In Highlight there is a way to determine if a file is open source or not and if there is a SCA result associated with it.
Details
In the MANAGE PORTFOLIO > MANAGE COMPONENT CATALOG>COMPONENT CATALOG tab browse and select the file from your system. CAST Highlight will automatically display the component corresponding to the fingerprint you submitted.
This search method is probably the most accurate as it relies on the unique fingerprinting mechanism of third-party artifacts. CAST Highlight currently references 8+ billion unique fingerprints.
NB: The component catalog gets populated when an application with that component in it has been analyzed. If no application on that Highlight instance has that component, then it will not show up in the catalog on that instance. Only those dlls that are related to the 3rd party components that are scanned into Highlight database are recognized. Custom or application specific dlls are not going to be recognized. Please refer How Open Source component detection works
For more details please refer
Feature Focus: Preventing the Use of Risky OSS Components Across the Enterprise
Feature Focus: How to manage third-party components and vulnerabilities in SCA results
CAST HIGHLIGHT - SCA - How to exclude a third party component
How Open Source component detection works
Ticket
26828, 41687
Comments