Lifecycle Dashboard
Lifecycle’s dashboard is the fastest way to baseline and monitor the health of your applications. The dashboard provides insights into your organization's open-source consumption and helps you prioritize the highest risk.
Users need the View IQ Elements permission for at least one application to view the dashboard.
Dashboard Results
The dashboard results display information based on the applied filters. The same filters continue across the different views with the results differing depending on the selected view.
Features common across tabs on the dashboard.
Filters - Focus on specific violations. Save your custom views to match your workflow. Research the highest risk across each development team.
See Dashboard Filters for details.
Sort - Select the column headers to change how the data is organized. For example, you may prioritize the highest risk or the latest violations.
Export Data - Save the content of any view to a spreadsheet for a point-in-time review or to generate custom reports.
Total Risk - is the aggregated policy threat scores for the scoped violations on a component across the scoped application reports. Use the filters to update the scoped violations and applications.
Violations View
The Violations view displays the policy violations found in applications you have permission to view.
Selecting a violation opens the Violation Details Popover showing the violating policy and the stages where the violation has been identified. Security violations include a detailed explanation of the vulnerability.
Prioritize and Remediate
Filter results to newly discovered critical violations that have occurred in the last few days to coordinate a response with your development teams on the best path forward.
See the latest breaking violations across your build pipeline; review the violation details while requesting a waiver without having to navigate to individual scan reports.
Audit Risk throughout the Organization
Generate a detailed view of risk across business units. Export the view to deliver reports to stakeholders and business intelligence tooling.
Components View
The Components view organizes components based on their total risk to the enterprise. The threat scores assigned to policy violations are aggregated by component and anywhere the component is found in the filter's application scope. The risk is also calculated across the threat ranges; critical, severe, moderate, and low to apply additional meaning to the total score.
Selecting a component opens the component risk overview page which displays the applications the component is found as well as a breakdown of the violations.
Prioritize and Remediate
Select the components with the most risk and provide remediation instructions to the team members of each of those applications.
Audit Risk throughout the Organization
Export a list of all the components used in your organization.
Applications View
The Applications view provides a high-level baseline of your total organization risk and which applications have the greatest risk. Access the latest reports for each stage that have been evaluated for the application
The threat scores are assigned to policy violations from the application scan report and aggregated based on the current filters. The risk is also calculated across the threat ranges; critical, severe, moderate, and low to apply additional meaning to the total score.
Prioritize and Remediate
Identify applications’ aggregated risk to prioritize remediation
Audit Risk throughout the Organization
Generate a baseline report of total risk to track over time. Use these totals to estimate the effectiveness of your SCA program and the value the tool is generating.
Waivers View
The waiver view shows waivers based on your filter selections. Click on a waiver to navigate to see the waiver's details.
The Upgrade column indicates when an upgrade is available for a waived component. This configuration is not set by default.
Learn more about Waived Component Upgrades Configuration.
see Reference: exporting waiver data
Prioritize and Remediate
Use the expiration date filter to review soon-to-expire waivers for build-failing violations to proactively remediate or renew the waiver.
See which components have a non-violating version so development has a clear path forward.
Audit Risk throughout the Organization
Revoke permanent waivers that do not have an exploration date
Review waivers that are overly broad potentially hiding critical risk
Audit existing waivers for quality and compliance
Select Export Waivers Data to download the waiver data to a CSV file.
Field name | Field value |
|---|---|
Waiver Id | Unique waiver ID generated by IQ server at the time of waiver creation |
Threat level | Threat level associated with the policy to be waived |
Created Date | Date of waiver creation (format yyyy-mm-ddThh:mm:ssZ 'T' is a quoted character and 'Z' represents UTC) |
Expiration Date | Date when the waiver is set to expire (format yyyy-mm-ddThh:mm:ssZ 'T' is a quoted character and 'Z' represents UTC) |
Policy Id | Unique policy ID generated by IQ Server at the time of policy creation |
Policy Name | Name of the policy to be waived (e.g. Security-critical, Integrity-Rating, Security-High etc) |
Policy Constraints | Conditions and constraints checked by the policy that is waived by this waiver |
Scope Type | The scope of the waiver determines whether the policy waiver will be applied to a specific org, application or repository. |
Scope Id | IQ server generated scope ID, useful for automation with REST APIs |
Scope Name | Organizational level at which the waiver is created. |
Component Match Strategy | Match strategy can be all components, all versions, or exact match. |
Component Hash | Unique component identifier |
Component Name | Name of the component associated with the policy that is waived by this waiver |
Upgrade | Indicates that an upgrade is available for the waived component. (Waived Component Upgrades must be configured.) |
Created by Id | Userid of waiver creator |
Created by Name | Username of the waiver creator |
Comment | Optional descriptive comments for the waiver |