Skip to main content

Data Insights

The Data Insights dashboard is one-stop access to understand open-source consumption patterns, including AI/ML components. Data Insights summarizes how Sonatype Lifecycle impacts the security profile of the development pipelines within your organization.

With several data points from the Sonatype community as a whole, Data Insights provides a comparative analysis between your organization and the rest of the industry, in terms of the following:

  1. Vulnerabilities associated with your applications

  2. Remediation actions taken by your teams

  3. Tech stack diversity

As a step forward to achieve Observability for AI/ML components, it provides actionable insights into the consumption patterns by generating visualizations indicating the exact number and category of the AI/ML components in use by your applications. These visualizations can be used to create governance policies for the responsible adoption of AI, focusing on privacy, security, and data protection, thus minimizing the threats associated with using non-enterprise or free AI and ML platforms.

The End-of-Life (EOL) visualization shows all components that have crossed the declared EOL date, along with their containing applications, to provide a lead time for necessary upgrades or transitions for your development teams. This effectively makes informed decisions on the transition and minimizes last-minute development disruptions.

Note

We have implemented the dashboards using the Looker™ platform for versatility. The visualizations will continue to evolve in functionality or scope, based on future improvements and user feedback.

Data Handling Processes

To address the concerns due to data processing with our third-party reporting tool, Looker™, we have implemented a 4-way protection methodology:

  1. Data Storage

    No data is stored in any third-party tool. We use the third-party tooling's streaming capability to receive the query results directly from the Sonatype environment in a dedicated instance. The data is transmitted without being stored.

  2. Data Anonymization

    The information for these visualizations and reports is restricted for an organization from the anonymized telemetry during application analysis performed via Sonatype Data Services.

  3. Data Authentication and Authorization

    To ensure that the data in these visualizations is accessible to authorized users only, the system programmatically creates obfuscated, unique one-way hash identifiers for the user and the organization's instance.

  4. Data Encryption

    We implement encryption for data in flight from the Lifecycle environment to the third-party reporting tool.

For added security, the vulnerability data for a specific application or component is not included in any of the dashboards.

Advanced Reporting Insights

To provide deeper reporting clarity, additional data is made available to be used for reporting following all encryption and data handling standards.  The data element included in the Advanced Reporting Insights is:

  • Application Name

Application Reports Insights data can be disabled thereby preventing this data from appearing in insights and there resulting in a degraded experience.

Flow for Data Request

  1. A user invokes a dashboard from the Data Insights feature in Sonatype Lifecycle.

  2. The browser requests a one-time, unique URL for the insight via an internal IQ Server API.

  3. The IQ Server invokes the Sonatype Data System API to check for a valid license and account using the standard one-way hash algorithms within IQ Server.

  4. The Sonatype Data System invokes the Looker™ API to generate the one-time use URL.

  5. Looker™ returns the fully signed and fully formed URL.

  6. The Browser renders the URL in the frame in Sonatype Lifecycle.

  7. Looker™ streams data encrypted from the back-end data systems (Databricks™) to render the report.

Accessing

To access the dashboard, click on Data Insights from the left navigation bar.

199819346.png

Prerequisites

  • Your browser has no restrictions on accessing “*.looker.com” URLs

  • For the Safari browser, “Prevent cross-site tracking“ in the Settings menu → Privacy is disabled.

Get to know your Data Insights Dashboard

Data_Insights_Landing_Page_Screenshot.png

Rolling Recap Dashboard

Rolling Recap shows graphical representations of the state of the Software Supply Chain for your organization. It unlocks trends and patterns by comparing your usage of Sonatype Lifecycle with the rest of the industry, over the last 365 days.

Learn more about Rolling Recap Dashboard.

ML/AI: Apps Using Machine Learning

Observe the consumption of open-source AI/ML components in your applications.

Learn more about ML/AI Apps: Using Machine Learning.

Component EOL: Retiring Old Code

See which components have the status of End of Life (EOL).

Learn more about Component EOL: Retiring Old Code

Supply Chain Monitoring

See which components have the status of End of Life (EOL).

Learn more about Supply Chain Monitoring

Dependency Scorecard

Assess the quality of your component upgrade decisions.

Learn more about Dependency Scorecard

Shaded Vulnerability Detection

Analyze the impacts of data our new Shaded Vulnerability Detection Algorithm.

Learn more about Shaded Vulnerability Detection

Stack Divergence

Compare your applications' component usage against industry norms to evaluate areas where you've fallen behind the adoption curve

Learn more about Stack Divergence

Upgrade Posture

Evaluate your vulnerability management practices to ensure that they are proactive so that your applications remain secure.

Learn more about Upgrade Posture

Security Risk Analysis

Explore your security risk using the first of our foundational dashboards.

Learn more about Security Risk Analysis