Priorities View
The Priorities View is accessible from the Reports in the left navigation bar.
Click on the View Priorities link under the specific stage column (source/build/stage Release/release) on the Reports page, for the required application.
The Reason for Priority Column
The prioritization of remediation is determined by the Sonatype proprietary Prioritization Algorithm. Learn more about the Prioritization Algorithm.
Why is Prioritization Necessary?
The limited availability of resources (developer time) and tight deliverable deadlines, remediating policy violations during the development process may cause scope creep.
To prevent excessive scope creep and impacts to the sprint activities, remediation tasks can be prioritized. This allows lesser deadline disruptions, while maintaining a good security posture.
Prioritizing also helps prevent future or downstream use of the vulnerable components, leading to reduced policy violations.
The Suggested Fix Column
The Suggested Fix column shows the component version available to remediate the policy violation. The component suggestions include :
recommended-non-breaking-with-dependencies
This is the Golden Version
recommended-non-breaking
next-no-violation with dependencies
next-no-violation
next-non-failing with dependencies
next-non-failing
Click on a row, to view the component details page to view the version explorer and compare versions to select a component for remediation.
The Fail/Warn Policy Action Filter
Use the Fail/Warn policy action filter to view the priorities based on whether the policy violation has a fail/warn policy action associated with it.
