# Investigate Dependencies in the Application Dependency Tree **Dependency Tree Dashboard** The Dependency Tree dashboard provides a detailed view of your open-source dependencies and their vulnerabilities. It maps the full application dependency tree, allowing you to: * View details about each dependency, including its version and usage * See which repositories are using a specific dependency * Understand how a repository uses a dependency and its impact on problem severity level **Direct and Indirect Dependencies** LFX Security identifies vulnerabilities in both direct and indirect dependencies. * **Direct Dependencies**: Packages included in your repository. * **Deep (Indirect) Dependencies**: Packages used by your direct dependencies, which can introduce vulnerabilities. **Example:** * Your application uses package A. * Package A uses package B. * If package B is vulnerable, your project is vulnerable due to its indirect dependency on package B. **Understanding Your Dependency Tree** As an open-source developer, it's essential to understand your project's direct and indirect dependencies, including any security flaws that may exist in the dependency tree. LFX Security helps you: * Identify all paths through the dependency tree where a vulnerable dependency can be reached * Determine the vulnerability and its impact on your project ## All Dependencies To view all dependencies, perform the following: 1. Select **Dependency Tree** from the top menu and click **All Dependencies**. A snapshot of repository dependencies in tree format is shown below. The tree is ordered by the number of dependencies, from most to least. Each item can have multiple sub-items. The first three levels are shown by default ![All Dependencies](https://3411187760-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M2DCN9UgoRgMEkgnLyP-887967055%2Fuploads%2Fgit-blob-dcc1eb8e04dc1ebd9ef5957b32f5ef72a041f850%2FDT.png?alt=media\&token=3c4e05d3-5f53-40d9-8bff-04c6c051eb4a) 2. You can select a **repository** from the Repository drop-down list or select using a **Manifest** file from the Manifest drop-down list. Only dependencies for the selected repository or manifest file for the selected project appear. ![Repository or Manifest File](https://3411187760-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M2DCN9UgoRgMEkgnLyP-887967055%2Fuploads%2Fgit-blob-6e5f2642b25765e1525017f94482b7c85a4dd851%2FDT%20Search.png?alt=media\&token=c3f68863-430e-4838-ad96-415be70a214d) {% hint style="info" %} Click the download ![](https://3411187760-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M2DCN9UgoRgMEkgnLyP-887967055%2Fuploads%2Fgit-blob-52838bb082bc73aa059fe72bd671101235803d1a%2FDownload_icon.png?alt=media\&token=148824f0-3328-4389-9a1e-a500bdea96e1) icon to download the dependency CSV file. {% endhint %} 3. Navigate the tree to identify vulnerable dependencies in the repository. The issues are categorized into different Manifest files. The Manifest file lists the node-level and child-level dependences. ![Categorization of Issues](https://3411187760-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M2DCN9UgoRgMEkgnLyP-887967055%2Fuploads%2Fgit-blob-a20a3f4979ab65ee7bcf8585e7ddbd02f53f8e9c%2FMani.gif?alt=media\&token=179c0d1c-6906-43ff-bfea-d0f5c57baaf7) Each repository shows you the number of issues in the repository along with the criticality of the issue. Each criticality is defined with a different color. ![Color Code Categorization of Issues](https://3411187760-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M2DCN9UgoRgMEkgnLyP-887967055%2Fuploads%2Fgit-blob-c56eff0b7d9dcda6af44a610acdd9437fb35e73b%2FColour.gif?alt=media\&token=de7814ee-4c5f-4cd6-8c6c-34898c5fba77) A View button is available at the deeper level to go ahead and check the issue details. The color of the button will also indicate the criticality of the issue. ![View Button](https://3411187760-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M2DCN9UgoRgMEkgnLyP-887967055%2Fuploads%2Fgit-blob-cc6627c06c1c79d36b975a783bba07b2fd77b536%2FButton.gif?alt=media\&token=dc8ec563-84e2-4335-af9e-2c384e9e3609) An icon ![](https://3411187760-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M2DCN9UgoRgMEkgnLyP-887967055%2Fuploads%2Fgit-blob-e1d51fa6af97f805c9b25866078279c9b6c6f832%2FIcon.png?alt=media\&token=be0de650-7e85-45e4-8a69-34a172d57b9c) is also available which suggests that there are issues still available further in the child level dependencies. ![Issues](https://3411187760-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M2DCN9UgoRgMEkgnLyP-887967055%2Fuploads%2Fgit-blob-1750eca10484d0c714527c4926d315ff1e3952bb%2FTree.gif?alt=media\&token=d627da24-d0d4-4e5c-9bcd-94c7cbafc4bc) 4. Click a **license** of interest to go to SPDX and find out more information about a license. The SPDX License includes a full name, standardized short identifier, vetted license text, and other information about the license. ![License Details](https://3411187760-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M2DCN9UgoRgMEkgnLyP-887967055%2Fuploads%2Fgit-blob-24b07b5b67bbabea134369aaef39ce6c015db6f9%2FLicensee_Details.gif?alt=media\&token=7120f076-f08f-4caf-a8c3-2160d2a709be) ## Vulnerability Details You can also check the vulnerability details only for a particular repository. To check the vulnerability details only, perform the following steps: 1. Click **Dependency Tree** and select **Vulnerabilities Only**. ![Vulnerabilities Only](https://3411187760-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M2DCN9UgoRgMEkgnLyP-887967055%2Fuploads%2Fgit-blob-035b336f0521e1fa857fe9b3673fe49ee0c37fa7%2FAll_Vul.png?alt=media\&token=1fdd3930-8499-461e-b33c-06f46e96dbd5) {% hint style="info" %} Click the download ![](https://3411187760-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M2DCN9UgoRgMEkgnLyP-887967055%2Fuploads%2Fgit-blob-52838bb082bc73aa059fe72bd671101235803d1a%2FDownload_icon.png?alt=media\&token=148824f0-3328-4389-9a1e-a500bdea96e1) icon to download the vulnerabilities CSV file. {% endhint %} 2\. List of vulnerabilities related for a particular repositories or Manifest file are listed. The rest of the details related to issues is similar to what is explained under All Dependencies Section. ![Issues](https://3411187760-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M2DCN9UgoRgMEkgnLyP-887967055%2Fuploads%2Fgit-blob-6a6747e23b8dfa4c7fc0f0ad28de0921adc0951f%2FAllDep.png?alt=media\&token=4a8aa601-2dd3-46f5-ae6e-3ac7622292f1)