Lookup Component Window
The Lookup Component window is displayed when you click Lookup Component within the context a inventory item, with the purpose of letting you search for a new component-version-license instance to associate with the inventory item. The search is performed against the Code Insight Data Library to locate components that meet your criteria. The search results in a list of components, each component displayed with a set of details and a list of its available version-license instances.
Once you locate the desired component, you can select the appropriate version-license combination to associate with your inventory item. Alternatively, you can create your own instance. (Any custom version-license instances created for a component are made available at the system level for association with inventory in other projects.) If no component meets your criteria for the inventory item, the Lookup Component window provides access to a feature that lets you create a custom component.
| Category | Column/Field | Description | |
|---|---|---|---|
| Search controls | Use one of these fields to enter the criterion by which to search for a component to associate with an inventory item or to serve as a basis for creating a custom component. | ||
| Search by | Select the method by which to search components or to create a new component. | ||
| Keyword | Select this option to search by component name. In the Keywordfield, enter a single string within the component name. The search is case-insensitive and thus filters to all component names containing the Keyword criterion, no matter the upper or lower case used in the criterion or in the actual component name. If you are creating a new component, the string is used to pre-populate certain fields in theNew Custom Componentwindow. See theCreate New Component description. | ||
| URL | Select this option to search by the URL of the third-party forge where the component is found. For the URLvalue, enter the complete forge path, such ashttps://github\.com/jquery/jquery, or a string in the path, such asjquery\.The search is case-insensitive, so the results will include all components with a matching forge path or path string (whichever criterion you entered in the URL field), no matter the upper or lower case used in the criterion or in the actual component path. If you are creating a new component, the URL is used to pre-populate certain fields in theNew Custom Componentwindow. See theCreate New Component description. | ||
| Forge | Select this option, and then select the forge (and project repository) by which to search components. If you are creating a new component, the selected forge is used to pre-populate certain fields in the New Custom Componentwindow. See theCreate New Component description. | ||
| Search | Click this button obtain the search results. | ||
| Create New Component | Click this button to open the New Custom Componentwindow. Certain fields in this window are pre-populated with values based on the criterion you entered on theLookup Componentwindow. For information on creating a custom component, see Creating and Editing Custom Components. | ||
| Search results | The results of the search is a list of components, each component with a set of details (see Component details) and a list of available version-license instances to which you can associate with the current inventory item (seeVersion\-license instances). The following describes the information shown for each component listed. | ||
| Component details | The details for a given component can include the component’s product logo, Component URL, Source Repository URL, vendor content describing the component, and a link to the actual OSS or third-party product. It also includes the following component details from the Code Insight Data Library. | ||
| Component | The name of the OSS or third-party component and its internal ID, as identified in the Code Insight Data Library. | ||
| Possible Licenses | License candidates that can be associated with this component. | ||
| Custom Component | The YesorNovalue, indicating whether the component is custom (created by a user) or provided as part of the Code Insight Data Library. | ||
| CPE | The list of CPE names—from the National Vulnerability Database—that are mapped to the component. CPE (Common Platform Enumeration) is a structured naming scheme that includes the component’s vendor and product names in the following format: cpe://<part>:<vendor>:<product> where <part> is eithera(applications),h(hardware platforms), oro(operating systems). The data provided represents only the part, vendor, and product; the version information is truncated from the CPE string. | ||
| Version-license instances | The information for each component includes a list of its available version-license instances. (To toggle between showing or hiding the list, click Show Versions/InstancesorHide Instances.) From this list, you can do any of the following: Select a given version-license instance to associate with the current inventory item. Select a new license for a given instance. Register a new version-license instance for the component. Designate that the license newly selected for an existing instance (or for one being registered) be mapped to all future inventory created by the system for the component version. This type of license is known as a “user-preferred license”. Instances mapped to a user-preferred license are displayed with the icon. (See Specifying a User-Preferred License Mapping for more information.) If the component is custom, edit the component as needed. A bar graph is included with each instance to show its current security-vulnerability counts by severity level (if any). See Security Vulnerabilities Associated with Inventory for details. | ||
| Use This Instance | Click this button to associate the version-license instance with the inventory item you are currently creating or editing. You are directed back to the inventory item, now showing the new component-version-license association. You can also select a different license for the instance from the Selected Licensedropdown. See theRegister New Instancedescription below for further details. | ||
| Register New Instance | Click this button to add a new version-license instance to the component. From the Versiondropdown list, select an existing version associated with this component (as stored in the Code Insight Data Library), or create your own version. From theSelected Licensedropdown list, select a license to associate with this component. See Specifying a User-Preferred License Mapping for information about what happens depending on the type of license you select. You cannot create a custom license from the Lookup Component window to associate with a component version. However, you can create a custom license for the inventory item after you have selected an instance or when you editing the item. Alternatively, you can create custom licenses from the Policy Details window or from the Licenses tab on the Global Component & License Lookup tab. For more information, see Creating a Custom License. New instances are made available at the global level for use by inventory in other projects. | ||
| Edit Custom Component | (Available if the component is custom) Click this button to open the Edit Custom Componentwindow to update the component properties. For information on editing a custom component, see Creating Custom Component Versions. | 
See Also
Using “Lookup Component” to Search for Components to Associate with Inventory
Specifying a User-Preferred License Mapping
Security Vulnerabilities Associated with Inventory