threat Agent
    • Threat Agent Overview
    • Threat Agent - Installation & Scanning
    • Scan Summary Reports
    • Resolving Errors
    • Scanning Container Images
  • Integrations
    • Dependency Managers
      • RENV
    • Build Integrations
      • AWS CodeBuild
      • Azure DevOps
      • Bitbucket Pipeline
      • CircleCI
      • GitHub Action
      • GitLab Pipeline
      • Jenkins Pipeline
    • SCM Integrations
      • GitLab
      • Bitbucket
    • Issue Management
      • Jira
    • Notifications
  • Policy Management
    • Policy Overview
    • Creating Policies
    • Policy Conditions
    • Policy Actions
    • Policy Scopes
  • Administration
    • User Management
    • Organization Settings
      • Organization Knowledge Base
      • Integration
        • Slack Integration
        • Jira Integration
        • Service Keys
    • RBAC
    • Entity Management
    • Okta
      • Okta Org2Org Integration
  • GraphQL API
    • API Overview
  • Resources
    • Dependency Managers
      • PIP
    • Dictionary
    • Licenses
    • Security & Privacy
    • Binary File Support
  • Hybrid / On Premise
    • Getting Started
    • Installation
    • Upgrade
    • Setup
    • Cloud Data Disclosure
    • Troubleshooting
Powered by GitBook
On this page
  • License Details
  • Center Panel
  • Review Metrics
  • Component Type Metrics
  • Review All Section
  • Filter Section

Was this helpful?

  1. codecertify
  2. Components Tab

Header Panel

PreviousImportant NotesNextModule Tree Panel

Last updated 3 months ago

Was this helpful?

License Details

The license summary panel displays a unique list of discovered licenses based on the contents of data in the main panel. By default the root node of the project is selected which displays all discovered component licenses for all modules. However, selecting a module, node in the tree or a single file will filter the license list based on this context.

Licenses are organized by risk and the the pie chart displays the number of unique license sthat fall into a given risk category. Hovering over the pie chart will display the associated risk category.

License names can be displayed by clicking the document icon in the upper right corner.

Center Panel

Review Metrics

The top panel displays review status metrics to help your team determine the status of various artifacts during the review process. By default, all artifacts are pending review. The review status metrics are clicking and allow for the filtering of results by each status

  • A = Approved

  • R = Rejected

  • I = Ignored

  • P = Pending

Component Type Metrics

Threatrix detects two types of components during scans:

  • Dependencies: These are declared components and their transitive dependencies within discovered dependency files(ie, pom.xml, package.json, csproj).

  • Libraries: Libraries are standalone components that are discovered as part of the module scanning process. These are generally archives or binaries, such as nuget, jar, war, zip or rpm package that's an ordinary file.

Letters indicate the following values

  • D = Dependency

  • L = Library

Review All Section

Reviewing artifacts can be time consuming. We've made every effort to provide tools, filters and review actions that reduce the time necessary to review artifacts in CodeCertify. The top panel review actions allow you to review all artifacts currently visible in your main panel. This enables your team to filter by specific criteria and then review all matching artifacts with a single click.

Revert Last Action allows your team to rollback the last action that was completed.

Filter Section

Filters enable users to reduce the results based on factors that may help isolate risk to expedite the review process. User can filter on:

  • Component Name: Allows for filtering of components by component name. This filter uses the value entered for a similarity search and includes the component namespace, group and name. For example, a search for "amqp" will returns results like "amqp-client" or "amqpeter" or "cli-amqpbackend"

  • License Category: Filter components by various license risk categories including components with an "Undefined" license

  • Review status: By default, reviewed artifacts are not displayed. Use this toggle to display reviewed artifacts

  • Vulnerabilities: Filter by components that contain vulnerabilities.

Source components: You may also see components that are reflective of a source file that we deem to be a component. These are typically javascript discovered in HTML files that we determine to be a "release" of the component and therefore may contain vulnerabilities that would otherwise be unreported by other tools. These are currently categorized as a "Library" but may change in the future to allow customers to view these as standalone components. A full list of supported binaries can be

found here.