Skip to main content

Application Management

An application in Lifecycle is an open concept for what your organization needs to track using software composition analysis. This can be a monolithic application, a deployable container, a microservice, a manifest, or even just a folder of binaries. Often these are software projects in active development with development teams who own and can respond quickly to remediate discovered risk. Other times they are legacy projects that the organization needs to monitor while accepting existing risk. Here are some common strategies for creating applications.

  • Software produced by a single team who own and maintain the dependencies

  • The latest CI build of a project coming from a SCM repository

  • Containers deployed in production where Continous Monitor watches for new risk

See Onboarding Applications Best Practices

Creating an Application

To create applications the user needs the Edit IQ Elements permission assigned to the organization where it is to be added.

Property

Description

Application Name

The human-identifiable name that is used throughout Lifecycle reports and configuration. (Limit 200 chars)

Application ID

The unique identifier to target the application during scans, scripting, and integrations. Often aligned with other internal application management tools or project identifiers. (Limit 200 chars)

Icon

A graphical representation of the application used in the menus and reports.

  1. From Orgs and Policies, navigate to the Organization to add the application

  2. From the Applications header select Add Application indicated as a plus sign

  3. In the dialog, set the attributes: Application Name, Application ID

  4. Optionally select from options for an icon: default, custom, or robot.

    1. Custom icons should be in PNG format sized to about 160 x 160 pixels

  5. Select Create

The Import Apps option is for bulk onboard through your source control

150406333.png

Editing an Application

  1. In the application configuration, select Edit App Name/Icon from the Actions menu

  2. Edit the desired attributes (there is a separate action for changing the Application ID)

  3. Select Update

Selecting an Application Contact

You can select a contact person for an application. The contact is displayed at the top of the application configuration, in the reporting area, and in the PDF version of the report. This is useful for others to find the point of contact for the application.

  1. Navigate to the application configuration in Org and Policies

  2. Choose Select Contact from the Actions menu

  3. Search for a user with an asterisk (*) as a wildcard, then select Search

  4. Select the user in the results and choose Select

Note

SAML users must log in to Lifecycle at least once before the user and group appear in UI search results.

Removing an Application Contact

To remove a contact:

  1. Navigate to the application configuration in Org and Policies

  2. Choose Select Contact from the Actions menu

  3. Select the Clear Contact option. In the alert box, select Continue

Copying the Application ID to Clipboard

CI integrations and other scanners use the Application ID to target the application during the analysis to scope the correct policy configuration and save the results. The Application ID is displayed in the parenthesis next to the application name and it can also be quickly copied to the clipboard from the Actions menu.

To copy the Application ID to the clipboard:

  1. Navigate to the application configuration in Org and Policies

  2. From the Actions menu select App ID to Clipboard

The application's action menu from Orgs and Policies configuration.

Changing the Application ID

The Application ID is a unique identifier used by external tools to integrate with Lifecycle for evaluations. When changing the Application ID, you must also reconfigure the external tools so this is often best avoided. The only reason to do this is to maintain the application history and waivers while using the new identifier.

To change the Application ID for an application:

  1. Select Change App ID from the Actions menu

  2. In the dialog, enter a unique identifier

  3. Select Change to save the new Application ID

Screenshot_2024-03-14_at_8_13_55_PM.png

Moving an Application

Applications inherit their policy configuration, notifications, and access controls from the organization they belong to. Waivers and other configurations are inherited from the organization.

Moving an application to another organization may result in a different effective policy set; potentially changing the violations in the scan report. Access may be open to new individuals or revoked from others.

During a move, Lifecycle compares these changes to inform the user below moving the application. The user must have the Edit IQ elements permission for the application as well as the Add Applications permission for the destination organization.

  1. Navigate to the application configuration in Org and Policies

  2. Select the Move option from the Actions menu

  3. From the dialog, select the new organization from the New Parent Organization list and select Move

Dialog to move application and application to a new organization

Deleting an Application

You may delete an application through the actions menu or with the Applications API.

  1. Navigate to the application configuration in Org and Policies

  2. Select the Actions menu and choose Delete

  3. A dialog will open to confirm that you wish to delete the application. This action cannot be undone

150406344.png