Teamscale Docs

Appearance

Software Composition Perspective

The Software Composition perspective gives you visibility into third-party dependencies and their known vulnerabilities and policy violations. It displays data imported from a connected Software Composition Analysis (SCA) tool such as JFrog Xray.

Prerequisite

This perspective requires at least one SCA tool connector to be configured for the project. See How to Connect to JFrog Xray for setup instructions.

The perspective consists of the following views:

  • Builds View: Lists all builds imported from the SCA tool, lets you browse their versions, and inspect detailed scan results including vulnerabilities, violations, and associated code commits.
  • Violations View: Provides a consolidated overview of policy violations across the latest build versions. From here you can mark violations as tolerated or false positive.
  • Exclusion Rules View: Shows all rules that exclude specific violations from being reported. Rules can be created in Teamscale or imported from the SCA tool, and optionally require approval before taking effect.

Exclusion Approval Workflow

Teamscale supports an optional two-step approval workflow for violation exclusions. When enabled, newly created exclusion rules enter a Pending state and require approval by another user before they take effect. This is the same workflow used for finding exclusions and can be enabled independently for Software Composition violations in the project options under Exclusion Workflow.