SOFTWARE COMPOSITION ANALYSIS
Revenera Code Scanning Platform
Comprehensive Open Source Analysis Solution
Code Insight is an end-to-end solution for discovering and managing open source and third-party code in software development projects. Our unique discovery technology and process methodology allows for fast and accurate code analysis intelligence between the application and your engineering, legal, and security teams.
CODE INSIGHT PROCESS FLOW
SCAN TYPES
FlexNet Code Insight supports two types of scans:
- Package-Level Automated Scan
- A scan agent plugin is deployed on a remote server and initiates a quick scan to identify established or “big rock” packages
- Uses automated detection techniques and detection rules to produce fast, efficient results
- Server Scan
- Configured to varying degrees of scan depth to meet your desired level of forensic results
- Uses open source license detection, email address, URL, string search terms, source code fingerprint matches (external source code indicator), and exact file match detection techniques
INVENTORY LIFECYCLE
Code Insight supports a standardized, repeatable process to enhance your inventory management – ensuring you get clean and stay clean.
Create
Inventory items are created manually by an analyst, automatically by the code scanner, imported from external data, or copied from another project.
Triage
Inventory items are optionally reviewed for completeness based on your inventory confidence. This is accomplished through the Analysis Workbench and Project Inventory Page in Code Insight.
Review
Inventory items are reviewed automatically through established policies or manually using review tasks.
Remediation
Inventory items are remediated to address open tasks related to compliance and technical debt. Remediation is tracked through remediation task
DONE
Inventory items are considered complete when they have been reviewed and there are no open alerts or tasks.
