Enterprise Reporting
Enterprise Reporting is your one-stop access to understand your organization's open-source consumption patterns including AI/ML components, risk and remediation patterns, and factors affecting the overall security posture. It summarizes how Sonatype Lifecycle impacts the security profile of the development pipelines within your organization.
Note
We have implemented the dashboards using the Looker™ platform for versatility. The visualizations will continue to evolve in functionality or scope, based on future improvements and user feedback.
Data Handling Processes for Enterprise Reporting
To address the concerns due to data processing with our third-party reporting tool, Looker™, we have implemented a 4-way protection methodology:
Data Storage
No data is stored in any third-party tool. We use the third-party tooling's streaming capability to receive the query results directly from the Sonatype environment in a dedicated instance. The data is transmitted without being stored.
Data Anonymization
The information for these visualizations and reports is restricted for an organization from the anonymized telemetry during application analysis performed via Sonatype Data Services.
Data Authentication and Authorization
To ensure that the data in these visualizations is accessible to authorized users only, the system programmatically creates obfuscated, unique one-way hash identifiers for the user and the organization's instance.
Data Encryption
We implement encryption for data in flight from the Lifecycle environment to the third-party reporting tool.
For added security, the vulnerability data for a specific application or component is not included in any of the dashboards.
Advanced Reporting Insights
To provide deeper reporting clarity, additional data is made available to be used for reporting following all encryption and data handling standards. The data element included in the Advanced Reporting Insights is:
Application Name
Application Reports Insights data can be disabled thereby preventing this data from appearing in insights and there resulting in a degraded experience.
Flow for Data Request
A user invokes a dashboard from the Data Insights feature in Sonatype Lifecycle.
The browser requests a one-time, unique URL for the insight via an internal IQ Server API.
The IQ Server invokes the Sonatype Data System API to check for a valid license and account using the standard one-way hash algorithms within IQ Server.
The Sonatype Data System invokes the Looker™ API to generate the one-time use URL.
Looker™ returns the fully signed and fully formed URL.
The Browser renders the URL in the frame in Sonatype Lifecycle.
Looker™ streams data encrypted from the back-end data systems (Databricks™) to render the report.
Prerequisites
Your browser has no restrictions on accessing “*.looker.com” URLs
For the Safari browser, “Prevent cross-site tracking“ in the Settings menu → Privacy is disabled.
Accessing
Click on Enterprise Reporting from the left navigation bar.

Get to know your Enterprise Reporting Landing Page

The Enterprise Reporting landing page consists of:
Enterprise Dashboards
Enterprise dashboards offer a set of logically related visualizations or charts to provide a complete picture of key aspects that impact the organization security and compliance risks. The individual visualizations in an enterprise dashboard are curated and compiled to empower users to make data-driven informed decisions and maximize on the capabilities value delivered by using Sonatype Lifecycle to improve the program efficacy.
Data Insights
Data Insights are standalone visualizations that enable focused analytics and data exploration. Based on the data generated as a result of using Sonatype Lifecycle, these visualizations answer specific task-oriented questions like reporting applications containing End-of-Life (EOL) components or AI/ML components, applications on-boarding rate, scan rates, component upgrades (Upgrade Posture) etc.
Enterprise Dashboard: Success Metrics
Explore your policy violation and remediation patterns using this foundational dashboard.
Learn more about Success Metrics Dashboard
Enterprise Dashboard: Security Risk Analysis
Explore your security risk using this foundational dashboard.
Learn more about Security Risk Analysis
Data Insight: AI Models
Explore and inspect the metadata for the open-source AI models used in your applications.
Learn more about AI Models Usage
Data Insight: AI Machine Learning
Observe the consumption of open-source AI/ML components in your applications.
Data Insight: Rolling Recap Dashboard
Rolling Recap shows graphical representations of the state of the Software Supply Chain for your organization. It unlocks trends and patterns by comparing your usage of Sonatype Lifecycle with the rest of the industry, over the last 365 days.
Data Insight: Component EOL
See which components have the status of End of Life (EOL).
Data Insight: Supply Chain Monitoring
Review the health of your OSS supply chain and observe key influencing factors.
Data Insight: Dependency Scorecard
Assess the quality of your component upgrade decisions.
Data Insight: Stack Divergence
Compare your applications' component usage against industry norms to evaluate areas where you've fallen behind the adoption curve
Data Insight: Upgrade Posture
Evaluate your vulnerability management practices to ensure that they are proactive so that your applications remain secure.
Learn more about Upgrade Posture