Find component upgrade guidance

How to find upgrade guidance for the vulnerable components in a project.

After you run an SCA test, follow these steps:
  1. Go to Portfolio, select an application, select a project, and open the Components tab.
  2. Select a component.
    The Component Details tab opens. Find Upgrade Guidance on the right.

    Use the Component Origins dropdown menu to select different origins. Each origin represents a location (like GitHub, Maven, Linux distros, ... etc.) from which the same component is obtained.

    Note: If the component origin you select is a transitive dependency of another component in the project (in this example, org.apache.tomcat:tomcat-api:7.0.65 is a transitive dependency of org.apache.tomcat:tomcat-jasper:7.0.65), upgrade guidance is categorized. Use upgrade guidance under For Direct Dependencies to update the parent component.

    Upgrade Guidance may include:

    • A Short Term Recommendation: An upgrade that maintains the component's major version number.
    • A Long Term Recommendation: An upgrade that changes the component's major version number.