Tutorial 6 - Create a Product Vulnerability Report#
You received a Software Bill of Materials (SBOM) from your supplier, and you have loaded it into a DejaCode Product as described in Tutorial 5 - Working with SBOMs in a Product. You would like to create a Report to analyze the vulnerabilities in that Product, share it with your team, and track your issue resolution progress.
Sign into DejaCode.
Create a DejaCode Query#
Select Dashboard from the dropdown menu under your user name.

Scroll down and select Queries from the Reporting section of the Administrator dashboard.

Click the Add query button in the upper right section of the Administrator Queries changelist form.

Identify the Query.
Enter the Name “Product Packages with Vulnerabilities”.
Enter the Description “Select the Packages assigned to a Product for which there are known vulnerabilities.”
Select the Object type “Product Portfolio | product package relationship”.
Accept the default Operator value “and”.

Define the Query Filters.
Scroll down to the Filters section of the form and click the Add another filter command.
Select “Product>>” from the Field Name list.
Select “name” from the list of Product fields.
Select “Case-insensitive exact match” from the Lookup list.
Enter “Starship Controller” (without the quotes) in the Value field.
Check the Runtime Parameter option.
Accept the default unchecked Negate option.
Click the Add another filter command.
Select “Product>>” from the Field Name list.
Select “version” from the list of Product fields.
Select “Case-insensitive exact match” from the Lookup list.
Enter “2.0” (without the quotes) in the Value field.
Check the Runtime Parameter option.
Accept the default unchecked Negate option.
Click the Add another filter command.
Select “weighted_risk_score” from the Field Name list.
Select “Greater than or equal to” from the Lookup list.
Enter “3” (without the quotes) in the Value field.
Check the Runtime Parameter option.
Accept the default unchecked Negate option.
In the lower right section of the form, click the Save and continue editing button.

Define the Query Order.
In the Order Fields section of the form click the Add another order field command.
Select “weighted_risk_score” from the Field Name list.
Select “descending” from the Sort list.
Click the Add another order field command.
Select “package” from the Field Name list.
Select “ascending” from the Sort list.
In the lower right section of the form, click the Save and continue editing button.

Create a DejaCode Column Template#
In the upper left section of the Change query form, click the Reporting option in the navigation path.

On the Reporting Administration form select Column templates .

Click the Add column template button in the upper right section of the Administrator Column templates changelist form.

Identify the Column Template.
Enter the Name “Product Packages with Vulnerabilities”.
Enter the Description “Identify the Packages in a Product that require attention due to known vulnerabilities.”
Select the Object type “Product Portfolio | product package relationship”.

Define the Column Template Fields.
Scroll down to the Column Template Assigned Fields section of the form and click the Add another column template assigned field command.
Select “product>>” from the Field Name list.
Select “name” from the list of Product fields.
Enter “Product” in the Display name field.
Click the Add another column template assigned field command.
Select “product>>” from the Field Name list.
Select “version” from the list of Product fields.
Enter “Version” in the Display name field.
Click the Add another column template assigned field command.
Select “weighted_risk_score” from the Field Name list.
Enter “Risk” in the Display name field.
Click the Add another column template assigned field command.
Select “package>>” from the Field Name list.
Select “filename” from the list of package fields.
Enter “Filename” in the Display name field.
Click the Add another column template assigned field command.
Select “is_deployed” from the Field Name list.
Enter “Deployed” in the Display name field.
Click the Add another column template assigned field command.
Select “is_modified” from the Field Name list.
Enter “Modified” in the Display name field.
Click the Add another column template assigned field command.
Select “notes” from the Field Name list.
Enter “Notes” in the Display name field.
Continue adding fields as illustrated below.
In the lower right section of the form, click the Save and continue editing button.

Optionally select and hold the “Move” button on the right side of the Column Template Assigned Fields grid to re-order the Fields.

Note
For the purpose of this tutorial, you are instructed to define a column template from scratch. You may also find it useful to open an existing column template to use as a starting point, add and delete the columns that you need, provide a new Name, and use the Save as new button to create the new one.
Create a DejaCode Report#
In the upper left section of the Change column template form, click the Reporting option in the navigation path.

On the Reporting Administration form select Reports .

Click the Add report button in the upper right section of the Administrator Reports changelist form.

Specify the Report.
Enter the Name “Product Packages with Vulnerabilities”.
Enter the Description “Identify the Packages in a Product that require attention due to known vulnerabilities.”
Select the Product Packages with Vulnerabilities Query.
Select the Product Packages with Vulnerabilities Column Template.
Check the User available option.
In the lower right section of the form, click the Save and continue editing button.

View the Report.
In the upper right section of the Change Report form, click the View button.
Review the Report results.
Optionally, modify the weighted_risk_score parameter value to 9 and click the Rerun Report button.
Review the impact of your parameter change.

Share the Report.
Just above the Report Parameters section, accept the default “xlsx” format and click the Export button.
Share the exported spreadsheet with your team.

Note
Since you specified “User available” for this report, it is also available on the Reports page. Access that page using the “Reports” option of the “Tools” dropdown from the main DejaCode menu bar.