Skip to main content

Lifecycle Dashboard

Lifecycle’s dashboard is the fastest way to baseline and monitor the health of your applications. The dashboard provides insights into your organization's open-source consumption and helps you prioritize the highest risk.

Users need the View IQ Elements permission for at least one application to view the dashboard.

Dashboard Results

The dashboard results display information based on the applied filters. The same filters continue across the different views with the results differing depending on the selected view.

Features common across tabs on the dashboard.

  • Filters - Focus on specific violations. Save your custom views to match your workflow. Research the highest risk across each development team.

    See Dashboard Filters for details.

  • Sort - Select the column headers to change how the data is organized. For example, you may prioritize the highest risk or the latest violations.

  • Export Data - Save the content of any view to a spreadsheet for a point-in-time review or to generate custom reports.

  • Total Risk - is the aggregated policy threat scores for the scoped violations on a component across the scoped application reports. Use the filters to update the scoped violations and applications.

Violations View

The Violations view displays the policy violations found in applications you have permission to view.

Selecting a violation opens the Violation Details Popover showing the violating policy and the stages where the violation has been identified. Security violations include a detailed explanation of the vulnerability.

see Export Violation Data

Prioritize and Remediate

  • Filter results to newly discovered critical violations that have occurred in the last few days to coordinate a response with your development teams on the best path forward.

  • See the latest breaking violations across your build pipeline; review the violation details while requesting a waiver without having to navigate to individual scan reports.

Audit Risk throughout the Organization

  • Generate a detailed view of risk across business units. Export the view to deliver reports to stakeholders and business intelligence tooling.

Components View

The Components view organizes components based on their total risk to the enterprise. The threat scores assigned to policy violations are aggregated by component and anywhere the component is found in the filter's application scope. The risk is also calculated across the threat ranges; critical, severe, moderate, and low to apply additional meaning to the total score.

Selecting a component opens the component risk overview page which displays the applications the component is found as well as a breakdown of the violations.

see Export Component Data

Prioritize and Remediate

  • Select the components with the most risk and provide remediation instructions to the team members of each of those applications.

Audit Risk throughout the Organization

  • Export a list of all the components used in your organization.

Applications View

The Applications view provides a high-level baseline of your total organization risk and which applications have the greatest risk. Access the latest reports for each stage that have been evaluated for the application

The threat scores are assigned to policy violations from the application scan report and aggregated based on the current filters. The risk is also calculated across the threat ranges; critical, severe, moderate, and low to apply additional meaning to the total score.

see Export Applications Data

Prioritize and Remediate

  • Identify applications’ aggregated risk to prioritize remediation

Audit Risk throughout the Organization

  • Generate a baseline report of total risk to track over time. Use these totals to estimate the effectiveness of your SCA program and the value the tool is generating.

Waivers View

The waiver view shows waivers based on your filter selections. Click on a waiver to navigate to see the waiver's details.

The Upgrade column indicates when an upgrade is available for a waived component. This configuration is not set by default.

Learn more about Waived Component Upgrades.

Note

For accurate results, we recommend checking the Upgrade column for available upgrades after 24 hours of configuring the Waived Component Upgrades feature or applying a waiver.

see Exporting Waiver Data

Prioritize and Remediate

  • Use the expiration date filter to review soon-to-expire waivers for build-failing violations to proactively remediate or renew the waiver.

  • See which components have a non-violating version so development has a clear path forward.

Audit Risk throughout the Organization

  • Revoke permanent waivers that do not have an exploration date

  • Review waivers that are overly broad potentially hiding critical risk

  • Audit existing waivers for quality and compliance

Use the Solution Switcher

Need to switch to another Sonatype solution, seamlessly?

Click on the Solution Switcher icon in the top right navigation bar to experience other licensed Sonatype solutions.

The Solution Switcher currently offers transition to Sonatype Lifecycle, Sonatype Developer and Sonatype Repository Firewall.