CAST HIGHLIGHT - Results - SCA - Not recalculating OSS index and number of third party files on excluding a component

Follow

User logged in as a Portfolio manager during open source analysis, excluded a component GitForWindows, and was prompted that this change will be submitted to Portfolio Manager for approval. After approval the OSS index was not recalculated, nor those number of files were subtracted from the total number of opensource files. 

 

Workaround or Action Plan

  1. Log out and  log in back  again for the OSS index to be updated after approving the exclusions.
  2. Provide support with domain id as well as the application id of one of the items having the problem.

Any user role (except Result Viewers) can request a component exclusion at the application level from the Software Composition tab. To do so, click on the “ban” icon for a given component. Users will be asked to provide a reason for this component exclusion.

Since a component is potentially used in other applications, exclusions are managed through a dedicated screen available for Portfolio Managers only. This screen, available from MANAGE PORTFOLIO > Manage Component Catalog (in the ‘Component Exclusions’ tab) lists exclusion requests and impacted applications across the current portfolio. From here, the Portfolio Manager can cancel exclusions or validate them and re-process SCA results for the impacted applications. (i.e. removing components from application results but also re-calculating Open Source Safety scores).

Users can request the exclusion of a component that may have been incorrectly detected by CAST Highlight. This may happen in the case when the original component is not available on the Open Source forges Highlight crawls (Maven, Github, NPM, etc.). As a result, (see how component detection works in this article), CAST Highlight displays the oldest matching occurrence in the SCA database. In most cases, this happens for system libraries and proprietary or deprecated components

Reference - https://doc.casthighlight.com/feature-focus-manage-third-party-components-vulnerabilities-sca-results/

Vulnerability (CVE) Exclusions

 

Additional Resources

CAST Highlight Troubleshooting Guides

CAST Highlight Product Documentation

 

Zendesk Ticket Number 

26752

Have more questions? Submit a request

Comments

Powered by Zendesk