In Highlight there is a way to determine if a file is open source or not and if there is a SCA result associated with it.
Details
In the MANAGE PORTFOLIO > MANAGE COMPONENT CATALOG>COMPONENT CATALOG tab browse and select the file from your system. CAST Highlight will automatically display the component corresponding to the fingerprint you submitted.
This search method is probably the most accurate as it relies on the unique fingerprinting mechanism of third-party artifacts. CAST Highlight currently references 8+ billion unique fingerprints.
For more details please refer
Feature Focus: Preventing the Use of Risky OSS Components Across the Enterprise
Feature Focus: How to manage third-party components and vulnerabilities in SCA results
CAST HIGHLIGHT - SCA - How to exclude a third party component
How Open Source component detection works
Ticket
26828
Comments