Documentation Nexus IQ Server 1.32

Our documentation site has moved. For the most current version, please see http://help.sonatype.com

Chapter 12. The Application Composition Report

[Tip]

The topics discussed in this chapter require IQ Server with one of the following licenses: Lifecycle, Firewall, or Auditor.

The Application Composition Report represents the health of your application. Ultimately, it serves as a snapshot, a point-in-time report representing risk associated with component usage for a specific application. The report includes information on how the application complies with the policies your team, or business, has established. In many ways, it’s the final connector between policies and the components of your application.

figs/web/app-comp-report-summary.png

Figure 12.1. Summary Tab of the Application Composition Report


When looking at the report the first time, it can be daunting. If you see tons of red, you may quickly be dismayed. Or perhaps, you don’t see enough red and are worried in a different way. These feelings aren’t uncommon, and they reveal another important aspect of the Application Composition Report - it contains a lot of information.

More than just reporting the violations components in your application have triggered, it also provides a way to improve policy management. These reports don’t show false positives… ever. If there is a red ,severe policy violation that should really be much lower, communicate back with the team in charge of managing the policies. In fact, of all its uses, the ability to communicate findings to a wide audience is perhaps the most important task of this report.

In this section, we will provide an overview of the various areas of the report and therefore serve as an robust introduction.

For those of you that prefer bulleted lists, here’s what we’ll cover in this chapter:

  • Accessing the Application Composition Report
  • Overview of the four tabs and the component list
  • Importance of component and violation counts
  • Various policy, security, and license related data points
  • Printing a bill of materials
  • Overview of component information panel (CIP)

This chapter is meant to provide a detailed look at how to access the Application Composition Report, as well as what information is provided.