Compliance Reporting
Compliance reports demonstrate adherence to policies and license terms. Reports can cover license usage, policy compliance, release approvals, and access patterns. Reports are exportable and verifiable through audit logs.
Prerequisites
Section titled “Prerequisites”- API credentials with report generation permissions
- Understanding of your organization’s compliance requirements
- Access to audit logs and license usage data
Understanding Compliance Reports
Section titled “Understanding Compliance Reports”Compliance reports provide:
- License usage — Active licenses, usage patterns, seat utilization
- Policy compliance — Adherence to update policies and blocklists
- Release approvals — Approval history and compliance with approval workflows
- Access patterns — User access, role assignments, permission usage
- Audit trails — Complete history of administrative actions
Reports can be generated for:
- Specific time periods
- Individual tenants or products
- License entitlements
- Policy configurations
Step 1: Generate License Usage Report
Section titled “Step 1: Generate License Usage Report”Generate a report of license usage for a tenant:
curl -X POST "${BP_BASE_URL}/v1/reports/license-usage" \ -H "Authorization: Bearer $BP_API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "tenant_id": "tenant_abc123", "start_time": "2024-01-01T00:00:00Z", "end_time": "2024-01-31T23:59:59Z", "format": "json" }'Response:
{ "report_id": "rpt_abc123", "type": "license_usage", "status": "completed", "generated_at": "2024-01-15T10:30:00Z", "data": { "tenant_id": "tenant_abc123", "period": { "start": "2024-01-01T00:00:00Z", "end": "2024-01-31T23:59:59Z" }, "entitlements": [ { "entitlement_id": "ent_xyz789", "product_id": "prod_xyz789", "policy": { "type": "per_user", "max_seats": 50 }, "usage": { "total_seats": 45, "peak_concurrent": 42, "average_concurrent": 38, "lease_count": 1234 } } ], "summary": { "total_entitlements": 1, "total_seats": 50, "used_seats": 45, "utilization_percent": 90.0 } }}Step 2: Generate Policy Compliance Report
Section titled “Step 2: Generate Policy Compliance Report”Generate a report showing policy compliance:
curl -X POST "${BP_BASE_URL}/v1/reports/policy-compliance" \ -H "Authorization: Bearer $BP_API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "tenant_id": "tenant_abc123", "start_time": "2024-01-01T00:00:00Z", "end_time": "2024-01-31T23:59:59Z" }'Response:
{ "report_id": "rpt_xyz789", "type": "policy_compliance", "status": "completed", "generated_at": "2024-01-15T10:30:00Z", "data": { "tenant_id": "tenant_abc123", "period": { "start": "2024-01-01T00:00:00Z", "end": "2024-01-31T23:59:59Z" }, "policies": [ { "product_id": "prod_xyz789", "channel": "stable", "mode": "NOTIFY_ONLY", "pinned_range": ">=1.2.0,<2.0.0", "compliance": { "total_decisions": 1234, "compliant_decisions": 1234, "non_compliant_decisions": 0, "compliance_percent": 100.0 } } ], "summary": { "total_policies": 1, "compliant_policies": 1, "non_compliant_policies": 0 } }}Step 3: Generate Release Approval Report
Section titled “Step 3: Generate Release Approval Report”Generate a report of release approvals:
curl -X POST "${BP_BASE_URL}/v1/reports/release-approvals" \ -H "Authorization: Bearer $BP_API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "tenant_id": "tenant_abc123", "start_time": "2024-01-01T00:00:00Z", "end_time": "2024-01-31T23:59:59Z" }'Response:
{ "report_id": "rpt_def456", "type": "release_approvals", "status": "completed", "generated_at": "2024-01-15T10:30:00Z", "data": { "tenant_id": "tenant_abc123", "period": { "start": "2024-01-01T00:00:00Z", "end": "2024-01-31T23:59:59Z" }, "releases": [ { "release_id": "rel_abc123", "product_id": "prod_xyz789", "version": "1.2.3", "channel": "stable", "status": "approved", "approved_at": "2024-01-15T10:30:00Z", "approved_by": "admin@example.com", "approval_notes": "Reviewed release notes and verified artifacts." } ], "summary": { "total_releases": 10, "approved": 9, "rejected": 1, "pending": 0 } }}Step 4: Generate Access Audit Report
Section titled “Step 4: Generate Access Audit Report”Generate a report of access patterns and role assignments:
curl -X POST "${BP_BASE_URL}/v1/reports/access-audit" \ -H "Authorization: Bearer $BP_API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "tenant_id": "tenant_abc123", "start_time": "2024-01-01T00:00:00Z", "end_time": "2024-01-31T23:59:59Z" }'Response:
{ "report_id": "rpt_ghi789", "type": "access_audit", "status": "completed", "generated_at": "2024-01-15T10:30:00Z", "data": { "tenant_id": "tenant_abc123", "period": { "start": "2024-01-01T00:00:00Z", "end": "2024-01-31T23:59:59Z" }, "role_assignments": [ { "user_id": "user@example.com", "role_id": "role_abc123", "role_name": "release-manager", "assigned_at": "2024-01-01T00:00:00Z", "assigned_by": "admin@example.com" } ], "access_events": [ { "user_id": "user@example.com", "action": "release_created", "timestamp": "2024-01-15T10:30:00Z", "resource": "rel_abc123" } ], "summary": { "total_users": 5, "total_roles": 3, "total_access_events": 1234 } }}Step 5: Export Report
Section titled “Step 5: Export Report”Export a report in a specific format:
curl -X POST "${BP_BASE_URL}/v1/reports/rpt_abc123/export" \ -H "Authorization: Bearer $BP_API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "format": "csv" }'Response:
{ "export_id": "exp_abc123", "report_id": "rpt_abc123", "format": "csv", "status": "completed", "download_url": "https://storage.example.com/exports/exp_abc123.csv", "expires_at": "2024-01-22T10:30:00Z"}Supported formats:
json— JSON format (default)csv— CSV format for spreadsheet importpdf— PDF format for documentation
Step 6: Schedule Recurring Reports
Section titled “Step 6: Schedule Recurring Reports”Schedule a report to be generated automatically:
curl -X POST "${BP_BASE_URL}/v1/reports/schedules" \ -H "Authorization: Bearer $BP_API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "report_type": "license_usage", "tenant_id": "tenant_abc123", "schedule": { "frequency": "monthly", "day_of_month": 1, "time": "00:00:00Z" }, "recipients": [ "compliance@example.com" ] }'Response:
{ "schedule_id": "sched_abc123", "report_type": "license_usage", "tenant_id": "tenant_abc123", "schedule": { "frequency": "monthly", "day_of_month": 1, "time": "00:00:00Z" }, "recipients": [ "compliance@example.com" ], "next_run": "2024-02-01T00:00:00Z", "created_at": "2024-01-15T10:30:00Z"}Common Report Types
Section titled “Common Report Types”License Audit Report
Section titled “License Audit Report”Demonstrates license compliance for vendor audits:
curl -X POST "${BP_BASE_URL}/v1/reports/license-audit" \ -H "Authorization: Bearer $BP_API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "tenant_id": "tenant_abc123", "start_time": "2024-01-01T00:00:00Z", "end_time": "2024-01-31T23:59:59Z", "include_history": true }'Policy Violation Report
Section titled “Policy Violation Report”Identifies policy violations:
curl -X POST "${BP_BASE_URL}/v1/reports/policy-violations" \ -H "Authorization: Bearer $BP_API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "tenant_id": "tenant_abc123", "start_time": "2024-01-01T00:00:00Z", "end_time": "2024-01-31T23:59:59Z" }'Release Compliance Report
Section titled “Release Compliance Report”Shows release approval compliance:
curl -X POST "${BP_BASE_URL}/v1/reports/release-compliance" \ -H "Authorization: Bearer $BP_API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "tenant_id": "tenant_abc123", "start_time": "2024-01-01T00:00:00Z", "end_time": "2024-01-31T23:59:59Z", "require_approval": true }'Report Verification
Section titled “Report Verification”Reports can be verified against audit logs:
curl "${BP_BASE_URL}/v1/reports/rpt_abc123/verify" \ -H "Authorization: Bearer $BP_API_TOKEN"Response:
{ "report_id": "rpt_abc123", "verified": true, "verification_timestamp": "2024-01-15T10:30:00Z", "audit_log_checksum": "sha256:abc123...", "report_checksum": "sha256:def456..."}Best Practices
Section titled “Best Practices”Regular generation: Generate compliance reports regularly to monitor adherence.
Schedule reports: Use scheduled reports to automate compliance monitoring.
Verify reports: Verify reports against audit logs to ensure accuracy.
Secure storage: Store exported reports securely with appropriate access controls.
Document findings: Document any compliance issues and remediation steps.
Review trends: Review report trends over time to identify patterns or issues.
Related Documentation
Section titled “Related Documentation”- Audit Readiness — Prepare audit logs for compliance verification
- License Compliance and Audits — Use case for license audits
- Tracking License Usage — Monitor license usage in real-time