In some implementations of Sonatype CLM, not everyone will have access to the CLM Server or any of the integrated enforcement points, and in turn, any of the associated reports. However, certain individuals or teams would likely still benefit from the information the CLM Report provides. Even if that’s not your particular situation, you may reach a point where you would like to produce an archive of a report for historical and audit purposes. Given this need, every report you produce with Sonatype CLM can be converted into a PDF.
Though the information presented in both the web application and the PDF are nearly identical, there are a few difference, mainly formed out of the contrasting visual and layout capabilities of a web application versus PDF. Below, we’ll discuss how to create this PDF version as well as highlight some of the differences between the two.
If you’ve been working with Sonatype CLM for a while, you might have started to notice a set of blue icons in the top right of every report. While the first icon is related to reevaluating the report, the button onm the right allows you to create a PDF version of the report. Simply, click on this button and Sonatype CLM will prompt your browser to download a PDF version of the report.
The report filename will be unique each time you use the button. However,
in general the report will include the job name, build number, and the timestamp
associated with the results. For example, |
The information provided by the PDF is identical to information that is provided within the application composition report in the application user interface. This includes the Summary, Policy, Security Issues, and License Analysis tabs. Within the PDF, the order of information is presented top to bottom, following the logic of the report tabs from left to right. With the exception of the first page, which provides the Summary, each section has a label to indicate the corresponding tab of the Application Composition Report:
Summary. The summary section is identical to the HTML version of the report and visible in Figure 11.43, “Summary Section of a Application Composition Report in PDF Format”
Policy Violations. The Policy Violations section as visible in Figure 11.44, “Policy Violations Section of a Application Composition Report in PDF Format” displays the details for all scanned components. This matches the data displayed in the Policy tab of the Component Information Panel (CIP). It should be noted, that depending on the number of violations in your application, this section could be very long.
Security Issues. The Security Issues section displays a breakdown of all security issues found in the scan of the application, matching what is displayed in the HTML version of the report. An example is available in Figure 11.45, “Security Issues Section of a Application Composition Report in PDF Format”
License Analysis. The License Analysis section displays a breakdown of all license issues found in the scan of the application, matching what is displayed in the HTML version of the report. It should be noted that depending on your license threat groups, and license assignments, this section of the report could be very long. A short example is displayed in Figure 11.46, “License Analysis Section of a Application Composition Report in PDF Format”.
Components. As mentioned above, this section brings together information from all the others. It displays the highest security issue identified (and the associated CVS Score), any declared and/or observed licenses (and the highest threat level of the associated), the match state, age, and the policy violation counts for each threat level band (red, orange, yellow, and blue) for each component. An example is displayed in Figure 11.47, “Components Section of a Application Composition Report in PDF Format”. In most cases this section can be used as a detailed bill of materials.
In some cases a URL for the project is provided. This is indicated by an information icon . |
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia