User Guide - GUI - Welcome Page - Modernizing Applications


Available in CAST Imaging  2.15

Introduction

This page provides insights for modernizing components and examines their interdependencies. The following tiles are explained in this page:

  • Third Party Components Upgrade / Third Party Components (≥ 2.17)

Third Party Components Upgrade / Third Party Components


The Third Party Components Upgrade / Third Party Components (≥ 2.17) tile generates information based on the information provided by the Highlight to MRI extensionIt determines the obsolete or out-of-date components in your application and lets you plan the upgrades accordingly.

Pre-requisites to view/use this tile:

The information generated by this tile is provided by CAST Highlight, therefore the tile is displayed only if the application meets the following requirements:

When clicked, the following screen is displayed, with a list of out of date or obsolete third party components:

Click to enlarge

Component Name

Lists the name of the obsolete third-party component found in your application.

Version

Displays the version number of the obsolete third party component found in your application.

Release Date

Displays the release date of the version of the obsolete third party component found in your application.

Gap

Displays the age of the obsolete third party component – i.e. the difference between today’s date and the release date of the version found in your application. The larger the gap the higher the prioritization should be for modernization. Ages are listed in three categories:

  • Red - two years old or more
  • Orange - between one and two years old
  • Green - one year old or less

CVE

Displays statistics about any CVEs (Common Vulnerabilities and Exposures etc.) that are present in the obsolete third party component. The total count of CVEs is displayed together with the specific number per criticality:

  • Critical (black) > these should be prioritised for modernization
  • High (red)
  • Medium (yellow)
  • Low (grey)
  • Advisory CVEs

Safer & Closest Version

As its name indicates, this component version has less vulnerabilities and is the version released closest to the current version found in the application. This is typical information you would consider to make the component safer. It also represents a lower risk of functional issues related to the upgrade, as the gap with the current component version in use is usually smaller.

Requires com.castsoftware.highlight2mri ≥ 1.0.2-funcrel.

Safest Version 

This is the ultimate upgrade goal for a component containing vulnerabilities. This version is the one with the lowest number of vulnerabilities across the component timeline. It might be risky to directly upgrade a component to this version as the gap with your current version can be quite significant, possibly multiple major releases newer. Note that the safest version is not necessarily the latest published version, as it is the closest version to the one detected in the application.

Requires com.castsoftware.highlight2mri ≥ 1.0.2-funcrel.

Release per year

Displays the average number of releases per year of the third party component.

Object Count

Displays the total number of objects present in the third party component – for example, for a Java framework, you may find Java Class objects within the framework. Additionally, you can filter by the object count value using the icon in the header (you can enter the count value and select on the option from the list).

In Imaging ≥ 2.19, External Filters (By module) are added to Third Party Components.

In Imaging ≥ 2.16:

  • Support is provided for npm (Node Package Manager) packages linked with object and level 5. 
  • You may use generic node info panel for advisor, modernisation and cloud-ready tiles.

        

You may click on Critical/High/Medium/Low buttons to view the list of associated CVEs:

To view the details of a specific CVE, click  next to the CVE. A new window is opened with the details of the selected CVE:

  

The Advisory CVEs do not have the info icon, hence you will not be able to view the details of the Advisories:


"Search for packages"  option lets you search a package by entering its name in the search area.

To do a detailed investigation click on button, following screen is displayed.

2.17 - The following options are enabled in Context Menu:

  • Children + caller/callee, group by communities
  • Children only, group by communities
  • Children + caller/callee
  • Children only

Database Access

In ≥ 2.19, Object grouping and ungrouping is enabled in Database Access view. Expand All icon can be used to expand all the objects and Collapse All to collapse the objects.