Accessing the Report
Access the Application Composition Report from either the Reports Area, the Organizations and Applications area, or via direct URLs.
Reports Area
Log into the IQ Server and click the Reports icon. If multiple applications have been scanned, you can access all of them here.
Note
You will need to be a member of at least the developer group for the application you wish to see a report for.
The Reporting screen shows several columns:
Application Name | The application name the report belongs to. |
---|---|
Organization | The parent organization for the corresponding application. |
Source, Build, Stage Release, and Release Violations | These four columns display the violation counts for the most recent evaluations. The counts are broken down by Critical, Severe, and Moderate with text indicating the time (e.g. 2 minutes ago) of the most recent evaluation. Clicking on a violation count opens the Application Composition Report for that stage. |
Additionally, if you have set a contact to a particular application, a Show Contact link will appear below the application name, allowing you to check which contact is assigned to a particular application.
To access the Application Composition Report, click the violation count for the corresponding application and stage (source, build, stage release, or release).
Tip
By default, this view will be sorted alphabetically by the application name. In addition to the filter, you can also click on the application or organization columns to sort alphabetically ascending/descending.
Via the Organization & Policies Area
Select Organization & Policies from the toolbar and select an application. You can access an Application Composition Report for a selected application from the Actions menu as shown in the figure below. The most recent report is available for the different stage(s) at which the application has been evaluated:
Note
If you use the Sonatype IQ CLI and don’t specify a stage, it will default to Build. When your evaluation is completed and the report is uploaded, it is accessible using the View build report action on the Actions menu.
Tip
Reports can also be accessed via enforcement point tools for CI and the repository manager. However, in each of the tools, they will connect to the IQ Server.
Via Direct URLs
Alternatively, the report —or its variations— may also be accessed using any of the following URLs.
Name | URL | Description |
---|---|---|
Report | {baseUrl}/ui/links/application/{appPublicId}/report/{scanId} | Link to access the Application Composition Report |
Embeddable Report | {baseUrl}/ui/links/application/{appPublicId}/report/{scanId}/embeddable | Link to access the embeddable version of the Application Composition Report. This report is meant to be embedded within other web pages, and therefore lacks the navigation bar. |
{baseUrl}/ui/links/application/{appPublicId}/report/{scanId}/pdf | Link to download the PDF version of the report. |