Logo Sonatype CLM A User Guide to Reports in Sonatype CLM
Documentation Index
Sonatype CLM Downloads
Document Descriptions
Release Notes

Sonatype CLM Server
Installation and Deployment Guide
Security Administration Guide
Policy Management Guide
Report User Guide

CI User Guide

IDE User Guide

Repository Manager User Guide

Nine Steps For Open Source Governance
Optimized Component Lifecycle Management with Sonatype CLM

A User Guide to Reports in Sonatype CLM

9.2. Reviewing the PDF

The information provided by the PDF is identical to information that is provided within the application composition report in the application user interface. This includes the Summary, Policy, Security Issues, and License Analysis tabs. Within the PDF, the order of information is presented top to bottom, following the logic of the report tabs from left to right. With the exception of the first page, which provides the Summary, each section has a label to indicate the corresponding tab of the Application Composition Report:

Policy Violations
displays a list of all policy violations, ordered by threat level, for each component.
Security Issues
displays a list of all security issues, ordered by SV score, for each component.
License Analysis
displays a list of components, ordered by threat level of the associated license threat group for the license(s) for the component.
Components
lists all components identified during the scan, as well as a summary of the data provided in the other tabs.

Summary. The summary section is identical to the HTML version of the report and visible in Figure 9.1, “Summary Section of a Application Composition Report in PDF Format”

figs/web/app-comp-report-pdf-summary.png

Figure 9.1. Summary Section of a Application Composition Report in PDF Format


Policy Violations. The Policy Violations section as visible in Figure 9.2, “Policy Violations Section of a Application Composition Report in PDF Format” displays the details for all scanned components. This matches the data displayed in the Policy tab of the Component Information Panel (CIP). It should be noted, that depending on the number of violations in your application, this section could be very long.

figs/web/app-comp-report-pdf-policy-violations.png

Figure 9.2. Policy Violations Section of a Application Composition Report in PDF Format


Security Issues. The Security Issues section displays a breakdown of all security issues found in the scan of the application, matching what is displayed in the HTML version of the report. An example is available in Figure 9.3, “Security Issues Section of a Application Composition Report in PDF Format”

figs/web/app-comp-report-pdf-security-issues.png

Figure 9.3. Security Issues Section of a Application Composition Report in PDF Format


License Analysis. The License Analysis section displays a breakdown of all license issues found in the scan of the application, matching what is displayed in the HTML version of the report. It should be noted that depending on your license threat groups, and license assignments, this section of the report could be very long. A short example is displayed in Figure 9.4, “License Analysis Section of a Application Composition Report in PDF Format”.

figs/web/app-comp-report-pdf-license-analysis.png

Figure 9.4. License Analysis Section of a Application Composition Report in PDF Format


Components. As mentioned above, this section brings together information from all the others. It displays the highest security issue identified (and the associated CVS Score), any declared and/or observed licenses (and the highest threat level of the associated), the match state, age, and the policy violation counts for each threat level band (red, orange, yellow, and blue) for each component. An example is displayed in Figure 9.5, “Components Section of a Application Composition Report in PDF Format”. In most cases this section can be used as a detailed bill of materials.

figs/web/app-comp-report-pdf-components.png

Figure 9.5. Components Section of a Application Composition Report in PDF Format


Note

In some cases a URL for the project is provided. This is indicated by an information icon figs/web/app-comp-report-pdf-info-icon.png.