Data Insights
The Data Insights dashboard is one-stop access to understand open-source consumption patterns, including AI/ML components. Data Insights summarizes how Sonatype Lifecycle impacts the security profile of the development pipelines within your organization.
With several data points from the Sonatype community as a whole, Data Insights provides a comparative analysis between your organization and the rest of the industry, in terms of the following:
Vulnerabilities associated with your applications
Remediation actions taken by your teams
Tech stack diversity
As a step forward to achieve Observability for AI/ML components, it provides actionable insights into the consumption patterns by generating visualizations indicating the exact number and category of the AI/ML components in use by your applications. These visualizations can be used to create governance policies for the responsible adoption of AI, focusing on privacy, security, and data protection, thus minimizing the threats associated with using non-enterprise or free AI and ML platforms.
The End-of-Life (EOL) visualization shows all components that have crossed the declared EOL date, along with their containing applications, to provide a lead time for necessary upgrades or transitions for your development teams. This effectively makes informed decisions on the transition and minimizes last-minute development disruptions.
Note
We have implemented the dashboards using the Looker™ platform for versatility. The visualizations will continue to evolve in functionality or scope, based on future improvements and user feedback.
Data Handling Processes
To address the concerns due to data processing with our third-party reporting tool, Looker™, we have implemented a 4-way protection methodology:
Data Storage
No data is stored in any third-party tool. We use the third-party tooling's streaming capability to receive the query results directly from the Sonatype environment in a dedicated instance. The data is transmitted without being stored.
Data Anonymization
The information for these visualizations and reports is restricted for an organization from the anonymized telemetry during application analysis performed via Sonatype Data Services.
Data Authentication and Authorization
To ensure that the data in these visualizations is accessible to authorized users only, the system programmatically creates obfuscated, unique one-way hash identifiers for the user and the organization's instance.
Data Encryption
We implement encryption for data in flight from the Lifecycle environment to the third-party reporting tool.
For added security, the vulnerability data for a specific application or component is not included in any of the dashboards.
Advanced Reporting Insights
To provide deeper reporting clarity, additional data is made available to be used for reporting following all encryption and data handling standards. The data element included in the Advanced Reporting Insights is:
Application Name
Application Reports Insights data can be disabled thereby preventing this data from appearing in insights and there resulting in a degraded experience.
Flow for Data Request
A user invokes a dashboard from the Data Insights feature in Sonatype Lifecycle.
The browser requests a one-time, unique URL for the insight via an internal IQ Server API.
The IQ Server invokes the Sonatype Data System API to check for a valid license and account using the standard one-way hash algorithms within IQ Server.
The Sonatype Data System invokes the Looker™ API to generate the one-time use URL.
Looker™ returns the fully signed and fully formed URL.
The Browser renders the URL in the frame in Sonatype Lifecycle.
Looker™ streams data encrypted from the back-end data systems (Databricks™) to render the report.
Accessing
To access the dashboard, click on Data Insights from the left navigation bar.
Prerequisites
Your browser has no restrictions on accessing “*.looker.com” URLs
For the Safari browser, “Prevent cross-site tracking“ in the Settings menu → Privacy is disabled.
Get to know your Data Insights Dashboard
Rolling Recap Dashboard
Rolling Recap shows graphical representations of the state of the Software Supply Chain for your organization. It unlocks trends and patterns by comparing your usage of Sonatype Lifecycle with the rest of the industry, over the last 365 days.
ML/AI: Apps Using Machine Learning
Observe the consumption of open-source AI/ML components in your applications.
Component EOL: Retiring Old Code
See which components have the status of End of Life (EOL).
Supply Chain Monitoring
See which components have the status of End of Life (EOL).
Dependency Scorecard
Assess the quality of your component upgrade decisions.
Shaded Vulnerability Detection
Analyze the impacts of data our new Shaded Vulnerability Detection Algorithm.
Stack Divergence
Compare your applications' component usage against industry norms to evaluate areas where you've fallen behind the adoption curve
Upgrade Posture
Evaluate your vulnerability management practices to ensure that they are proactive so that your applications remain secure.
Learn more about Upgrade Posture
Security Risk Analysis
Explore your security risk using the first of our foundational dashboards.
Learn more about Security Risk Analysis
Success Metrics
Explore your policy violation and remediation patterns using this foundational dashboard.
Learn more about Success Metrics Dashboard