Application Health Check, a free community service

Guide to your Application Health Check   Print Sample Report

Analyze An App

Scroll Down to See a Sample Report

Full, Detailed Report

Scope of Analysis

High level summary of the number of components identified, as well as the number and severity of policy, security and license alerts. The full, detailed report lists the specifics of each alert.

Security Issues

This section identifies the breakdown of vulnerabilities based on severity and the threat level it poses to your application. Severity levels are based on the associated Common Vulnerability Scoring System (CVSS) ratings.

License Analysis

This section defines the number of licenses detected in each category, including risk classifications.

Policy Violations

The Policy tab displays a list of all components found during the scan of the application. By default, components are ordered by their worst policy violation. This is an important distinction, because a component may have more than one violation, and the threat level severity for those violations could vary.


Use the filter to display components by their match type.


Click columns to sort.

Component Bill of Materials

This lists the specific components found in an application, also known as an application "bill of materials."

Security Issues

Review and investigate any security vulnerabilities found in the components in your application.

Threat Level

Security threat levels shown in this area do not correspond to policy, but rather the CVSS score.

Component Info

Click on any specific component listed in any page of your report to see deeper detail.

License Analysis

Review and investigate license information for every component in your application.

License Threat

Licenses are sorted by threat level with the riskiest at the top. License are categorized as Copyleft (red), Non-standard or Not Provided (orange), Weak Copyleft (yellow) and Liberal (blue).

Policy Alerts

Policy violations shown in this report are based on pre-set, standard policy definitions established by Sonatype. Learn more. Customers of the full Sonatype Component Lifecycle Management software are able to customize their policies.

Dependency Depth

This chart shows how deep within the dependency tree your issues are located.


Some components may violate more than one policy. Summary only shows the violation with the highest threat. Use “All” to see every violation associated with each component.


This column contains the Maven coordinates for the components found in your evaluation.

Release History

Shows where your component (the black bar) falls within the most popular (green bar) and most recent release (blue bar).


Represents the relative popularity of the component you are using. Larger circles indicate the version of the component is more popular.

Problem Code

Go directly to the source to drill down on the details for any vulnerability.

Version Slider

In this Component Detail screen, compare the security and license risk of your current component version to newer versions. Move the slider to see the newer component version numbers and details.

  Print Sample Report

How can we help you?

See a
video tour of a sample report