Skip to main content

Accessing the Report

Access the Application Composition Report from either the Reports Area, the Organizations and Applications area, or via direct URLs.

Reports Area

Log into the IQ Server and click the Reports icon. If multiple applications have been scanned, you can access all of them here.


You will need to be a member of at least the developer group for the application you wish to see a report for.

The Reporting screen shows several columns:

Application Name

The application name the report belongs to.


The parent organization for the corresponding application.

Source, Build, Stage Release, and Release Violations

These four columns display the violation counts for the most recent evaluations. The counts are broken down by Critical, Severe, and Moderate with text indicating the time (e.g. 2 minutes ago) of the most recent evaluation. Clicking on a violation count opens the Application Composition Report for that stage.

Additionally, if you have set a contact to a particular application, a Show Contact link will appear below the application name, allowing you to check which contact is assigned to a particular application.

To access the Application Composition Report, click the violation count for the corresponding application and stage (source, build, stage release, or release).



By default, this view will be sorted alphabetically by the application name. In addition to the filter, you can also click on the application or organization columns to sort alphabetically ascending/descending.

Via the Organization & Policies Area

Select Organization & Policies from the toolbar and select an application. You can access an Application Composition Report for a selected application from the Actions menu as shown in the figure below. The most recent report is available for the different stage(s) at which the application has been evaluated:



If you use the Sonatype IQ CLI and don’t specify a stage, it will default to Build. When your evaluation is completed and the report is uploaded, it is accessible using the View build report action on the Actions menu.


Reports can also be accessed via enforcement point tools for CI and the repository manager. However, in each of the tools, they will connect to the IQ Server.

Via Direct URLs

Alternatively, the report —or its variations— may also be accessed using any of the following URLs.






Link to access the Application Composition Report

Embeddable Report


Link to access the embeddable version of the Application Composition Report.

This report is meant to be embedded within other web pages, and therefore lacks the navigation bar.



Link to download the PDF version of the report.