Skip to main content

Integrated Enterprise Reporting - Data Insights

The Integrated Enterprise Reporting (IER) dashboard serves as one-stop access to understand the open-source components consumption patterns, including AI/ML components.

It summarizes how Sonatype Lifecycle impacts the security profile of the development pipelines within your organization. With several data points from the Sonatype Community as a whole, it also provides a comparative analysis between your organization and the rest of the industry, in terms of

  1. Vulnerabilities associated with your applications

  2. Remediation actions taken by your teams

  3. Tech stack diversity

As a step forward to achieve Observability for AI/ML components, it provides actionable insights into the consumption patterns by generating visualizations indicating the exact number and category of the AI/ML components in use by your applications. These visualizations can be used to create governance policies for the responsible adoption of AI, with a focus on privacy, security and data protection, thus minimizing the threats associated with the usage of non-enterprise or free AI and ML platforms.

The End-of-Life (EOL) visualization shows all components that have crossed the declared EOL date, along with their containing applications, to provide a lead time for necessary upgrades or transitions for your development teams. This is extremely effective in making informed decisions on the transition and minimizing last-minute development disruptions.

Note

We have implemented the dashboards using the Looker™ platform for versatility. The visualizations will continue to evolve in terms of functionality or scope, based on future improvements and user feedback.

Data Handling Processes

To address the concerns that could arise due to data sharing with a third-party tool (Looker™), we have implemented a 4-way protection methodology:

  1. Data Storage

    There is no data is stored in Looker™. We use Looker's streaming capability to receive the query results directly from the Sonatype environment in a dedicated Looker instance (data is transmitted without being stored by Looker along the way).

  2. Data Anonymization

    The information for these visualizations and reports is restricted for an organization from the anonymized telemetry during application analysis performed via Sonatype Data Services.

  3. Data Authentication and Authorization

    To ensure that the data in these visualizations is accessible to authorized users only, the system programmatically creates obfuscated, unique one-way hash identifiers for the user and the organization's instance.

  4. Data Encryption

    We implement encryption for data in flight from the IQ Server environment to Looker™.

For added security, the vulnerability data for a specific application or component is not included in any of the dashboards.

Advanced Reporting Insights

In order to provide deeper reporting clarity, additional data is made available to be used for reporting following all encryption and data handling standards.  The data element included in the Advanced Reporting Insights is:

  • Application Name

Application Reports Insights data can be disabled thereby preventing this data from appearing in insights and there resulting in a degraded experience.

Flow for Data Request

  1. A user invokes a dashboard from the Data Insights feature in Sonatype Lifecycle.

  2. The browser requests a one-time, unique URL for the insight via an internal IQ Server API.

  3. The IQ Server invokes the Sonatype Data System API to check for a valid license and account using the standard one-way hash algorithms within IQ Server.

  4. The Sonatype Data System invokes the Looker™ API to generate the one-time use URL.

  5. Looker™ returns the fully signed and fully formed URL.

  6. The Browser renders the URL in the frame in Sonatype Lifecycle.

  7. Looker™ streams data encrypted from the back-end data systems (Databricks™) to render the report.

Accessing

To access the dashboard, click on Data Insights from the left navigation bar.

199819346.png

Prerequisites

  • Your browser has no restrictions on accessing “*.looker.com” URLs

  • For Safari browser, “Prevent cross-site tracking“ in the Settings menu → Privacy is disabled.

Get to know your Data Insights Dashboard

Landing_page-shaded_vuln.png

Rolling Recap Dashboard

Rolling Recap shows graphical representations of the state of the Software Supply Chain for your organization. It unlocks trends and patterns by comparing your usage of Sonatype Lifecycle with the rest of the industry, over the last 365 days.

Learn more about Rolling Recap Dashboard.

ML/AI: Apps Using Machine Learning

Observe the consumption of open-source AI/ML components in your applications.

Learn more about ML/AI Apps: Using Machine Learning.

Component EOL: Retiring Old Code

See which components have the status of End of Life (EOL).

Learn more about Component EOL: Retiring Old Code

Supply Chain Monitoring

See which components have the status of End of Life (EOL).

Learn more about Supply Chain Monitoring

Dependency Scorecard

Assess the quality of your component upgrade decisions.

Learn more about Dependency Scorecard

Shaded Vulnerability Detection

Analyze the impacts of our new new Shaded Vulnerability Detection Algorithm

Learn more about Shaded Vulnerability Detection