Logo Sonatype CLM Sonatype CLM Server - Application Composition Report
Documentation Index
Sonatype CLM Downloads
Release Notes
Document Descriptions and PDFs
Upgrade Instructions
Requirements

Sonatype CLM Server
Installation and Configuration
Security Administration
Policy Management
Dashboard
Application Composition Report
REST APIs

Sonatype CLM for...
Bamboo
CLI
Hudson and Jenkins
IDE
Maven
Nexus
SonarQube

The CLM Book (All Guides)
Optimized Component Lifecycle Management with Sonatype CLM

Sonatype CLM Server - Application Composition Report

3.2. The Component Information Panel (CIP)

To access the CIP as displayed in Figure 3.2, “Component Information Panel (CIP)”, simply click on a component row in the list. There are three sections you should use during your security vulnerability investigation - Component Info, Edit Vulnerabilities, and Audit Log.

figs/web/app-comp-report-CIP.png

Figure 3.2. Component Information Panel (CIP)


Component Info
One of the first things you should notice in the Component Info section, is the Highest Security Threat. This field, located on the left side of the panel, displays the highest threat and the threat value (on a scale of 1-9). In addition, it will display the total number of security issues for that particular component.
Component Graph
Next, you should take a close look at the graph to the right of the panel. On the graph, locate the Security Alerts field, taking into consideration the other fields as well. This graph will display security vulnerabilities by version, with the current version identified as This Version. In some cases there are clear points where security issues have been resolved, as can be seen above. Often this tends to coincide with more popular version, although, that is not necessarily always the case.