Library Management

SourceClear Software Composition Analysis

SourceClear Software Composition Analysis can manage the libraries that developers in your organization use in their code.

Library Catalog

The SourceClear library catalog contains a list of library versions that your organization has approved for use. You manage your libraries in the catalog.

There are two types of library catalogs: organization and personal. The organization catalog is global to all the workspaces within the organization. The personal catalog is visible only to the individual user who created it.

Adding a library to the catalog

From either the workspace libraries list or the project’s library list, you can select the row of a library and using the “Add to Catalog” button, add it to the organizations catalog. It is important to note, that only that singular version of the library will be added to the catalog and that only an organization admin will be able to add to the organization catalog.

Using the catalog

When a library is added to the organization library catalog, a few things happen. When in the workspace library list or the project’s library list, you can filter the libraries based on their approval status.

Additionally, if a library is not present in the organization’s catalog, there is a warning icon. Not all versions of a library may be added to the catalog, so the warning icon may be present on some, but not all of the entries for a single library.

Managing the library catalog

To view the full list of libraries that are currently in the organizations library catalog, navigate to organization settings then the “Library Catalog” tab found on the left hand side. Only organization admins will be able to access this page.

For each library present, the list will display the library name, the approved version, the number of High, Medium, and Low vulnerabilities present and the number of updated versions that exist after that version.

You can also filter the libraries based on library name, whether it is out-of-date and on if it has vulnerabilities. This is also the view where you can remove libraries from the library catalog.