Dashboard
The Dashboard provides the fastest way to review the overall health of applications you manage. The Dashboard is displayed by default when you log into Lifecycle. If you are in any other location within Lifecycle, click the Dashboard icon on the navbar.
Using the Dashboard requires IQ Server with the Lifecycle or Auditor license. The Dashboard only displays information for applications you are permitted to see, requiring a user assigned to the Developer role for at least one application.
The Dashboard is organized into two areas: Filters and Results.
Filters
NEW IN RELEASE 112
As of Release 112, the navigation and filtering within Nexus Lifecycle have been updated. The filters menu is now accessible via the "Filter" button on the upper right side of the Dashboard results as seen in the above screenshot.
To adjust any of the various filters, click the filter label to see available options. For example, you can filter by an organization, by policy violations found within a specific stage, or by policy type. Once you’ve adjusted the filters, click the Apply button to update the violations list. To save an applied filter selection, click the Save button in the footer. Saved filters can be loaded from the dropdown at the top of the sidebar.
Results
Dashboard Results display information based on applied filters. The results differ depending on the view that is currently selected
Export the data displayed in the current results view by selecting Export Violations Data.
Results are saved on your local computer as a .csv file. The first row of the .csv file contains column names.
Violations View
The Violations view is the default view for the Dashboard. It displays data for the last 30 days and shows the first one hundred, newest policy violations found in your applications. You can also view Component and Application results using the tabs to change views.
Clicking a violation in the Violations view opens the Violation Details page. The Violation Details page presents information on the violated policy, as well as the different stages the violation has been identified in. For security violations, a detailed explanation of the vulnerability is also provided. The Manage Waivers button allows viewing, adding, and deleting waivers for selected violations. See Add, View, and Remove Waivers for more info.
Exporting Violations Data
For the violations tab the columns exported into the file are:
Column Name | Column Value |
---|---|
Threat Level | The threat level associated with the policy violation, on a scale of 0 to 10 |
Policy Name | The name of the policy that triggered the violation |
Organization Name | Name of the organization which owns the violated policy, or is the parent of the application in which the policy was violated |
Application Name | Name of the application in which the policy violation was triggered |
Component Name | Name of the component in which the policy violation was triggered |
Date First Seen | Date in which this policy violation was first triggered for the particular component. This date is represented in ISO 8601 format |
Timestamp First Seen | Timestamp of the date in which the policy was first triggered for the particular component. This timestamp is represented in standard unix time format |
NEW IN RELEASE 103 Reference | For security violations, the CVE or Sonatype code assigned to the vulnerability that caused the policy violation |
NEW IN RELEASE 103 Policy Violation Id | The policy violation Id that triggered the violation, useful for automation with related APIs |
Components View
The Components view displays the 100 highest risk components based on any filters that have been set and the user's level of access. Risk is represented in several ranges (Total, Critical, Severe, Moderate, and Low). Total risk for each component is calculated by adding the threat level of all policies violated by the component within each range.
Clicking a component in the Components view opens the Component Risk Overview page. This page presents known coordinates for the component and all violations that have been found, organized by application. Risk information for each component is also provided:
Exporting Components Data
For the components tab, all Risk columns are calculated by taking the associated Threat Level of the policy violation and multiplying it by the number of affected applications.
The columns exported into the file are:
Column Name | Column Value |
---|---|
Component Name | The component that has active policy violations |
Affected Apps | The number of applications that have this component as a dependency |
Total Risk | Sum of the risk associated with the following columns |
Critical | Risk associated to the critical policy violations for the component. |
Severe | Risk associated to the severe policy violations for the component. |
Moderate | Risk associated to moderate policy violations for the component. |
Low | Risk associated to the low policy violations for the component. |
Applications View
The Applications view displays the 100 highest risk applications, also based on any filters that have been set and the user's level of access. As with components, risk is split up into several ranges. Total risk is calculated by adding the threat levels of all policy violations in each range. Risk is broken down by stage and also summarized into cross-stage totals.
From this view, you can also access the latest reports for each stage that have been evaluated for the application.
Exporting Applications Data
For the applications tab, all Risk columns are calculated by taking the sum of the associated Threat Level of the policy violations of all affected components in the application.
The columns exported into the file are:
Column Name | Column Value |
---|---|
Organization Name | The organization that owns the application |
Application Name | The application name |
Total Risk | Sum of the risk associated with the following columns |
Critical | Risk associated to the critical policy violations for the application. |
Severe | Risk associated to the severe policy violations for the application. |
Moderate | Risk associated to the moderate policy violations for the application. |
Low | Risk associated to the low policy violations for the application. |
Policy Violation Trends
The Policy Violation Trends feature has been superseded by Success Metrics and was removed from IQ Server in version 1.40.
Prior to IQ Server 1.40, Export Violations Data was contained within a View menu alongside Calculate Trends. Selecting Calculate Trends from the View menu opens the Policy Violation Trends dialog. This shows policy violations trends for your current filter. Policy Violation Trends display a twelve-week look at how risk is entering your applications and how you are handling that risk, and also shows progress for all time. Calculating trends can take some time depending on the number and size of matching evaluations.