Compliance Summary Report
Compliance Summary Report
DeployHub Pro gathers Application Version security compliance insights from a variety of sources and displays the information using the Compliance Summary report. Data collection is done via the CI/CD Integration.
Generating the Compliance Summary Report
Go to the Application list view and select (check mark) an Application. Next select the Reports -> Compliance Summary menu. The report will be generated in a new browser window. The report includes all Application Versions in the version tree in order to show historical trends of the metrics.
Compliance Report Metrics Details
Metrics are aggregated together from the Component Versions and Environments up to the Application Version in order to generate the Compliance Summary. The Compliance Summary provides metrics for:
| Compliance Check | Description |
|---|---|
| Sonar Bugs | Sonar’s scoring for the bugs found in the Component Versions |
| Sonar Code Smells | Sonar’s scoring for the code maintainability in the Component Versions |
| Sonar Violations | Sonar’s scoring for the violations in the Component Versions |
| Sonar Project Status | Sonar’s scoring for the overall status in the Component Versions |
| Veracode Score | Veracode’s scoring for the overall status in the Component Versions |
| Git Trigger | The workflow that creates the Component Version and artifact has been trigger automatically (green check) vs manually (red dash) |
| Contributing Committers | This the percentage for the number of contributors committing code vs the total number of committers for the Git Repo |
| Total Committers | This is the total number of committers assigned to the Git Repo. This number must be provided to the DeployHub Pro CLI in the CI/CD pipeline. It cannot be derived. Also, it is used to calculate the Contributing Committers percentage. |
| Lines Changed | Is the number of lines changed (added & deleted), based on a git diff, between the previous Component Version and the current one. |
| Swagger | The Component Version has a Swagger or OpenAPI file associated (green check). The Swagger/OpenAPI documents are derived by the DeployHub Pro CLI in the CI/CD pipeline and associated to the Component Version. |
| Readme | The Component Version has a Readme file associated (green check). The Readme is derived by the DeployHub Pro CLI in the CI/CD pipeline and associated to the Component Version. |
| License | The Component Version has a License file associated (green check). The License is derived by the DeployHub Pro CLI in the CI/CD pipeline and associated to the Component Version. |
| Env: columns | These 0 to N columns, each one representing an Environment that the Application Version has been deployed to successfully (green check). A red dash for a failed deployment. Empty for no deployment. Deployments can be recorded using the DeployHub Pro CLI in the CI/CD pipeline. |
Note: See SonarQube Code Quality and Security Solution Integration and Veracode Software Security Integration for the respective setup instructions.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.