Application Composition Report

The Application Composition Report represents the health of your application. Ultimately, it serves as a point-in-time report representing risk associated with component usage for a specific application. The report includes information on how the application complies with the policies your team, or business, has established. In many ways, it’s the final connector between policies and the components of your application.

When looking at the report the first time, it can be daunting. If you see tons of red, you may quickly be dismayed. Or perhaps, you don’t see enough red and are worried in a different way. These feelings aren’t uncommon, and they reveal another important aspect of the Application Composition Report - it contains a lot of information.

More than just reporting the violations components in your application have triggered, it also provides a way to improve policy management. These reports don’t show false positives… ever. If there is a red, severe policy violation that should really be much lower, communicate back with the team in charge of managing the policies. In fact, of all its uses, the ability to communicate findings to a wide audience is perhaps the most important task of this report.

IQ prior to release 65 used a different version of the Application Composition Report which featured certain visualizations which were similar to those in this version, but with subtle behavioral deviations:

  • The threat level counters in the older Application Composition Report counted the number of violating components, while the similar counters in the current version of the report count violations.
  • In Aggregated mode, the "waived" and "grandfathered" indicators in the policy violations table are displayed when all of the violations for the given component are waived or grandfathered.  In the Summary mode of the older Application Composition Report, which is analogous to the current Aggregated mode, the "waived" and "grandfathered" indicators never appeared.


Related topics