Version whitelist

Robert Reiz

Not sure if I understand you correctly. But I will give an example how you can use it.

The component whitelist is always an extension to the license whitelist. Assume you have this values on your license whitelist:

MIT
Apache-2.0
Apache-1.1

Now let's say you are using a certain component which doesn't have one of that licenses. Let's say that component is com.lowagie:itext:4.2.0 and it is marked red on your license tab because the license of itext 4.2.0 doesn't match with your license whitelist. But you want to whitelist that artifact in exact that version, than you can do that by adding that to your component whitelist like that:

com.lowagie:itext:4.2.0

Now itext in version 4.2.0 will be marked green in your license tab, even if it doesn't match the whitelisted license. But only the version 4.2.0. In the version tab it will be marked as outdated and if VersionEye finds a security vulnerability to that version it will show up in the security tab. If you update the component to another version than it will be marked again red in the license tab, because on the component whitelist only version 4.2.0 is whitelisted! If you want to whitelist ALL versions of the component than you need this value on your component whitelist:

com.lowagie:itext

But I wouldn't recommend that because licenses can change over versions. If you checked the license of a specific version and that is fine for you than you should only whitelist that specific version on the component whitelist.

Does that answer your question?

2016-11-01T10:33:31+00:00

Comments (4)

Robert Reiz
Not sure if I understand you correctly. But I will give an example how you can use it.

The component whitelist is always an extension to the license whitelist. Assume you have this values on your license whitelist:
```
MIT
Apache-2.0
Apache-1.1
```
Now let's say you are using a certain component which doesn't have one of that licenses. Let's say that component is com.lowagie:itext:4.2.0 and it is marked red on your license tab because the license of itext 4.2.0 doesn't match with your license whitelist. But you want to whitelist that artifact in exact that version, than you can do that by adding that to your component whitelist like that:
```
com.lowagie:itext:4.2.0
```
Now itext in version 4.2.0 will be marked green in your license tab, even if it doesn't match the whitelisted license. But only the version 4.2.0. In the version tab it will be marked as outdated and if VersionEye finds a security vulnerability to that version it will show up in the security tab. If you update the component to another version than it will be marked again red in the license tab, because on the component whitelist only version 4.2.0 is whitelisted! If you want to whitelist ALL versions of the component than you need this value on your component whitelist:
```
com.lowagie:itext
```
But I wouldn't recommend that because licenses can change over versions. If you checked the license of a specific version and that is fine for you than you should only whitelist that specific version on the component whitelist.

Does that answer your question?
- 2016-11-01T10:33:31+00:00
Rick Jensen
I believe the OP is asking for a whitelist for outdated versions of dependencies, rather than licenses. So, if a dependency is on v4, but the library has just released v8, the OP is asking for a way to not have the v4 dependency be flagged as outdated.

This seems similar to the "mute" ability that I've seen other places, and may also be similar to being able to have the "outdated" check only look at minor version updates, but not major version updates (etc.)
- 2016-11-29T23:27:07+00:00
Robert Reiz
Hi @cdeszaq. There is a mute feature on VersionEye as well. You can mute any version by clicking on the mute icon. See here:
- 2016-11-30T08:55:22+00:00
Robert Reiz
- changed status to resolved
- 2017-01-31T15:57:20+00:00
Log in to comment