Compare detected OSS components between application snapshots
Although high-level Open Source Safety score trends (Security, License and Obsolescence risks) give insights on how a development team is de-risking an application over time (e.g., upgrading components to reduce critical vulnerabilities and obsolescence), it is often necessary to get more detail on what has specifically changed between two scans, especially components and versions. Which risky components have been added to reduce the component security score? Which components have been effectively upgraded to a safer version? The SCA Component Comparison feature in CAST Highlight offers a fine-grained view on these changes. At the application level, under the Software Composition tab, click on the “Compare Components” button to open the comparison view and select two application snapshots you want to compare. The top table displays high-level SCA metrics (Open Source Safety score, Component Security score, number of vulnerabilities, etc.) for each snapshot and their corresponding differences.The second table lists and compares components between these snapshots:- Component name and version
- Status of the component compared to the other snapshot
- Added: this component was not detected in the compared snapshot
- Removed: this component was removed compared to the other snapshot
- Updated: this component was upgraded or downgraded compared to the other snapshot
- Detected vulnerabilities
- Show all components regardless of their status
- Show only components with a version change between the snapshots
- Show only added components
- Show only updated components (with a different version between the snapshots)
- Show only removed components
- Show only components having vulnerabilities
For reference only. For the complete details please refer the original article
https://doc.casthighlight.com/feature-focus-sca-advanced-snapshot-comparison/
https://doc.casthighlight.com/feature-focus-sca-advanced-snapshot-comparison/
Comments