Searching for components

You can search for component versions used in your BOMs and/or components in the Black Duck KnowledgeBase (KB).

To search for components :

Click to open the Find page.
Do one of the following:
- Select the Components tab to find component versions used in your projects.
- Select the Black Duck KnowledgeBase tab to search for Black Duck KnowledgeBase components. Note that using the Black Duck KnowledgeBase tab to search for components will not display any custom components used in your projects. Use the Components tab to include these in your search results.
Type your search term in the Search field and/or optionally, select any filters, as described in the next section, "Using search filters".
Optionally, for component searches, save this search, so that the results appear on the Dashboard page.

The Find page displays the components that meet your search criteria.

You can also type your search term in the Search field located at the top of the application and press Enter or click . The Find page appears displaying the search results. Note that entering a global search term initiates a new search and resets any filters you previously selected. Select the Components or Black Duck KnowledgeBase tab and filters to refine the results, as described below.

Using search filters

Filters that appear depend on whether you are searching for components used in your BOMs or searching Black Duck KnowledgeBase.

For each filter:

Where necessary, click + to display the filter values; click – to hide them.
If you select more than one type of filter, Black Duck displays items that match all values. If you select more than one value for a specific filter, Black Duck displays items that match either value.

For example, if you use the License Risk filter and select high and medium, the search results display all components that have high or medium license risk. if you select a high License Risk filter and a critical Security Risk filter, the search results display only those projects that meet have a high license risk and critical security risks.

KnowledgeBase filters

Use the following filters to narrow your results when searching Black Duck KnowledgeBase:

Primary Language. Primary language in which the component is written. The filter displays the list of available languages in descending order of frequency of use in components.
Tags. Available for all components that have tags applied to them to provide additional metadata about the component.
Commit Activity. Represents the trending commit activity level for the open source component over time.

Note: Primary language, tags, and commit activity information is provided by Black Duck Open Hub.

Component filters

Use the following filters to narrow your results when searching components used in your BOM:

Component Intelligence. Check to display all components containing suspicious events or incidents where it is highly likely that malware or malicious code has been identified. See Operational Risk for more information on Component Intelligence.
Security Risk. Select one or more security risk levels.
License Risk. Select one or more license risk levels.
Operational Risk. Select one or more operational risk levels.
First Detected. Date when the component was first detected by Black Duck (such as by scanning, being manually added to a BOM, and so on).
License. Select a license from the list.
License Family. Select a license family from the list.
Missing Custom Field Data. Select to view the components and/or component versions which have required custom fields and are missing data.
Released. Date when the component was released according to the Black Duck KnowledgeBase.

About the search results

Search results show all components that meet your search criteria.

Black Duck KB component search results

The following information is shown for each KnowledgeBase component that meets your search criteria:

Select the component name to open the Black Duck KB Component Name page.

View the number of project versions that use this component as shown by the value next to Used By.

Select Project Versions to open the Where Used dialog box.

This dialog box lists the projects that use a version of this component.


Column	Description
Project	Name of the project and version that uses this component. Select the project name to display the project version's Components tab.
Phase	Project Phase.
Component Version	Version of this component used in this project version.
Security Risk	Lists the vulnerabilities for each severity level, from left to right: Critical, High, Medium, and Low. Select a value to display the Security tab of Black Duck KB Component Name Version page, which lists the vulnerabilities associated with this version of the component.

For each component, the search results show:
- Commit Activity.
- Last commit date.
- Total number of versions for this component.
Select Tags to view the tags for this component.
The URL in the upper right corner is the URL for this component.

Components search results

The following information is shown for each component in your BOM that meets your search criteria.

Select the component name/version to display the Component Name Version page.

View the number of project versions that use this component version as shown by the value next to Used By.

Select Project Versions to open the Where Used dialog box.

This dialog box shows the project versions that use this version of the component.


Column	Description
Project Name	Name of the project and version that uses this component version. Select the project name to display the project version's Components tab.
Phase	Project Phase.
License	License for this component version.
Review Status	Whether this component has been reviewed in this project version.
Security Risk	Lists the vulnerabilities for each severity level, from left to right: Critical, High, Medium, and Low. Select a value to display the Security tab of the Black Duck KnowledgeBase Component Name Version page, which lists the vulnerabilities associated with this version of this component.

Use the bar to quickly see the number of components with the highest policy severity level.

Select the bar to see the number of components with policy violations by severity level:

Note: A component is only counted once with the highest policy severity level, not all policy severity levels affecting this component.
Use the bar to quickly view the number of components with the highest level of license risk.

Select the bar to view the number of components in each risk category.
View the operational risk for this component version:
View the number of vulnerabilities by severity associated with this component version. The Last Vuln date is when a vulnerability for this component was last updated in Black Duck (by the Black Duck KnowledgeBase or a user).

Select a value to display the Security tab of the Black Duck KB Component Name Version page, which lists the vulnerabilities associated with this version of this component.
For each component version, the search results also show:
- Approval status. Status indicates whether this component version has been reviewed.
- First detected date.
- Date this component version was released.
- Number of newer versions.
- Date when a vulnerability for the component was last updated in Black Duck (such as updates from Black Duck KnowledgeBase, a user manually changing the associated vulnerability, and so on).
View the number of results found and the time the database was last updated:

Sorting the search results

Optionally, you can sort the results that appear on the page by selecting a value from the Sort by list:

Note that if you sort the results and save this search, the Dashboard page displays the saved search in the sorted order.

Exporting to CSV

You can export your search results to CSV which converts the individual rows to tabular data. To do so, click the Export CSV button button and select CSV.