CAST HIGHLIGHT - SCA - How to verify if any file is open source and has SCA results?

In Highlight there is a way to determine if a file is open source or not and if there is a SCA result associated with it. 

Details

In the MANAGE PORTFOLIO > MANAGE COMPONENT CATALOG>COMPONENT CATALOG tab browse and select the file from your system. CAST Highlight will automatically display the component corresponding to the fingerprint you submitted.

component_1.JPG

This search method is probably the most accurate as it relies on the unique fingerprinting mechanism of third-party artifacts. CAST Highlight currently references 8+ billion unique fingerprints.

 

NB:  The component catalog gets populated when an application with that component in it has been analyzed.  If no application on that Highlight instance has that component, then it will not show up in the catalog on that instance. Only those dlls that are related to the 3rd party components that are scanned into Highlight database are recognized.  Custom or application specific dlls are not going to be recognized. Please refer How Open Source component detection works

 

For more details please refer 

Feature Focus: Preventing the Use of Risky OSS Components Across the Enterprise

Feature Focus: How to manage third-party components and vulnerabilities in SCA results  

CAST HIGHLIGHT - SCA - How to exclude a third party component

How Open Source component detection works

CAST HIGHLIGHT - SCA - How to locate and find out the known vulnerabilities and license compliances of a component?

Ticket

26828, 41687

 

Have more questions? Submit a request

Comments

Powered by Zendesk