Project Inventory
The following enhancements to project Inventory are now available:
Ability to View Inventory Item Dependency Graph
Starting in this release, a new field named Dependency graph has been introduced on the Inventory Details tab of the Project Inventory Details pane. This new field allows users to view the dependency graph for the selected or required inventory item (from the Project Inventory tab) via the Dependency Graph for <inventory item> window. The Dependency graph field displays one of the following values:
-
View Dependency Graph—This hyperlinked value appears only when the associated codebase has been scanned using either the first-level-dependency or transitive-dependency scan only, and the selected inventory item (from that scanned result) has been identified with relationships to other inventory items. Clicking the hyperlinked value opens the Dependency Graph for <inventory item> window, which displays the dependency graph for the inventory item—including all parent and child inventory item nodes—traversing the dependency hierarchy to the nth level.
-
N/A—This value appears only when the associated codebase has been scanned using the basic scan profile or when the inventory item does not have any relationships with other inventory items.
This enhancement provides you deeper insight into inventory item relationships, and improves traceability and analysis of third-party dependencies.
Using the dependency graph to traverse the dependency hierarchy to the nth level is supported only for inventory items that are generated from scanning the NPM, PyPI, and Gradle packages.
The following displays the Dependency graph field and Dependency Graph for <inventory item> window for a selected inventory item:
Dependency Graph for <inventory item> Window
For more information, see Project Inventory Details Pane in the Code Insight User Guide.
Enhanced Propagation of Usage Guidance Content for Rejected Inventory Items
Starting in this release, Code Insight automatically propagates the Usage Guidance content from each policy—defined in the Policy Details window—to the Usage Guidance pane in the Notes & Guidance tab for published inventory items on the Project Inventory tab, whenever an item is automatically rejected by one or more applicable policies. This enhancement enables the automated propagation of the Usage Guidance content of the following policies for an inventory item rejected by at least one of them:
-
Vulnerability Policies
-
License Policies
-
Component Policies
This ensures that reviewers have full visibility into the rationale behind the inventory item rejection, and clearly presents guidance from all applicable policies.
The following displays the Usage Guidance pane in the Notes & Guidance tab for a given published inventory item rejected by an applicable policy:
