Sonatype Lifecycle Application Report and PDF show different violations

When viewing a Lifecycle Application Composition Report, you can choose to generate a .pdf of the report. When you compare the content of the .pdf and the Application Report UI, you may notice different violations are shown in the Application Report than the .pdf. This is likely because the default Violations filter in the Policy Tab is "Summary". The Violations "Summary" shows only the highest violation for each component. In the report below, the "dom4j:dom4j:1.6.1" component violates both the "Is dom4j" policy and the  "Age Greater Than 10 Year" policy. However, "Summary" view only shows the violation of the policy with the higher threat level ("Is dom4j").  

When you generate a PDF of the same report, all violations are shown. Notice the "Arch-Age GT 10 Year" policy section includes the "dom4j:dom4j:1.6.1" component:

To make the Lifecycle Application Composition Report show the same violations as the .pdf, just change the Violations filter from "Summary" to "All":


Have more questions? Submit a request


Article is closed for comments.