Skip to main content

Priorities View

The Priorities View is accessible from the Reports in the left navigation bar.

Click on the View Priorities link under the specific stage column (source/build/stage Release/release) on the Reports page, for the required application.

The top section shows the name of the branch evaluated, evaluation triggered by, abbreviated git commit hash, the commit timestamp, and stage of evaluation.

NOTE: The branch name is visible only when the evaluation is run from a CI/CD environment or Sonatype CLI.

Priorities_all.png

The Reason for Priority Column

The prioritization of remediation is determined by the Sonatype proprietary Prioritization Algorithm. Learn more about the Prioritization Algorithm.

Why is Prioritization Necessary?

The limited availability of resources (developer time) and tight deliverable deadlines, remediating policy violations during the development process may cause scope creep.

To prevent excessive scope creep and impacts to the sprint activities, remediation tasks can be prioritized. This allows lesser deadline disruptions, while maintaining a good security posture.

Prioritizing also helps prevent future or downstream use of the vulnerable components, leading to reduced policy violations.

The Suggested Fix Column

The Suggested Fix column shows the component version available to remediate the policy violation. The component suggestions include :

  1. recommended-non-breaking-with-dependencies

    golden_version.png

    This is the Golden Version

  2. recommended-non-breaking

  3. next-no-violation with dependencies

  4. next-no-violation

  5. next-non-failing with dependencies

  6. next-non-failing

Click on a row, to view the component details page to view the version explorer and compare versions to select a component for remediation.

The Fail/Warn Policy Action Filter

Use the Fail/Warn policy action filter to view the priorities based on whether the policy violation has a fail/warn policy action associated with it.

NOTE: The fail/warn policy action filter is set to false by default, for Jira integrations.

fail-Warn_filter.png

The Next Step column in the new Priorities View allows you to create new pull requests (PRs), view existing PRs (including automated PRs). Learn more on how to: Create manual pull requests from the Priorities View.

If waivers for a violation are in effect, the Build Action column displays the status as Waived. The Suggested Remediation column shows the exact number of violations that are waived for the component. The Auto tab indicates an automated waiver has been applied. For violations that are suitable for automated waivers, the tooltip displays the suggestion as "Ask an administrator to configure Automated Waivers". Learn more on View Waiver Information from the Priorities View.

If the violation is detected on the default (or main) branch, the Suggested Remediation column shows Resolve on default branch. This facilitates minimizing the remediation efforts by fixing the violation once on the default branch, instead of duplicating the efforts on every feature branch. Subsequent rebasing or merging will prevent the violation from occurring again in the feature branches. The corresponding Next Step is shown as Go to Build Stage.

link_build_stage.png

Click on the Go to Build Stage link to view the latest priorities report in your main branch to resolve the policy violation.