Understanding the component version information available from the Black Duck KB
On the Component Name Version page, the Details tab provides the following information:
-
Description.
-
Count of known security vulnerabilities.
-
Associated licenses.
-
Component links, if available.
-
Tags, if available.
-
Date this version was released.
-
Number of newer versions.
-
Approval Status of this version.
-
Date this component was last updated.
-
Commit activity and the trend for the component over the last 12 months.
-
Number of contributors for the component for the past 12 months.
-
A Where Used table which lists the projects and the respective versions in which this version of the component is used.
The table contains the following information:
| Column | Description |
|---|---|
| Project |
Name of the project that uses this version of the OSS component from Black Duck KB. Select the project name to display the Overview tab of the Project Name page which provides information on this project. |
| Version |
Version of the project that uses this version of the OSS component from Black Duck KB. Select the version to display the BOM filtered to display that component version. |
| Released | Date this version was released. |
| Phase | Development phase that this version of the project is currently in. |
On Black Duck KB Component Name Version page, the Security tab displays the list of vulnerabilities associated with this version of the OSS component from Black Duck KB.
This tab contains the following information:
| Column | Description |
|---|---|
| Identifier |
The identifier and value associated with this vulnerability. Select > in the table next to the vulnerability to view a brief description. Depending on the identifier, select to view the BDSA record or the CVE record. |
| Published | Date on which the vulnerability was published. |
| Overall Score |
Shows the Temporal score (for BDSA), or Base score (for NVD) and associated risk level. Hover over the Overall Score value to see the individual values.
The Temporal score represents time-dependent qualities of a vulnerability, taking into account the confirmation of the technical details of a vulnerability, the existence of any patches or workarounds, and the availability of exploit code or techniques. The Base score reflects the overall basic characteristics of a vulnerability that are constant over time and user environments:
Note: The Authentication value is not available for CVSS v3.x
scores.
The Exploitability score measures how the vulnerability is accessed and if extra conditions are required to exploit it, taking into account access vector, complexity, and authentication. The Impact score reflects the possible impact of successfully exploiting the vulnerability, considering the integrity, availability, and confidentiality impacts. |
The Cryptography tab shows information on component versions that have encryption algorithms. Click here for more information. This tab will only appear if you have Cryptography enabled on your Product Registration key.
The Origin IDs tab lists all known external IDs and Package URLs (PURLs) associated with a specific component version.
The Copyrights tab shows the copyright statements for this component version. Click here for more information.
The Settings tab shows details on this component version. Information shown here also appears on the Details tab.
Users with the Component Manager role can use the Settings tab to edit information for this KB component version.
-
Select Component Details to edit the release date, notes, and status for this KB component version.
-
Select License to modify the existing license or add a new license or group.
-
Select Custom Fields to edit any custom values or properties set by the Custom Fields Administrator.
Click here for information on editing component information and here for information on modifying a component version's status.
Users with the System Administrator role can use the Settings tab to edit the component version custom field information, as shown in the Additional Fields section.