Project Defaults tab
Category
Field
General Options
These options set defaults for project creation and assign default users to project roles. Users can change these defaults when creating a project or when editing a project or its users using Manage Project | Edit Project | General or Manage Project | Edit Project | Edit Project Users on the project Summary tab.
Project Type
Select the default project type based on scan requirements:
| • | Standard—A project whose scans require that its codebase be uploaded to FlexNet Code Insight or be synchronized pre-scan using an SCM plugin (such as Bitbucket, Git, Perforce, or TFS). This is the initial system default. This is the initial system default. |
| • | Inventory Only—A project whose scans are performed through a remote scan agent, thus eliminating the need to upload the codebase to FlexNet Code Insight. These scans generate project inventory only. Consequently, the Analysis Workbench is not available for codebase analysis. For details about inventory-only projects, see Performing Inventory-Only Scanning. |
Project Visibility
Select the default for visibility status—Public or Private—for projects. (The initial system default is Public.)
For public projects, users who are not the Project Owner nor directly assigned the Reviewer or Analyst role have read-only access to the project inventory. However, private projects are hidden from all users except the Project Owner and those users assigned as Analysts, Reviewers, and Observers of the project.
Project Risk
Select the default risk value (Low, Medium, or High) for projects. To edit, select another value from the dropdown. The initial system default is Medium.
Project Users
Click the Edit Project Users link to open the Edit Default Project Users page. From here you assign project roles—Analysts, Reviewers, and Observers—that will default for any new project created (but which can then be edited at the project level). See Edit (Default) Project Users Page for details.
Scan Settings
These options identify the default Scan Server and scan profile for projects. Users can change these settings at the project level by navigating to Manage Project | Edit Project | Scan Settings from the project Summary tab.
Scan Profile
Select the scan profile to default for projects. Click 
to view the details of the scan profile.
Scan Server
Select the Scan Server to default for projects. Note that only those Scan Servers in an “enabled” state are available for selection. If only one Scan Server has been identified to the system, this server is automatically selected as the default.
Automated Inventory Publish Options
These options configure defaults for automatically publishing project inventory once a scan completes. Users can change these settings at the project level by navigating to Manage Project | Edit Project | Scan Settings from the project Summary tab.
Automatically publish system-created inventory items
Select this option to automatically publish inventory items that Code Insight creates as part of the scan (that is, system-generated inventory items). If you select this option, the Minimum inventory confidence label and Mark associated files as reviewed fields are enabled.
Minimum inventory confidence level for auto-publish
Select the default minimum Inventory Confidence level required to automatically publish a system-generated inventory item:
| • | Low—Automatically publish all system-generated inventory. |
| • | Medium—Automatically publish only those system-generated inventory items with Medium and High confidence levels. |
| • | High—Automatically publish only those system-generated inventory items with a High confidence level. |
For a description of the Confidence levels and how they are used, see Inventory Confidence.
Mark associated file as reviewed
Select this option if you want Code Insight to automatically mark the files associated with each automatically published inventory item as “reviewed”.
Automated Review Options
These options configure defaults for enabling policies that automatically accept or reject inventory when it is published. Users can change these settings at the project level by navigating to Manage Project | Edit Project | Review and Remediation Settings from the project Summary tab.
Policy Profile
Select the default policy profile to associate with all new projects. (The system default is Default License Policy Profile.)
The policy profile contains a set of policies that use components, versions, licenses, and vulnerability scores and severities as criteria to automatically reject or approve inventory items during a codebase scan (or post-scan).
For more information about policy profiles in general, see Managing Policy Profiles.
automatically reject inventory items impacted by a new vulnerability that violates your policy
Indicate the default action to take for published inventory affected by a new security vulnerability downloaded as part of an Electronic Update. The selected action applies to both non-reviewed and previously approved inventory items on the Project Inventory tab.
| • | Select this checkbox to automatically reject those project inventory items impacted by a new security vulnerability only if this vulnerability has a CVSS score or severity greater than the thresholds configured as policy for the Code Insight project. For each inventory item rejected due to a new security vulnerability, the  icon and a tip are added to indicate the status change and its reason. |
If a new vulnerability does not exceed policy thresholds, the current status of the inventory item is not affected.
| • | Leave the checkbox unselected to retain the current status of inventory items impacted by the new vulnerability. |
For information about setting policies that define CVSS-score and severity thresholds used to reject or approve inventory items automatically, see Policy Page and Policy Details Page. For information about associating these policies with a project, see Managing Policy Profiles.
Manual Review Options
These options configure defaults for project inventory not automatically reviewed by policy. Users can change these settings at the project level by navigating to Manage Project | Edit Project | Review and Remediation Settings from the project Summary tab.
What should happen if inventory items are not reviewed by policy?
Indicate the default action to trigger for those inventory items that are not affected by policy (and therefore have a Not Reviewed status) during the publication of inventory either as part of a scan or manually by a user:
| • | do nothing—Simply show the status of the inventory item as Not Reviewed on the Project Inventory tab. |
| • | send an email notification to the project owner—Automatically send an email to the Project Owner, stating the need for a manual review of the item. The value for Select the minimum priority... (described in the next table entry) affects this option. |
| • | automatically create a manual review task—Automatically create a manual review task assigned to the default legal or security reviewer (or both reviewers), and send an email, notifying the reviewer(s) about assigned task. |
Information about managing such a task to track the progress of a manual review is found in Creating and Managing Tasks for Project Inventory.
The value for Select the minimum priority... (described in the next table entry) affects this option.
Select the minimum priority to perform the action selected above
(Enabled when an option other than do nothing is selected for the previous field.) Select the default minimum inventory priority (P1, P2, P3, or P4) to which the value for the previous field applies.
For example, if the previous field is set to send an email notification to the project owner and minimum priority is set to P3, then the email notification will be sent for only those non-reviewed inventory items with a P1, P2, or P3 priority. No email notification will be sent for P4 inventory items.
Note • This option has no effect when the do nothing value is selected.
Manual Review Options
What type of manual reviews will be performed on this project?
Set the default type of manual review tasks to be generated:
| • | Legal Only—Review tasks are generated for those non-reviewed inventory items that so not meet legal policy criteria. The tasks are automatically assigned to the default Legal reviewer. |
| • | Security Only—Review tasks are generated for only those non-reviewed inventory items that have security vulnerabilities. The tasks are automatically assigned to the default Security reviewer. |
| • | both Legal and Security—Review tasks are generated for all non-reviewed inventory items that do not meet legal policy criteria; these are assigned to the default Legal reviewer. Additionally, review tasks are generated for those non-reviewed inventory tasks associated with security vulnerabilities and are assigned to the default Security reviewer. |
With this value, a single inventory item might have both a legal review task and security review task generated. However, if the default reviewers are the same user, a single task is created, describing the requirement for both a legal and security manual review.
Select reviewers for this project
If desired, designate a new default Legal reviewer or Security reviewer (or both) to which to assign manual review tasks. (The Project Owner is the designated as the initial system default for both reviewers.)
Then, depending on the type of manual review selected for the project (see the What type of manual reviews will be performed... option described previously), Code Insight determines which reviewer (Legal or Security or both) is assigned the task and then notified of the task by email. The reviewer(s) can then manage the task accordingly, possibly reassigning it to another user. For details about managing and reassigning tasks, see Creating and Managing Tasks for Project Inventory.
To select a new default reviewer, click Change User next to the name of the current Legal reviewer or Security reviewer assignee, then select a user from the Select new...contact dialog, and click Apply. (To reset the reviewer to the Project Owner, click Reset.)
When a new default reviewer is selected, that user is automatically given the role of project “reviewer” should the user not currently have this role. However, should the current reviewer reassign a specific task to another user, the “reviewer” role is not automatically assigned to that user.
If the Project Owner is specified as a default reviewer, the owner’s actual name is displayed for the reviewer at the project level.
Remediation Options
These options configure defaults for rejected project inventory. Users can change these settings at the project level by navigating to Manage Project | Edit Project | Review and Remediation Settings from the project Summary tab.
What should happen if inventory items are rejected?
Indicate the default action to trigger for those inventory items that are automatically rejected by policy during the publication of inventory either as part of a scan or manually by a user:
| • | do nothing—Simply show the status of the inventory item as Reject on the Project Inventory tab. |
| • | send an email notification to the project owner—Automatically send an email to the Project Owner, stating the need for remediation work on the inventory item. |
| • | automatically create a remediation task—Automatically create a remediation task assigned to the default development contact (see the Assignee for remediation work option) and send an email, notifying the contact about the assigned task. |
| • | automatically create a remediation task and an external work item—Automatically do the following: |
| • | Create a remediation task assigned to the default development contact (see the Assignee for remediation work option) and send an email, notifying the contact about the assigned task. (See the previous bulleted item for more information.) |
| • | Associate a work item with the task, creating the work item in an Application Lifecycle Management (ALM) system (such as an issue in Jira). The work item is created and assigned using the settings defined for the ALM instance to which the Code Insight project is associated. For more information about configuring an ALM instance for the project, see ALM Settings. |
Assignee for remediation work
If desired, designate a new default development contact—for example, an engineering manager—to which to assign remediation tasks. (The Project Owner is the initial system default.) This contact can then manage the task accordingly—for example, reassigning it to another user or manually creating an external work item and assigning it to someone on the development team. For details about managing and reassigning tasks, see Creating and Managing Tasks for Project Inventory.
To select a new contact, click Change User next to the name of the current assignee, select a user from the Select new...contact dialog, and click Apply. (To reset the reviewer to the Project Owner, click Reset.)
If the Project Owner is specified as the default, the owner’s actual name is displayed as the remediation assignee at the project level.