Find component upgrade guidance
How to find upgrade guidance for the vulnerable components in a project.
- Go to Portfolio, select an application, select a project, and open the Components tab.
-
Select a component.
The Component Details tab opens. Find Upgrade Guidance on the right.
Use the Component Origins dropdown menu to select different origins. Each origin represents a location (like GitHub, Maven, Linux distros, ... etc.) from which the same component is obtained.
Note: If the component origin you select is a transitive dependency of another component in the project (in this example, org.apache.tomcat:tomcat-api:7.0.65 is a transitive dependency of org.apache.tomcat:tomcat-jasper:7.0.65), upgrade guidance is categorized. Use upgrade guidance under For Direct Dependencies to update the parent component.Upgrade Guidance may include:
- A Short Term Recommendation: An upgrade that maintains the component's major version number.
- A Long Term Recommendation: An upgrade that changes the component's major version number.