Logo Sonatype CLM A User Guide to Reports in Sonatype CLM
Documentation Index
Sonatype CLM Downloads
Document Descriptions
Release Notes

Sonatype CLM Server
Installation and Deployment Guide
Security Administration Guide
Policy Management Guide
Report User Guide

CI User Guide

IDE User Guide

Repository Manager User Guide

Nine Steps For Open Source Governance
Optimized Component Lifecycle Management with Sonatype CLM

A User Guide to Reports in Sonatype CLM

10.4. Understanding Risk

The calculation of risk is an estimation based on policies you have created, the threat levels of those policies, and any associated violations.

  • High (Red) is considered a critical risk and is a count of policy violations with threat level of 8-10, multiplied by 100.
  • Medium (Orange) is considered a sever risk and is a count of policy violations with a threat level of 5-7, multiplied by 20.
  • Low (Yellow) is considered a moderate risk and is a count of policy violations with a threat level of 1-4, multiplied by 5.
  • None (Blue) is considered no risk, and means only policies with an assigned threat level of 0 have been violated.