Objective
Identify which applications are using a specific version of a library.
Process
Contrast agents automatically identify open-source libraries included in an application. Contrast identifies any vulnerabilities found in your libraries and also confirms if the library is used at runtime. In order to tie those libraries to the applications they were seen in:
- Within the Contrast UI, Select Libraries in the header to view a grid list of all libraries used by your organization.
- Use the search field to look for specific libraries, for example
spring-beans
. - Check the version of the library seen in the Library column.
- The list of applications the library was seen in can be found in the Applications column.
- Finally, you can also check whether the library is in active use by the app in the Usage column.
Example:
For deeper analysis of your library data, it may help to export a selection of them. This process is described here.