Sonatype CLM Server - Application Composition Report
Before going into the details of information displayed in the License Analysis section for the application composition report, it is best to establish a clear understanding of license threat groups.
License threat groups are essentially a set of groups of similar licenses, each with a corresponding threat severity (red, orange, yellow, and blue). Licenses are placed into these groups, and when a component is found to have this license, it is flagged to the corresponding threat group. This is then conveyed in the Sonatype CLM Server in multiple areas, including the Summary tab and the License Analysis tab.
A default set of license threat groups are provided when you install Sonatype CLM for the first time. Additional license threat groups can be imported with our sample policies or manually created. In both cases, these can be changed and managed in the Sonatype CLM server.
![[Tip]](images/icons/tip.png){kind=icon}
|
|
|
How you manage your license threat groups directly impacts how threat is translated in the reports. |