Software Packages
overview the software packages dashboard provides a centralized view of software packages and their associated vulnerabilities across applications and technical services that have been onboarded into devops intelligence the dashboard enables users to identify vulnerable packages, understand their severity and determine which applications and technical services are impacted, helping teams respond more quickly to security risks and remediation requirements with this dashboard, users can view the total number of software packages across onboarded applications and technical services identify packages that contain known vulnerabilities analyze vulnerabilities by severity level, including critical, high, medium and low search for a specific package and determine which applications and technical services use it review detailed vulnerability information for individual packages export package and vulnerability data for further analysis and remediation planning to use the software packages dashboard, the application and its associated technical services must first be onboarded into devops intelligence during onboarding, a connection is established to jfrog, which serves as the source of package and vulnerability data software packages page once onboarding is complete, devops intelligence collects package information from the selected repositories and artifacts, correlates that data with the associated applications and technical services and presents the results on the software packages page this page provides a centralized view of software package inventory and vulnerability data across onboarded applications and technical services the software packages page includes dashboard widgets and a detailed packages table that help users view the total number of software packages across onboarded applications and technical services identify packages with known vulnerabilities and analyze them by severity level, including critical, high, medium and low determine which applications and technical services are affected by a specific package vulnerability search for software packages and review detailed vulnerability information export package and vulnerability data for further analysis and remediation planning prioritize remediation efforts by identifying the applications, technical services and teams impacted by vulnerable packages to access the software packages page, follow these steps from the main menu , go to services → platform services → toolchain & pipeline → devops intelligence → secure → software packages software packages dashboards the software package dashboards provide a high level view of software package inventory and vulnerability data across onboarded applications and technical services the dashboard widgets help users quickly identify vulnerable packages, analyze vulnerability severity and focus on packages that require remediation selecting a dashboard widget filters the package table to display the corresponding package results the following dashboards are displayed on the software packages page total packages displays the total number of software packages identified across all onboarded applications and technical services this metric provides an overall view of the software package inventory being monitored in devops intelligence total vulnerable packages displays the total number of packages that contain one or more known vulnerabilities the widget also provides a breakdown by severity level, helping users assess the overall security risk across onboarded applications critical vulnerable packages displays the number of packages that contain critical vulnerabilities selecting this tile filters the dashboard to show only packages that require immediate attention and remediation high vulnerable packages displays the number of packages that contain high severity vulnerabilities selecting this tile filters the dashboard to show packages that present significant security risks and should be prioritized for remediation non vulnerable packages displays the number of packages that do not currently contain any known vulnerabilities this metric helps users understand the portion of their software inventory that is considered secure based on the latest scan results software packages table the software packages table provides a detailed view of software package inventory and vulnerability data collected from onboarded applications and technical services the table works together with dashboard widgets, allowing users to focus on specific package categories and quickly identify affected applications and services users can use the search field to locate specific packages within the current filtered results the following data is displayed in the package table package name the name of the software package identified within onboarded applications and technical services package type the package manager or package type associated with the software package versions the version of the software package currently detected in the application or repository license the software license associated with the package, helping users evaluate licensing and compliance requirements technical service identifies the technical service where the package is being used a package can be associated with one or more technical services select the technical service link to view additional details about the service if + view is displayed, the package is associated with multiple technical services select + view to display the complete list of associated technical services application the application that contains or uses the package, allowing users to determine where a package is deployed security champion the security champion associated with the application or technical service total vulnerabilities the total number of vulnerabilities identified for the package across all severity levels critical vulnerabilities the number of critical severity vulnerabilities identified for the package high vulnerabilities the number of high severity vulnerabilities identified for the package export software packages use the export option to download selected package records for further analysis, reporting, or remediation planning to export package information, follow these steps select one or more package records from the packages table export option becomes available after one or more package records are selected from the table click export to download the exported file containing the selected package information for further analysis or remediation planning