Skip to main content

Repository Results

The repository results page is an audit of a proxy repository configured with Repository Firewall. This view lists all the components requested through the proxy and any violations found near the time the component was requested.

Tip

The features discussed in this section require a Repository Firewall license.

Screenshot_2024-02-15_at_7_05_08_PM.png

Repository Summary

The summary section contains metrics on the health and contents of the repository. Here you will find the total number of components, the number of violations that affect some of the components, and a spread of the severity of those violations. You will also see if any components have been quarantined and are blocked from downloading through the proxy.

Re-evaluate Repository

Components are evaluated when they are first requested through the proxy repository. This allows for components with unacceptable risk to be quarantined before they are downloaded through the proxy.

The Next-Gen Firewall capability Automatic Quarantine Release will automatically re-evaluate the components for 14 days after the first request to check for changes in any violations they may have. After which, components are not evaluated anymore to minimize load on the repository manager and IQ Server.

You may perform a re-evaluation of all the components within the repository by selecting the Re-evaluate Repository option in the upper right of this page. Keep in mind that the time to complete re-evaluation depends on the number of components in the repository and may introduce load on the server for repositories that have a large number of components. We recommend limiting how often this audit is done to avoid strain on production services or delaying new requests through the proxy.

Repository components

This table lists all the components in the proxy repository and their associated violations found as of their last evaluation. By default, the view is aggregated by components while only displaying the highest policy violation for that component.

The aggregate by component toggle can be switched off to view all violations.

View Component Details

Selecting an individual component from the list to view the component's details page.

Refer to Repository Component Details Page

Releasing quarantined components

Components are released from quarantine by waiving the policy failing violations on the component.

These violations can be waived from the component details page. Once the failing violations have been waived, the component will be released from quarantine.

Review Waivers with Firewall

Filtering Repository Results

Use the following filters to refine the results:

Component Match State

  • All - no filter

  • Exact - Components identifiable by Sonatype

  • Unknown - Components unknown to Sonatype

Violations

  • all/none - no filter

  • Not Violating - components with no violations

  • Open - violations not waived or remediated

  • Quarantined - components that have been quarantined due to a failing violation

  • Waived - violations that have been waived