Logo Sonatype CLM A User Guide to Reports in Sonatype CLM
Documentation Index
Sonatype CLM Downloads
Document Descriptions
Release Notes

Sonatype CLM Server
Installation and Deployment Guide
Security Administration Guide
Policy Management Guide
Report User Guide

CI User Guide

IDE User Guide

Repository Manager User Guide

Nine Steps For Open Source Governance
Optimized Component Lifecycle Management with Sonatype CLM

A User Guide to Reports in Sonatype CLM

2.4. Policy Tab

The Policy tab displays a list of all components found during the scan of the application. By default components are ordered by their worst policy violation. This is an important distinction, because a component may have more than one violation, and the threat level severity for those violations could vary. If you wish to see all violations there are two options, using the Violation Filter, or the Component Information Panel (CIP). In this guide we’ll discuss both options. However, below we have highlighted the available filters.

figs/web/app-comp-report-policy-tab.png

Figure 2.7. Policy Tab


Filter

The filter lists five categories:

  • All (default)
  • Exact
  • Similar
  • Unknown
  • Proprietary

In addition to the main set of filters, you can also filter by violations, including those that have been waived. The available options include:

  • Summary (default)
  • All
  • Waived

Clicking on any of these will change the components in the list. We’ll discuss each of these in further detail in the sections corresponding to component matching, claiming components, and waiving components sections.

Component List
The list of components, below the filter, displays the Threat level posed by the components with their identifying Coordinates. The Threat Level column displays the name of the worst violated policy for the component and the severity using a colored bar. The Coordinates column uses group identifier, artifact identifier and version separated by colons.

In addition the list displays the Popularity and the Age of the component in the Central Repository in separate columns. The Release History is displayed in a visualization that includes the most popular version, the most recent version, your version and any other available versions in a timeline.

By clicking on the column header, the list of components can be sorted. If you are looking for a specific policy, or component, you can use the search fields located at the top of each of those columns, directly below the header.

Clicking on a row for a component in list displays the Component Information Panel (CIP), which we will discuss in Section 2.8, “The Component Information Panel (CIP)”.