The URL to an application scan report is provided at time of scan. Users have the option to save a PDF of a report or the URL to it. A link to the latest report is available for some stages inside the user interface of IQ server.
Normal operation is that the latest report should be the most relevant. New vulnerabilities are introduced over time, and when an application is rescanned or you have policy monitoring enabled, you always should have access to the latest Sonatype research applied to your current policies.
In exceptional cases you may wish to review old reports but no longer have the PDF or the URL to these. This article presents an alternative method to calculate a URL to an old report.
Determining the URL to an old application report
This method of determining old report URLs is a workaround for exceptional cases. This method is not a standard product feature and may break without notice on a new release of IQ server.
Determine the internal application id by using a REST API call. In the response body, the value of
idis the internal application id.
The internal application id is NOT the same as the Application Name or Application Id.
Below is an example REST call using the public Application Id of TestApp to retrieve the internal application id.
curl -u admin:admin123 -X GET 'http://localhost:8070/api/v2/applications?publicId=TestApp'
- On the IQ Server file system, examine the report directory, you will see the following directory path.
./sonatype-work/clm-server/report/<internal application id>/<report id>/
- The created date of the report id directory can be used to identify which report is relevant to you historically.
ls -l sonatype-work/clm-server/report/<internal application id>
- Once you have picked on old report, you can view the report by constructing a URL similar to the following format: