View libraries

There are multiple ways to view library information:

  • Select Libraries in the header to view a grid list of all libraries used by your organization. Select a library name from that list for more details.

  • You can also see library information for an individual application or server:

    • Select Applications in the header, then select an application name to see its details page. Select the Libraries tab.

    • Select Servers in the header, then select a server name to see its details page. Select the Libraries tab.

  • Select the small triangle at the very top of the libraries grid to filter the libraries view. You can also click on the magnifying glass icon to search for specific libraries.

    Image shows pull-down menu next to libraries header with options for filtering.

    The filters include:

    • All: Shows all libraries.

    • Vulnerable: Shows only libraries that Contrast identified as containing CVEs.

    • Private: Shows only commercial third-party libraries or custom-built libraries that Contrast discovered in your code.

    • Public: Shows only the open-source libraries that Contrast discovered in your code.

    • High risk: Shows only the libraries with a score of C or below.

  • You can also use the column headers with filters in the grid to filter by score, library and application. The libraries grid shows:

    • Score: Shown as a letter grade using this scoring guide.

    • Library: Hover over the name to view open-source license information. Click on a library name in the grid to go to its details page. There you can see a list of the applications and servers in which the library appears, as well as any vulnerabilities that Contrast has found within the library.

    • Latest version

    • Application: Lists applications using the library.

    • Vulnerabilities: Shows which CVEs are found in the library and can help prioritize remediation. Hover over the thermometer in the Vulnerabilities column. If vulnerabilities exist, they display in a list and color-coded by severity.

    • Usage: (Currently only supported for Java and .NET Framework.) Shows the total number of classes used at runtime out of the total number of classes that are in the library. If none of the classes have been used at runtime, this column shows "Unused." When your application loads a class, Contrast determines if it is being called from a location that matches a library file that Contrast has analyzed, if so the usage increases.

  • Select Show library stats above the grid to analyze library data for your organization. Each graphic displays the statistical average as well as breakdowns for each category, including library scores and the number of years by which they are high risk.

    A library is considered high risk if it has a score that is grade C or below.