All projects violations report

Prioritize developer actions with a list of standards violations and available actions to take across all projects.

This report can help managers answer the following questions:

  • What violations exist in my team’s projects?
  • What are the patterns of risk associated with higher-level dependencies, and how can I use this information to guide developers effectively?
  • What are some specific upgrades developers can perform to remove multiple violations?


This report contains the following columns:

  • project: Project name.
  • external_identifier: The optional external identifier set on this project.
  • catalog: Catalog name.
  • groups: A comma separated list of Groups this project belongs to.
  • violation_type: The standard being violated.
  • platform: The platform for the affected package.
  • direct_package: The name of the package bringing the violating release into your project.
  • direct_version: The version of the package bringing the violating release into your project.
  • direct_purl: A purl representing the release bringing the violating release into your project.
  • violating_package: The name of the package causing the violation
  • violating_version: The version of the package causing the violation
  • violating_purl: A purl representing the release causing the violation
  • dependency_chain: The chain of releases leading up to the violating release. The first node is the direct dependency and the last node is the dependency causing the violation.
  • dependency_scope: The scope as defined in your manifest. This can vary by package manager, but it is often things like “runtime” or “test”.
  • action_id: A unique id you can use to reference this particular project, dependency_chain, and action.
  • action: The suggested dependency chain which will remove this violation from your project. If there is no action detected, the report will state that.
  • violation_description: Description of the violation.
  • violation_allowed: Boolean indicating whether the violation is allowed in your catalog, either by the standard configuration or by an override.
  • violation_link: A URL to the violation information (only available for Vulnerabilities violations)
  • lifter_recommendation: The recommendation provided by the maintainer exclusively for Tidelift subscribers



Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.

Articles in this section