Edit Project: General Tab

FlexNet Code Insight 2018 R3

The General tab on the Edit Project dialog displays information about the selected project that you can edit. The tab contains the following fields:

Edit Project: General tab

Column/Field

Description

Project Name

The name of the selected project. You can change the name by typing over the current project name.

Description

A freeform text field in which you can enter a description for the project. This field provides enough space to add as much detail about the project as necessary.

Project Visibility

Whether the project is defined as public or private. When private, only project owner can upload the codebase, run scans, manage scan results, and manage the project in general.

Project Risk

The current vulnerability risk value (Low, Medium, or High) for the project. To edit, select another value from the dropdown.

Project Folder

The folder in which the project is currently stored. To edit, select a different folder from the Select a New Folder dropdown. Alternatively, click Clear Project Folder to move the project to the root folder:

•

Clear Project Folder button—Click this button to remove the project from the current folder and place it in the root folder.

•

Select a New Folder dropdown—Click the down arrow to locate and select the folder to which to move the project.

Policy Profile

The policy profile currently enabled for the project. To associate the project with a policy profile or switch to another profile, select the policy profile from the Policy Profile dropdown.

To view the policies defined in the selected policy profile, click the down arrow next to View Policy Details. These policies enable Code Insight to automatically review published items and mark them as Approve, Reject, or Not Reviewed. For a description of policies available for a policy profile, see Policy Details Page.

For more information about policy profiles in general, see Managing Policy Profiles in the “Using FlexNet Code Insight” chapter.

Task Flow Options

Once inventory items are marked as Approve, Reject, or Not Reviewed, you can use the following options to define an automated workflow to help you obtain a final, approved inventory more efficiently.

When an inventory item is:

impacted by a new vulnerability that violates your policy, auto-reject the inventory item

This field defines what action the system should take if an inventory item is affected by a new security vulnerability (discovered during scanning or via electronic update).

When a new security vulnerability with a CVSS score or severity greater than the threshold configured as policy for the Code Insight project, select this checkbox to automatically reject those project inventory items impacted by the vulnerability. (This rejection also applies to inventory items previously approved.) To indicate that an inventory item has been rejected due to new vulnerabilities, an alert icon is automatically added to the entry for each impacted inventory item on the Project Inventory tab.

If you leave the checkbox unselected, the status of inventory items impacted by the alert remains as is.

Note that security alerts are generated only when an electronic update, performed post-scan, discovers new vulnerabilities.

For information about setting policies that define vulnerability CVSS and severity thresholds for automatic rejection or approval of inventory items, see Policies Page and Policy Details Page.

When an inventory item is:

neither approved nor rejected by policy

This field defines what action the system should take if the inventory item is not affected by policy (during publishing of inventory as part of a scan or manual publishing by a user).

When Code Insight automatically publishes the inventory, define the action or action sequence that should be triggered for those inventory items not automatically reviewed by policy:

•

take no action—Simply show the status of the inventory item as “Not Reviewed” on the Project Inventory tab.

•

send an email notification—In addition to showing the Not Reviewed status for the inventory item, automatically send an email to the project owner, informing the project owner of the need to manually review the item. The minimum priority value affects this option.

•

create a review task—In addition to showing the Not Reviewed status for the inventory item, automatically create a review task assigned to the project owner and send an email, notifying the project owner about task. (The project owner can then reassign the task to the appropriate user, such as an engineer or a legal or security expert. For details about reassigning tasks, see Creating and Managing Tasks for Project Inventory in the “Using FlexNet Code Insight” chapter.) The minimum priority value affects this option.

neither approved nor rejected by policy (cont.)

•

create a review task with an external work item—In addition to showing the Not Reviewed status for the inventory item, perform the following:

•

Automatically create a review task assigned to the project owner and send an email to notify the project owner about the task. (The project owner can then reassign the task to the appropriate user, such as an engineer or a legal or security expert. For details about reassigning tasks, see Creating and Managing Tasks for Project Inventory in the “Using FlexNet Code Insight” chapter.)

•

Automatically associate a work item with the task, creating the work item in an Application Lifecycle Management (ALM) system (such as an issue in Jira). Code Insight creates the work item using the settings for the ALM instance to which the Code Insight project is associated. For more information about configuring an ALM instance for the project, see ALM Settings in the “Using FlexNet Code Insight” chapter.

The minimum priority value affects this option.

When an inventory item is:

rejected by policy

This field defines what action the system should take if an inventory item is automatically rejected by policy (during publishing of inventory as part of a scan or manual publishing by a user).

Select the action or action sequence that should be automatically triggered when an inventory item is rejected by policy:

•

take no action—Simply show the status of the inventory item as Reject on the Project Inventory tab.

•

send an email notification—Automatically send an email, informing the project owner of the need to perform remediation work on the component.

•

create a remediation task—Automatically create a remediation task assigned to the project owner and send an email, notifying the project owner about task. (The project owner can then reassign the task to the appropriate user, such as an engineer or a legal or security expert. For details about reassigning tasks, see Creating and Managing Tasks for Project Inventory in the “Using FlexNet Code Insight” chapter.)

•

create a remediation task with an external work item—Perform the following:

•

Automatically create a remediation task assigned to the project owner and send an email, informing the project owner about the task. (The project owner can then reassign the task to the appropriate user, such as an engineer or a legal or security expert. For details about reassigning tasks, see Creating and Managing Tasks for Project Inventory in the “Using FlexNet Code Insight” chapter.)

•

minimum priority

Select the minimum inventory priority (P1, P2, P3, or P4) to which the values for neither approved nor rejected apply.

For example, if neither approved nor rejected by policy is set to send email notification and minimum priority is set to P3, then the email notification will only be sent out for P1, P2, and P3 inventory items that are not affected by policy. No email notification will be sent for P4 items.

Note • This option has no effect on the take no action value for neither approved nor rejected by policy.

Edit Project: General Tab

FlexNet Code Insight 2018 R3 Help Library

October 2018