OSS License Report

Select Reports in the navigation bar and choose “OSS License Report” from the dropdown.

The OSS License Report in CloudDefense provides a comprehensive overview of all open-source software (OSS) packages used across your organization's applications. This report helps you monitor the compliance and vulnerability status of each package to ensure adherence to licensing policies and maintain a secure software supply chain.

The OSS License Report displays a detailed list of all packages used across applications. Each package is equipped with the following information:

• Application where the package is used.

• Name of the package.

• Parent package, if any, that must be imported for the current package to work effectively.

• License(s) associated with the package.

• Version of the package used in the application.

• Vulnerability, indicates if the package has any known vulnerabilities.

• Compliance, displays the compliance status of the package:

  • Approved: The package is compliant with your organization's licensing policies.

  • Denied: The package does not comply with your organization's licensing policies.

  • Pending: The package is under review to determine its compliance status.

  • Unresolved: The package's compliance status has not yet been determined.

• The team managing the application where the license was used.

Export Data

You can apply filters through the search bar, and the left filter bar. The filter bar includes:

• Application: View vulnerabilities associated with specific applications.

• Teams: Identify vulnerabilities linked to particular teams.

• License Status: Filter by the compliance status (Approved, Denied, Pending, Unresolved).

After clustering vulnerabilities using the filters, you can export the data as a CSV file by clicking the CSV icon in the top right corner of the page.