License risk value of a component is shown to be having different values in different pages in Highlight.
For example in one case, the license “GNU General Public License v2.0 w/Classpath exception” is shown to be of High risk (red) in the SCA Overview but the application SCA tab shows it in Medium risk (orange).
In Dashboards > Application Results > <Application> >Software Composition > License Compliance the risk level is shown to be orange ie medium for the license “GNU General Public License v2.0 w/Classpath exception”.
In Dashboards >Software Composition > License Distribution View the compliance risk for the license “GNU General Public License v2.0 w/Classpath exception” is shown as medium or orange. In the same page the compliance risk for the license “GNU General Public License v2.0 w/Classpath exception” is shown as red.
Details
License risk Compliance is stored in 2 places.
- In the application scan results: the compliance is the one present at scan date (this information might be impacted by license profile).
- in software component definition: compliance is defined & updated by CAST
In the above case, the scan has been done when compliance was "high" so stored at that point in time and shown High on screen showing aggregated information for the application.
On application detail, we list the components used by the application and show the current information for the component (that is based on CAST profile unless for the particular company a custom profile is set)
Solution
The data shown is from the most recent scan and if the license profile or information has been updated since the most recent scan then the license data shown may be inconsistent with other screens that will show updated license information.
A portfolio or application recompute (or rescan) will resync the results.
Performing regular analyses of applications will avoid any of these issues, so that applications always are shown with the most updated information.
Ticket
47041
Related Pages
How OSS licenses are mined and detected in Highlight’s Software Composition Analysis feature
Additional Resources
CAST Highlight Troubleshooting Guides
CAST Highlight Product Documentation
Comments