Skip to main content

Priorities View

The Priorities View is accessible from the Developer dashboard. Click on the View link in the Priorities column on the Developer dashboard, for a specific application.

Priorities_View.png

This page shows components prioritized under 2 sections:

  • Top Priorities

    Shows 3 top priority components (or less, if < 3) for the selected application, based on the most recent evaluation.

  • Remaining Priorities

    Shows all the remaining (besides the top 3) components for the selected application, based on the most recent evaluation.

The Prioritization Algorithm

The priority of remediation is determined by the Sonatype proprietary Prioritization Algorithm. The algorithm is driven by the following factors:

  1. Policy Actions (fail/warn/none)

  2. Reachability of the component

  3. Threat level

Why is Prioritization Necessary?

The limited availability of resources (developer time) and tight deliverable deadlines, remediating policy violations during the development process may cause scope creep.

To prevent excessive scope creep and impacts to the sprint activities, remediation tasks can be prioritized. This allows lesser deadline disruptions, while maintaining a good security posture.

Prioritizing also helps prevent future or downstream use of the vulnerable components, leading to reduced policy violations.

The Recommendation Column

The Recommendation column shows the options available to remediate the policy violation. The component suggestions are in the following order, as available:

  1. recommended-non-breaking-with-dependencies

    This is the Golden Version.

  2. recommended-non-breaking

  3. next-no-violation with dependencies

  4. next-no-violation

  5. next-non-failing with dependencies

  6. next-non-failing

Click on a row, to view the component details page.

The Full Report

View_Full_Report.png

Click on the View Full Report button at the top right of the page for a comprehensive application composition report generated by the IQ Server for the selected application.