Not everyone will have access to the IQ Server or any of the integrated enforcement points, and in turn, any of the associated reports. However, certain individuals or teams would likely still benefit from the information the Application Composition Report provides. Even if that’s not your particular situation, you may reach a point where you would like to produce an archive of a Application Composition Report for historical and audit purposes. Given this need, every report you produce can be converted into a PDF.
Though the information presented in both the web application and the PDF are nearly identical, there are a few difference, mainly formed out of the contrasting visual and layout capabilities of a web application versus PDF. Below, we’ll discuss how to create this PDF version as well as highlight some of the differences between the two.
Creating the PDF
With the Application Composition Report open, find the set of blue icons in the top right. While the first icon is related to reevaluating the report, the button on the right allows you to create a PDF version of the report. Simply, click on this buttonand your browser will prompt you to download a PDF version of the report.
The report filename will be unique each time you use the button. However, in general the report filename will use the following pattern:
Reviewing the PDF
The information provided by the PDF is identical to the information that is provided within the Application Composition Report in the application user interface. This includes the Summary, Policy, Security Issues, and License Analysis tabs. Within the PDF, the order of information is presented top to bottom, following the logic of the report tabs from left to right. With the exception of the first page, which provides the Summary, each section has a label to indicate the corresponding tab of the Application Composition Report:
The summary section is identical to the HTML version of the report:
The Policy Violations section displays the details for all scanned components. This matches the data displayed in the Policy tab of the Component Information Panel (CIP). It should be noted, that depending on the number of violations in your application, this section could be very long:
The Security Issues section displays a breakdown of all security issues found in the scan of the application, matching what is displayed in the HTML version of the report:
The License Analysis section displays a breakdown of all license issues found in the scan of the application, matching what is displayed in the HTML version of the report. It should be noted that depending on your license threat groups, and license assignments, this section of the report could be very long:
This section brings together information from all the others. It displays the highest security issue identified (and the associated CVSS score), any declared and/or observed licenses (and the highest threat level of the associated), the match state, age, and the policy violation counts for each threat level band (red, orange, yellow, and blue) for each component. In most cases this section can be used as a detailed bill of materials:
In some cases a URL for the project is provided. This is indicated by an information icon.