The software package inventory provides a consolidated workspace for investigating dependency context and remediating supply chain security issues.
Select a software package row in the table to open its side panel.
Ask the AppSec AI Agent
From the Software Packages table, right-click a software package > Open in Agentic Assistant > select Application Security from the agents menu, and query package-specific insights (for example, vulnerability summaries, risk posture, or remediation guidance). This action is also available from the software package side panel.
Explore dependency context and lineage
Navigate through the following tabs in the side panel to review the package context and trace its impact across the supply chain:
Overview tab: Displays a high-level summary of the package details alongside the severity breakdown of CVE vulnerabilities associated with the software dependency
Applications tab: Displays the business applications associated with the software package, inherited from the parent repository, including business criticality ratings and risk scores
Code tab: Displays the dependency tree visualization showing the dependency chain from root direct dependencies to the selected package, and highlights the package declaration in the manifest file
Code to Cloud tab: Displays the relationship graph visualizing the full lineage from the software package through the parent repository to deployed cloud workloads. For more information on Code to Cloud, refer to Code to Cloud.
Use the Code to Cloud graph to assess the blast radius of a package vulnerability by tracing which CI/CD pipelines build artifacts from the parent repository and which production container images consume the affected dependency
Investigate and remediate issues by category
To investigate security findings for a software package, you can click on issues or cases directly from the Overview tab. This navigates you away from the asset inventory to the main Cases or Issues pages filtered specifically by this package.
Alternatively, the side panel organizes issues into dedicated tabs so you can investigate and remediate without navigating away. Selecting a finding in these dedicated tabs opens an issue side panel to view detailed information, including the attack vector, impact description, and fix version recommendation.
Tab Name | Description |
|---|---|
Vulnerabilities | Displays CVE vulnerabilities detected in the software package by the SCA scanner, including the CVSS score, severity, and fix version recommendation. Refer to Software Composition Analysis (SCA) vulnerability issues for more information |
Package Integrity | Displays operational risk indicators like deprecation status and low maintenance activity, alongside license compliance violations. Refer to Package integrity issues for more information |
Execute asset actions
After reviewing the package health, you can perform the following operations from the Actions menu in the side panel or directly from the inventory table:
Open in Provider: From the Overview tab in the side panel, click the value under Repository to open the repository in the Repositories table which includes the software package for further investigation, such as assessing the business impact of the affected codebase
Open in GitHub: From the menu in the side panel, click the value under Repository to open the parent repository directly in GitHub to view the source code and manifest file where the dependency is declared
View asset data: Right-click on a row in the table and select View asset data to display package data in JSON or Tree View formats to assist with custom integrations or XQL queries