Very less information is generated due to many partial information for spring.* related and other framework for an application with 32KLOC – small code base without DB, microservices oriented App.
Workaround or Action Plan
The versions were not indicated in the pom.xml so the mapping with a component version in SCA (first data table) is not possible.
For gradle projects dependency discovery in build.gradle files, Highlight parses these two structures:
- dependencies
- project.dependencies
Highlight doesn't parse "buildscript".
Dependencies can be discovered by Highlight during the scan as Highlight supports Gradle (https://doc.casthighlight.com/automated-framework-discovery/), otherwise, it is not possible to see any components even in the second data table.
A rescan with missing libraries is advisable.
Additional Resources
CAST Highlight Troubleshooting Guides
CAST Highlight Product Documentation
Zendesk Ticket Number
# 23966
Comments