Dependencies
The Dependencies view includes a full n-level dependency tree for up to 50 SCA manifests, SBOMs, or Container images scanned. Each package in the tree may be selected to display information specific to the package, including package details, cryptographic information, issues, updates, introduction paths, and license information.
Only applicable for SCA, SBOM, and Container scans.
Scans may contain multiple Manifests, SBOM documents, or Container images. They will appear as top level items in the dependency tree. Selecting one, will show details about the item, including the number of dependent packages located, path information, and various settings used during the scan.
Search for specific packages using the Search Packages field.
Each Manifest containing the package will be highlighted in the dependency list. Navigate between each instance of the package with the up and down arrows. Expanding each manifest record will display a list of packages contained in the file, including all dependencies found within those packages.
Clear the search field to allow access to expand all other manifest records.
Packages marked with an issue icon (such as a Vulnerability) indicate that an issue has been identified in that package.
Issues will list any issues identified for the package (these will also appear on the Issues page).
Click Research to access the SOOS Package Research pages for additional information about the selected package.
A list of all Referenced Versions indicates all versions of the package included in the project, with a link to where they are found in the dependency tree.
Introduced By includes the introduction paths of each instance of the package, with links to the dependency tree location of each package in the path.
Packages with newer versions available will appear under Available Updates, update syntax for Manifest or CLI.
The License section will show details for the license(s) identified for the package, along with usage, options, and requirements for the license (these will also appear on the Licenses page). Use the Research link to view the SOOS License Research pages for additional information on the license.
Packages identified using a package mask will be marked as Internal (as seen below), and will not generate Unknown Package Issues.
