Lesson Tag: Lesson 3

Holistic vs Micro View

Lesson 3 Overview Since the beginning, Sonatype has been working towards being able to offer perspectives from different teams into a holistic view across your organization. IQ Server also provides a micro view at the application level, with the ultimate goal of being able to visually show all of this in the dashboard. By the …

Holistic vs Micro View Read More »

The Application View

Also worth mentioning are the different types of views that are available if you need to dig a little deeper after you’ve applied your filters. Violations view Components view Applications view Displays data for the last 30 days and shows the first 100, newest policy violations found in your applications. Displays the 100 highest risk …

The Application View Read More »

Project Owner Perspective

As a Product Owner/Product Manager, I probably care about all of these items. But I may be particularly interested in the highest risk or the whole aggregate amount of risk. Luckily, we have a couple of features that allow you to highlight those before waiving those risks. Potentially your organization could configure the settings to …

Project Owner Perspective Read More »

Security Perspective

From a security perspective, we can get what is most important to you – policy violations that are due to security issues. This time use the Policy Type –> Security filter options.  From there, more details about what caused the violation can be observed by opening the CIP for a given violating component. Now we …

Security Perspective Read More »

Developer Perspective

For something completely different, we offer you a macro level view where you can quickly identify which of your dependencies are direct and which are transitive (the dependencies of those dependencies). And with our reliance on third-party dependencies comes the realization that things can get messy quickly, especially when a direct dependency pulls in another …

Developer Perspective Read More »

Remediation Assistance

Filtering the Component List If you have multiple projects loaded into your IDE and need to view a specific subset of results — the plugin has a Filter option that allows you to set the scope for the results displayed within the panel.  This could be useful when you need to review vulnerabilities pertaining to …

Remediation Assistance Read More »

Summary – Lesson 3

You have completed Lesson 2.  You are now able to: Using the Component Info tab to view vulnerabilities Viewing policy details Analyzing license types and risks  Analyzing security risks Taking the necessary steps to start remediating

Evaluating a Project

Assigning Your IDE Project and Triggering an Evaluation Once the IDE plugin has been successfully installed and configured the next step will be to associate your local IDE project with an IQ application so it can be evaluated against the defined policies. Here is an example of an Eclipse IDE with a WebGoat Java project …

Evaluating a Project Read More »

IDE Integration

Getting Started Sonatype’s IDE Integrations provides you with direct access to Sonatype’s comprehensive component intelligence right within your IDE. It measures your components against your organization’s open source governance policy. This helps you to pick components that align with policy. Objectives By the end of this lesson, you will be able to use the plugin …

IDE Integration Read More »