The topics discussed in this chapter require IQ Server with one of the following licenses: Lifecycle, Firewall, or Auditor.
The Application Composition Report represents the health of your application. Ultimately, it serves as a snapshot, a point-in-time report representing risk associated with component usage for a specific application. The report includes information on how the application complies with the policies your team, or business, has established. In many ways, it’s the final connector between policies and the components of your application.
When looking at the report the first time, it can be daunting. If you see tons of red, you may quickly be dismayed. Or perhaps, you don’t see enough red and are worried in a different way. These feelings aren’t uncommon, and they reveal another important aspect of the Application Composition Report - it contains a lot of information.
More than just reporting the violations components in your application have triggered, it also provides a way to improve policy management. These reports don’t show false positives… ever. If there is a red ,severe policy violation that should really be much lower, communicate back with the team in charge of managing the policies. In fact, of all its uses, the ability to communicate findings to a wide audience is perhaps the most important task of this report.
In this section, we will provide an overview of the various areas of the report and therefore serve as an robust introduction.
For those of you that prefer bulleted lists, here’s what we’ll cover in this chapter:
This chapter is meant to provide a detailed look at how to access the Application Composition Report, as well as what information is provided.