Priorities View
The Priorities View is accessible from the Developer dashboard. Click on the View link in the Priorities column on the Developer dashboard, for a specific application.
This page shows components prioritized under 2 sections:
Top Priorities
Shows 3 top priority components (or less, if < 3) for the selected application, based on the most recent evaluation.
Remaining Priorities
Shows all the remaining (besides the top 3) components for the selected application, based on the most recent evaluation.
The Prioritization Algorithm
The priority of remediation is determined by the Sonatype proprietary Prioritization Algorithm. The algorithm is driven by the following factors:
Policy Actions (fail/warn/none)
Reachability of the component
Threat level
Why is Prioritization Necessary?
The limited availability of resources (developer time) and tight deliverable deadlines, remediating policy violations during the development process may cause scope creep.
To prevent excessive scope creep and impacts to the sprint activities, remediation tasks can be prioritized. This allows lesser deadline disruptions, while maintaining a good security posture.
Prioritizing also helps prevent future or downstream use of the vulnerable components, leading to reduced policy violations.
The Recommendation Column
The Recommendation column shows the options available to remediate the policy violation. The component suggestions are in the following order, as available:
next-no-violation with dependencies
next-no-violation
next-non-failing with dependencies
next-non-failing
Click on a row, to view the component details page.
The Full Report
Click on the View Full Report button on the bottom of the page for a comprehensive application composition report generated by the IQ Server for the selected application.