Teamscale Docs

Appearance

Builds View

In the context of Software Composition Analysis, a build represents a CI/CD pipeline run that is registered in the SCA tool (e.g., JFrog Artifactory) and scanned for vulnerabilities and policy violations in included libraries. Each build can have multiple versions, corresponding to successive runs of the same build pipeline.

The Builds view lists all builds that Teamscale has imported from the configured Software Composition Analysis connector.

Builds overview table

Build Versions

Clicking a build name opens the Build Versions view, which lists all imported versions for that build. Each version shows its version identifier, the number of policy violations, and the creation timestamp. Clicking a version navigates to the Build Details view.

Build Details

The Build Details view shows the scan results for a specific build version. It is organized into tabs:

Build details view

  • Policy Violations: Lists the policy violations reported by the SCA tool for this build version. Each violation shows its severity, description, affected components, and the Xray Watch that triggered it. You can mark violations as tolerated or false positive directly from this tab.
  • Excluded Violations: Shows violations that are matched by an active exclusion rule. If the exclusion approval workflow is enabled, a Pending Violations tab appears for violations with rules awaiting approval.
  • Vulnerabilities: Lists the individual vulnerabilities detected in the build's dependencies, including CVE identifiers, severity, and a description.
  • Commits: Optionally shows code commits associated with this build version (if any). This link between builds and commits allows you to trace which code changes are included in a specific build.