The All projects compliance report can show you how your organization’s projects are adhering to a particular catalog’s definition of good and bad packages. You can use this report to track improvement across your projects as you remove bad packages.
This report can help answer the following questions:
- Are projects using the guidance on good and bad packages?
- How are the number of standards violations affecting a project changing over time?
- How many high, medium, or low vulnerabilities are affecting a project?
This report contains the following columns:
- project: Project name.
- external_identifier: The optional external identifier set on this project.
- branch: The branch that the alignment was run against
- revision: The alignment revision
- alignment_date: The data the alignment was run to check for compliance
- dependency_count: total packages in the alignment
- catalog: Catalog name.
- groups: A comma separated list of Groups this project belongs to.
- alignment_score: The Alignment score the latest default alignment.
- project_link: A URL to the project in Tidelift.
- blocked_release_count: The number of Blocked releases being used in this project.
- low_security_vulnerabilities: The number of vulnerabilities with a low CVSS score affecting releases used in the project.
- medium_security_vulnerabilities: The number of vulnerabilities with a medium CVSS score affecting releases used in the project.
- high_security_vulnerabilities: The number of vulnerabilities with a high CVSS score affecting releases used in the project.
- critical_security_vulnerabilities: The number of vulnerabilities with a crutical CVSS score affecting releases used in the project.
- active_release_stream_violations: The number of violations present for the Active release stream standard.
- allowed_licenses_violations: The number of violations present for the Allowed licenses standard.
- deprecation_violations: The number of violations present for the Deprecation standard.
- identified_licenses_violations: The number of violations present for the Identified licenses standard.
- known_packages_violations: The number of violations present for the Known packages standard.
- prereleases_violations: The number of violations present for the Prereleases standard.
- removed_releases_violations: The number of violations present for the Removed releases standard.
- up_to_date_violations: The number of violations present for the Up to date standard.
- vulnerabilities_violations: The number of violations present for the Vulnerabilities standard.
- eol_packages_violations: The number of violations present for the End-of-life packages standard.
- report_date: When this report was generated