Skip to main content

Enterprise Reporting

Enterprise Reporting is your one-stop access to understand your organization's open-source consumption patterns including AI/ML components, risk and remediation patterns, and factors affecting the overall security posture. It summarizes how Sonatype Lifecycle impacts the security profile of the development pipelines within your organization.

Note

We have implemented the dashboards using the Looker™ platform for versatility. The visualizations will continue to evolve in functionality or scope, based on future improvements and user feedback.

Data Handling Processes for Enterprise Reporting

To address the concerns due to data processing with our third-party reporting tool, Looker™, we have implemented a 4-way protection methodology:

  1. Data Storage

    No data is stored in any third-party tool. We use the third-party tooling's streaming capability to receive the query results directly from the Sonatype environment in a dedicated instance. The data is transmitted without being stored.

  2. Data Anonymization

    The information for these visualizations and reports is restricted for an organization from the anonymized telemetry during application analysis performed via Sonatype Data Services.

  3. Data Authentication and Authorization

    To ensure that the data in these visualizations is accessible to authorized users only, the system programmatically creates obfuscated, unique one-way hash identifiers for the user and the organization's instance.

  4. Data Encryption

    We implement encryption for data in flight from the Lifecycle environment to the third-party reporting tool.

For added security, the vulnerability data for a specific application or component is not included in any of the dashboards.

Advanced Reporting Insights

To provide deeper reporting clarity, additional data is made available to be used for reporting following all encryption and data handling standards.  The data element included in the Advanced Reporting Insights is:

  • Application Name

Application Reports Insights data can be disabled thereby preventing this data from appearing in insights and there resulting in a degraded experience.

Flow for Data Request

  1. A user invokes a dashboard from the Data Insights feature in Sonatype Lifecycle.

  2. The browser requests a one-time, unique URL for the insight via an internal IQ Server API.

  3. The IQ Server invokes the Sonatype Data System API to check for a valid license and account using the standard one-way hash algorithms within IQ Server.

  4. The Sonatype Data System invokes the Looker™ API to generate the one-time use URL.

  5. Looker™ returns the fully signed and fully formed URL.

  6. The Browser renders the URL in the frame in Sonatype Lifecycle.

  7. Looker™ streams data encrypted from the back-end data systems (Databricks™) to render the report.

Prerequisites

  • Your browser has no restrictions on accessing “*.looker.com” URLs

  • For the Safari browser, “Prevent cross-site tracking“ in the Settings menu → Privacy is disabled.

Accessing

Click on Enterprise Reporting from the left navigation bar.

ER-sidebar.png

Get to know your Enterprise Reporting Landing Page

Enterprise_dashboard_complete.png

The Enterprise Reporting landing page consists of:

  • Enterprise Dashboards

    Enterprise dashboards offer a set of logically related visualizations or charts to provide a complete picture of key aspects that impact the organization security and compliance risks. The individual visualizations in an enterprise dashboard are curated and compiled to empower users to make data-driven informed decisions and maximize on the capabilities value delivered by using Sonatype Lifecycle to improve the program efficacy.

  • Data Insights

    Data Insights are standalone visualizations that enable focused analytics and data exploration. Based on the data generated as a result of using Sonatype Lifecycle, these visualizations answer specific task-oriented questions like reporting applications containing End-of-Life (EOL) components or AI/ML components, applications on-boarding rate, scan rates, component upgrades (Upgrade Posture) etc.

Enterprise Dashboard: Success Metrics

Explore your policy violation and remediation patterns using this foundational dashboard.

Learn more about Success Metrics Dashboard

Enterprise Dashboard: Security Risk Analysis

Explore your security risk using this foundational dashboard.

Learn more about Security Risk Analysis

Data Insight: AI Models

Explore and inspect the metadata for the open-source AI models used in your applications.

Learn more about AI Models Usage

Data Insight: AI Machine Learning

Observe the consumption of open-source AI/ML components in your applications.

Learn more about ML/AI Apps: Using Machine Learning.

Data Insight: Rolling Recap Dashboard

Rolling Recap shows graphical representations of the state of the Software Supply Chain for your organization. It unlocks trends and patterns by comparing your usage of Sonatype Lifecycle with the rest of the industry, over the last 365 days.

Learn more about Rolling Recap Dashboard.

Data Insight: Component EOL

See which components have the status of End of Life (EOL).

Learn more about Component EOL: Retiring Old Code

Data Insight: Supply Chain Monitoring

Review the health of your OSS supply chain and observe key influencing factors.

Learn more about Supply Chain Monitoring

Data Insight: Dependency Scorecard

Assess the quality of your component upgrade decisions.

Learn more about Dependency Scorecard

Data Insight: Stack Divergence

Compare your applications' component usage against industry norms to evaluate areas where you've fallen behind the adoption curve

Learn more about Stack Divergence

Data Insight: Upgrade Posture

Evaluate your vulnerability management practices to ensure that they are proactive so that your applications remain secure.

Learn more about Upgrade Posture