The Third-Party Components tab lists all the third-party components in your applications, and provides version, usage, license risk, and known vulnerability information.
The list of components shows the filename and an at-a-glance view of the severity of each vulnerability that Veracode found in each component. The Count column shows you how many times a component is used across all of your applications. The License column details the first license Veracode found for the component, and a risk rating Veracode assigned for the license.
Use the filter to find components by CVE ID, number of affected applications, blocklist presence, component name, severity, or any combination of these filters. If you sort by number of known vulnerabilities by severity, the components in the grid are sorted by total severity. If you switch tabs after filtering data, the filter sorts the content in the new tab unless you clear the filter. The Blocklist switch is only visible to users with the Security Lead role.
- Other Versions: A list of all known versions of this component, an indication of whether that component is currently in your application portfolio, and the known vulnerabilities in that component.
- Vulnerabilities: The list of vulnerabilities in this component as well as its severity, CVE ID, CWE ID, and description.
- Dependent Applications: This tab lists any applications that contain this component, the policy associated with that application, and a color-coded shield icon that indicates if the application is in compliance with its policy.
Additional component details, such as vulnerable methods and dependency graphs, are available through agent-based scanning.
Adding Components to a Blocklist
When reviewing the components that comprise a software application, you can add any component that contains an unacceptable vulnerability to the blocklist. You must have the Security Lead role to add components to the blocklist.
- Go to .
- Find the component that you want to blocklist, and in the Blocklist column, move the switch from OFF to ON.
- Optionally, in the Blocklisted Component window, you can enter the remediation advice you want to provide for fixing the vulnerability.
- Click Save.
You can change the remediation advice for any component at any time by clicking
Edit at the end of the remediation advice line, and changing the
text in the Blocklisted Component window.
Use the filter function to list applications by CVE ID, component, application name, or any combination of these filters.