View dependency trees

When an open-source library is added to an application, all of the library's dependencies are also inherited. Some of these indirect dependencies may introduce vulnerable code into your applications. The Contrast CLI identifies all library dependencies and sends the data to Contrast, where you can visualize these libraries as a hierarchical dependency tree.

To display library hierarchy for your application, Contrast must have to access your application code at pre-compile time⁠—a different stage of the software development lifecycle (SDLC) than the Contrast agents collect. To do this, you must have installed and run the Contrast CLI for your applications.

To view an application's library dependency tree:

  1. Select Applications in the navigation bar.

  2. Select an application.

  3. From the application's Overview page, select the Libraries tab.

  4. Select the dependency tree  icon to view the analysis of your application.

  5. In this view, Contrast displays the dependency tree for your application's libraries based on the data collected by the Contrast CLI.

On the dependency tree, you can use the carets to expand sections for more information. A warning icon will show next to the library name if it has known vulnerabilities. View vulnerability details by clicking on the warning icon. You can also see a dependency tree's history by choosing a custom date.