Accessing the Report

Access the Application Composition Report from either the Reports Area, the Organizations and Applications area, or via direct URLs.

Reports Area

Log into the IQ Server and click the Reports icon. If multiple applications have been scanned, you can access all of them here.

Note

You will need to be a member of at least the developer group for the application you wish to see a report for.

The Reporting screen shows several columns:

Application Name	The application name the report belongs to.
Organization	The parent organization for the corresponding application.
Source, Build, Stage Release, and Release Violations	These four columns display the violation counts for the most recent evaluations. The counts are broken down by Critical, Severe, and Moderate with text indicating the time (e.g. 2 minutes ago) of the most recent evaluation. Clicking on a violation count opens the Application Composition Report for that stage.

Additionally, if you have set a contact to a particular application, a Show Contact link will appear below the application name, allowing you to check which contact is assigned to a particular application.

To access the Application Composition Report, click the violation count for the corresponding application and stage (source, build, stage release, or release).

Tip

By default, this view will be sorted alphabetically by the application name. In addition to the filter, you can also click on the application or organization columns to sort alphabetically ascending/descending.

Via the Organization & Policies Area

Select Organization & Policies from the toolbar and select an application. You can access an Application Composition Report for a selected application from the Actions menu as shown in the figure below. The most recent report is available for the different stage(s) at which the application has been evaluated:

Note

If you use the Sonatype IQ CLI and don’t specify a stage, it will default to Build. When your evaluation is completed and the report is uploaded, it is accessible using the View build report action on the Actions menu.

Tip

Reports can also be accessed via enforcement point tools for CI and the repository manager. However, in each of the tools, they will connect to the IQ Server.

Via Direct URLs

Alternatively, the report —or its variations— may also be accessed using any of the following URLs.

Name	URL	Description
Report	{baseUrl}/ui/links/application/{appPublicId}/report/{scanId}	Link to access the Application Composition Report
Embeddable Report	{baseUrl}/ui/links/application/{appPublicId}/report/{scanId}/embeddable	Link to access the embeddable version of the Application Composition Report. This report is meant to be embedded within other web pages, and therefore lacks the navigation bar.
PDF	{baseUrl}/ui/links/application/{appPublicId}/report/{scanId}/pdf	Link to download the PDF version of the report.

Name

URL

Description

Report

{baseUrl}/ui/links/application/{appPublicId}/report/{scanId}

Link to access the Application Composition Report

Embeddable Report

{baseUrl}/ui/links/application/{appPublicId}/report/{scanId}/embeddable

Link to access the embeddable version of the Application Composition Report.

This report is meant to be embedded within other web pages, and therefore lacks the navigation bar.

PDF

{baseUrl}/ui/links/application/{appPublicId}/report/{scanId}/pdf

Link to download the PDF version of the report.