SCA Projects
The SCA Projects view lists software composition analysis projects and their security metrics. Use it to find projects by name or version and see risk scores, vulnerability counts, and policy violations at a glance.
Projects Tableβ
A search bar at the top lets you search projects by name or version. The table shows one row per project (or per project version) with these columns:
- Project Name β Name of the project (e.g. codebase or application).
- Version β Version or branch (e.g.
master,main,1.0.0). - Latest β Indicates whether this version is the latest.
- Classifier β Type of project:
APPLICATION,LIBRARY, or other. - Last BOM Import β Date and time of the last Bill of Materials (BOM) import.
- BOM Format β Format of the BOM (e.g.
CycloneDX 1.6). - Risk Score β Numerical risk score for the project.
- Active β Whether the project is active (e.g.
Active). - Vulnerabilities β Count of vulnerabilities; often shown with a horizontal bar (e.g. green when zero).
- Policy Violations β Count of policy violations; same visual style as vulnerabilities.
You can change which columns are visible using the Columns control (e.g. "Columns 10") and use pagination at the bottom (rows per page, e.g. 25; navigation for pages).
Project Detailsβ
When you click a project row, you open Project Details for that project. The breadcrumbs show Security > SCA > Projects > Project Details.
At the top you see the project name (e.g. edp-codebase-operator), a branch/version dropdown (e.g. master), and a View in Dependency Track link. A summary row shows vulnerability counts by criticality: Critical, High, Medium, Low, Unassigned (each with a count).
Tabs let you switch between:
- Overview β Vulnerability trend graph, summary cards (Critical, High, Medium, Low, Unassigned, Risk Score), and policy violations by state and by classification.
- Components β List of components (dependencies) with counts.
- Services β Services associated with the project.
- Dependency Graph β Graph view of dependencies.
- Audit Vulnerabilities β Vulnerabilities pending or audited.
- Exploit Predictions β Predicted exploits.
- Policy Violations β Policy violations with breakdown by criticality.
Overview Tabβ
- Project Vulnerabilities β Metadata (Last BOM Import, Last Vulnerability Analysis, Last Measurement), a vulnerability trend line chart over time by severity, and summary cards for Critical, High, Medium, Low, Unassigned, and Risk Score.
- Policy Violations by State β Chart or list of violations by state (e.g. Fail, Warn, Info).
- Policy Violations by Classification β Breakdown by classification (e.g. Security Risk, License Risk, Operational Risk) with counts and percentages.