Skip to main content

View libraries

There are multiple ways to view library information:

  • Select Libraries in the header to view a grid list of all libraries used by your organization. Select a library name from that list for more details.

  • You can also see library information for an individual application or server:

    • Select Applications in the header, then select an application name to see its details page. Select the Libraries tab.

    • Select Servers in the header, then select a server name to see its details page. Select the Libraries tab.

  • Select the small triangle at the very top of the libraries grid to filter the libraries view. You can also click on the magnifying glass icon to search for specific libraries.

    Image shows pull-down menu next to libraries header with options for filtering.

    The filters include:

    • All: Shows all libraries.

    • Vulnerable: Shows only libraries that Contrast identified as containing CVEs.

    • Private: Shows only commercial third-party libraries or custom-built libraries that Contrast discovered in your code.

    • Public: Shows only the open-source libraries that Contrast discovered in your code.

    • High risk: Shows only the libraries with a score of C or below.

  • You can also use the column headers with filters in the grid to filter by score, library, and application. The libraries grid shows:

    • Score: Shown as a letter grade using this scoring guide.

    • Library: Click a library name in the grid to go to its details panel. This is where any known vulnerabilities (CVEs) that Contrast has found within the library will be listed along with a list of the applications and servers where the library appears.

      Use the filters to narrow the results:

      • Languages: Locate vulnerable libraries by a specific language

      • Licenses: View libraries by licensed applications

      • Environments: Helps to easily locate any vulnerable libraries in production

      • Servers: Find vulnerable libraries by server type

    • Latest version: Most recent library version.

    • Vulnerabilities: Shows the CVEs found in the library and can help prioritize remediation. Hover over the thermometer section to see the number of CVEs by severity. Click the thermometer to open the details panel. If vulnerabilities exist, they display in a list and are color-coded by severity. Vulnerabilities with the critical severity status appear at the top of the list and are coded red.

      critical severity thermometer
    • Application: Lists applications using the library.

    • Usage: Shows the total number of classes used at runtime out of the total number of classes that are in the library. If none of the classes have been used at runtime, this column shows "Unused." When your application loads a class, the Contrast agent reports usage. If the class has not been used before, the usage increases. Click the number to analyze the library usage. There you can see information on classes loaded as well as the risks and policy violations associated with the library.

    • Status: (Contact Support to request enabling this column if not visible for your organization). Visible under the Applications > Application name > Libraries tab. There are three types to view/apply:

      • Not a problem: This library has vulnerabilities that are acknowledged and the risks are acceptable or the library is not used.

      • Remediated: The vulnerable library has been remediated.

      • Reported: When a library with vulnerabilities is detected by Contrast.

  • Select Show library stats above the grid to analyze library data for your organization. Each graphic displays the statistical average as well as breakdowns for each category, including library scores and the number of years by which they are high risk.

    A library is considered high risk if it has a score that is grade C or below.