CAST HIGHLIGHT - Results - SCA - License Risk - License risk information is different in different views of Highlight

License risk value of a component is shown to be having different values in different pages in Highlight.

 

For example in one case, the license “GNU General Public License v2.0 w/Classpath exception” is shown to be of High risk (red) in the SCA Overview  but the application SCA tab shows it in Medium risk (orange).

In Dashboards > Application Results > <Application> >Software Composition > License Compliance the risk level is shown to be orange ie medium for the license “GNU General Public License v2.0 w/Classpath exception”. 

1.jpg

In Dashboards  >Software Composition > License Distribution View the compliance risk for the license “GNU General Public License v2.0 w/Classpath exception” is shown as medium or orange. In the same page  the compliance risk for the license “GNU General Public License v2.0 w/Classpath exception” is  shown as red.

2.jpg

3.png

 

 

Details

License risk Compliance is stored in 2 places.

  • In the application scan results: the compliance is the one present at scan date (this information might be impacted by license profile).
  • in software component definition: compliance is defined & updated by CAST 

In the above case, the scan has been done when compliance was "high" so stored at that point in time and shown High on screen showing aggregated information for the application.

On application detail, we list the components used by the application and show the current information for the component (that is based on CAST profile unless for the particular company a custom profile is set)

 

Solution

The data shown is from the most recent scan and if the license profile or information has been updated since the most recent scan then the license data shown may be inconsistent with other screens that will show updated license information.

A portfolio or application recompute (or rescan) will resync the results.

Performing regular analyses of applications will avoid any of these issues, so that applications always are shown with the most updated information.

 

Ticket

47041

 

Related Pages

Open Source License Rulebooks

How OSS licenses are mined and detected in Highlight’s Software Composition Analysis feature

 

Additional Resources

CAST Highlight Troubleshooting Guides

CAST Highlight Product Documentation

 

 

Have more questions? Submit a request

Comments

Powered by Zendesk