Logo Sonatype CLM A User Guide to Reports in Sonatype CLM
Documentation Index
Sonatype CLM Downloads
Document Descriptions
Release Notes

Sonatype CLM Server
Installation and Deployment Guide
Security Administration Guide
Policy Management Guide
Report User Guide

CI User Guide

IDE User Guide

Repository Manager User Guide

Nine Steps For Open Source Governance
Optimized Component Lifecycle Management with Sonatype CLM

A User Guide to Reports in Sonatype CLM

2.1. Accessing an Application Composition Report

You can access the application composition report in your Sonatype CLM Server in two ways:

Via the Reporting Area

The Reports area, which is displayed by default when you log in to the Sonatype CLM Server, can also be accessed by clicking on the Reporting icon figs/web/clm-server-reporting-icon.png. These steps outline that process:

  1. Log into your Sonatype CLM server with a user account that has proper permissions to view a report for a specific application (at least a member of the developer group for the application would be required).
  2. The Reporting area will be displayed. In case you are in a different section of the application, you can always click on the Reporting icon figs/web/clm-server-reporting-icon.png to return to the Reporting area.
  3. You will see two menu items on the left, Violations and Trending. You want to click on Violations, if it is not already selected, to access the Application Composition Report. Applications you have permission to view will be displayed, with each row representing a single application. You can use the filter to reduce the applications displayed (simply enter a few letters of an organization or application).

You will notice, that there are several columns:

  1. Application Name - links to the Application Management Area for the specific application.
  2. Build, Stage Release, and Release Violations - these three columns display the violation counts for the most recent evaluations. The counts are broken down by Critical, Severe, and Moderate with text indicating the time (e.g. 2 minutes ago) of the most recent evaluation.
  3. Contact - this is the contact for the corresponding application.

  4. Organization - links to the parent organization for the corresponding application.

    1. Click the the contents in the violations column to access the report.
figs/web/clm-server-reporting-view.png

Figure 2.2. Reporting Area


Tip

By default this view will be sorted alphabetically by the application name. In addition to the filter, you can also click on the application or organization columns to sort alphabetically ascending/descending.

Via the Application Area

The Application area is the same place where you can manage policy for your application, reviewing policies unique to the application, as well as those inherited from the organization. Located just below the application identifier and organization, you will see three columns:

  • Build
  • Stage Release
  • Release

These represent the Sonatype CLM stage where the report was generated for/from. For example, if you use the Sonatype CLM stand-alone scanner and don’t specify the CLM Stage, it will default to build. When your scan completes and the report is uploaded, it would appear below Build. This is highlighted in Figure 2.3, “Application Area”

figs/web/clm-server-application-area-header.png

Figure 2.3. Application Area


Note

Reports can also be accessed via enforcement point tools like Sonatype CLM for CI, and Nexus Pro - Sonatype CLM Edition. However, in each of the tools, they will connect to the Sonatype CLM Server.