Add or modify components

Learn how to manually add components (and component origins) to your projects, and modify the components captured in your projects.

Overview

You can manually adjust a project's software bill of materials (SBOM) by adding and editing components. This allows you to:
  • Add components to your projects that aren't captured in tests.
  • Assess the risk of components before you use them.
  • Add different versions of components to your projects.
  • Select a specific component origin (for components with multiple origins).

Please note:

  • You can add any component found in the Black Duck KnowledgeBase™ to your projects.
    Note: If the component you wish to add doesn't already exist in the KnowledgeBase, you can submit a request to have it added.
  • Components you add manually are included in your SBOM by default.
  • Components you add manually can be triaged like other components.
  • It can take up to 60 minutes for changes (adding components, editing components, deleting manually-added components) to affect reports and dashboards.

Component activity log

Each time you add, modify, or reset a component, an event is captured in the component's Activity Log (which you can view when you triage the issue). See View component history (and activity log) for more information.

Add a component (or component origin)

Follow these steps to manually add a component or component origin to a project:

  1. Go to Portfolio, select an application, select a project, and open the Components tab.
  2. (Optional) If you're adding a component to a non-default branch, select the branch using the dropdown near the top of the page.
  3. Select Add Component.
    The Add Component window opens.
  4. Use the options on the Add Component window to identify the component, component version, or component origin you wish to add:
    Tip: To add a component origin, the Component and Version you select should already exist in the project/branch.
    1. Component: Enter the name of the component you wish to add in this field. As you type, similarly-named components appear. When you find the component you wish to add, select it.


      Note: If the component you're looking for isn't captured in the Black Duck KnowledgeBase™, you can submit a request to have it added. Select submit a request, and follow the instructions in Black Duck Community to submit a support case. When you submit your support case, select Black Duck KnowledgeBase using the Product dropdown.
    2. Version: Select the version of the component you wish to add.
    3. Origin (optional): Select the component's origin.
      If you don't select a value, No Origin Specified is used by default. You can use the Filter dropdown to limit values in the Origin dropdown to a specific external namespace.
    4. Comment (optional): Enter a comment that describes why the component was added.
      Tip: The comment you enter appears in the component's Activity Log, which can be viewed when the component is triaged.
    5. Select Add Component.
    A banner appears near the top of the Components tab, indicating the component is being added. After the component is added, select Refresh to update the list of components.
    Tip: Components you add manually have a match type value of Manually Added. If you add an origin to a component detected in a test, Manually Added is added to its match types. You can use the Match Type filter to quickly identify components that were added manually, and components with origins that were added manually.

Edit a component

To modify a component, follow these steps:

  1. Go to Portfolio, select an application, select a project, and open the Components tab.
  2. (Optional) If you're editing a component that only exists on a non-default branch, select the branch using the dropdown near the top of the page.
  3. Select the options icon at the end of the component's row and select Edit.
    The Edit Component window opens.
  4. Modify the component, as required.
    Important: When you modify a component captured in a test with multiple origins, if you select a specific origin, only that origin will be preserved. All of the component's other origins (and the issues associated with them) will be removed.
  5. (Optional) Select Only apply changes to this branch to only modify the component on the current branch. By default, changes you make are applied across branches in the project.
  6. Select Save.
    A banner appears near the top of the Components tab, indicating the component is being updated. After the component is updated, select Refresh to update the list of components.
    Tip: When you modify a component that you added manually, its match type value (Manually Added) does not change. When you modify a component captured in a test, its match type value changes to Manually Edited. You can use the Match Type filter to quickly identify components that were added manually, and edited components.
    Note: If you edit a component detected in both package manager and signature analysis tests, the component may have more than one origin after changes are applied.

Reset an edited component

After you modify a component captured in an SCA test, you can reset the component to its original state. To do so, follow these steps:
  1. Go to Portfolio, select an application, select a project, and open the Components tab.
  2. (Optional) If you're editing a component that only exists on a non-default branch, select the branch using the dropdown near the top of the page.
  3. Select the options icon at the end of the component's row and select Reset.
    The Reset Confirmation window opens.
    Note: You can only reset components with a match type of Manually Edited.
  4. (Optional) Enter a comment in the Add Comment field.
    Tip: The comment you enter appears in the component's Activity Log, which can be viewed when the component is triaged.
  5. Select Reset Changes.
    A notification appears, indicating the reset will be applied upon completion of the next test.
    Important: You must retest the project/branch in which the component is detected for the reset to take effect.

Delete a manually added component

To delete a component you added manually, follow these steps:

Important: Only the components you add manually can be deleted. When you delete a component, all issues and policy violations associated with the component are deleted, too.
  1. Go to Portfolio, select an application, select a project, and open the Components tab.
  2. (Optional) If you're deleting a component on a non-default branch, select the branch using the dropdown near the top of the page.
  3. Select the options icon at the end of the component's row and select Delete.
    The Delete Confirmation window opens.
  4. Select Delete Component to proceed.
    A banner appears near the top of the Components tab, indicating the component is being deleted. After the component is deleted, select Refresh to update the list of components.