Package Version Checks
Verify that services use (or do not use) certain software packages, and check for specific package versions.
Once your package version information is in OpsLevel, either via a manual SBOM upload or by enabling automated package version collection from your Git integration, you can create checks to verify that your services use (or do not use) certain software packages and package versions.
Configuring Package Version Checks
Package Manager
Select the package manager (npm, gem, etc.) that hosts the package.
Package
Package Name
The name of the package you're creating a check for, e.g. "lodash".
Package Constraint
Dropdown list to the right of package name. Supported options are:
- Exists - Check passes if the specified package occurs in the packages used by the service, of a repository attached to the service, or both.
- Does not Exist - Check passes if the specified package occurs neither in the packages used by the service, nor on any attached repository's packages.
- Matches Version - Check passes if defined constraints on the version of the specified package are met (see below).
Version
Applies only if "Matches Version" is selected.
Supported version constraint options:
- Satisfies Version Constraint - Version constraint (e.g. "<= 1.2.3") follows the same syntax and semantics as described in the "Version Constraints" section of the Tag Defined Check.
- Matches Regex - Check passes if the version (e.g. "4.20.69") of the package matches this regular expression.
- Does not Match Regex - Check passes if the version (e.g. "1.33.7") of the package does not match this regular expression.
If one of the above three constraints is placed on a package, all package versions attached to the service and/or associated repositories must satisfy the constraint in order for the check to pass.
If the Package Does not Exist
This section only exists if you have selected "Matches Version" as the package constraint.
Select whether the check should pass or fail if the specified package is not detected on the service.
Updated 5 months ago