Try JFrog
Guides
Contact SupportTry JFrog
Start typing to search…
  1. AppTrust
  2. Applications
  3. View Applications

View Application Evaluations

Evaluations in AppTrust allow you to analyze application releasables and their components against defined security and compliance policies at specific lifecycle stage gates. Each evaluation determines whether a releasable can progress through the software development lifecycle (SDLC) and returns a decision of Pass, Fail, Warning, or Error. Evaluations provide visibility into both policy compliance and specific violations, enabling you to enforce organizational standards consistently across the SDLC.

To view evaluation events for an application:

  1. In the Platform module, select AppTrust > Applications.
  2. From the applications table, select an application.
  3. In the sidebar, click Evaluations.

The Evaluation Events table lists all evaluation runs for the application.

Columns (customizable):

  • Date & Time – when the evaluation was executed
  • Subject – the evaluated releasable (e.g., application version, commit)
  • Lifecycle Gate – the stage and gate (e.g., DEV | Exit, QA | Entry, PROD | Release)
  • Decision – the evaluation outcome (Pass / Fail / Warning / Error)
  • ID – unique evaluation identifier

You can:

  • Search for evaluation subjects
  • Filter by lifecycle gate
  • Customize columns to display only the data you need

Each evaluation produces an overall decision, calculated across all applicable policies:

  • Pass – All policies satisfied; releasable may advance
  • Fail – Blocking policy violations detected; releasable cannot advance
  • Warning – Policy triggered, but does not block progression
  • Error – A technical error prevented the evaluation from completing

Click an evaluation in the list to view details. Each evaluation provides two perspectives:

Policy View

The Policy View aggregates results per lifecycle policy evaluated during the gate.

  • Name & Rule – the evaluated policy and rule criteria
  • Decision – Pass, Fail, or Warning result for the policy
  • Evaluated Releasables – number of releasables checked against the policy
  • Triggered Issues – number of issues detected by the policy

Selecting a policy opens the Policy Evaluation Details pane, showing:

  • Decision and cause (e.g., “14 Triggered issues were detected in 5/10 releasables”)
  • Evaluated Releasables list with decision and issue counts per releasable

Triggered Issues

The Triggered Issues view lists all individual violations that caused evaluation failures or warnings. Columns:

  • Decision – result for the releasable on this issue
  • Evaluated Releasable – version or resource affected
  • Finding Code – identifier (e.g., CVE-2018-1160, Plaintext API keys)
  • Policy – the policy that was triggered
  • Type – category of finding (Public vulnerability, Secrets, Malicious packages)
  • Severity – severity level for vulnerabilities
  • Contextual Analysis – additional assessment (Applicable, Not Applicable, Undetermined)

Filtering is available by:

  • Decision (Pass, Fail, Warning)
  • Policy name
  • Evaluated releasable
  • Finding type

Clicking an issue opens a details panel with vulnerability or evidence information, remediation guidance, fix versions, and contextual analysis.

Updated 3 months ago