Creating a Project Without Uploading a Codebase
FlexNet Code Insight 2020 R2
Some organizations might be interested in reviewing the inventory that results from a scan of their product’s post-build artifacts on the build server. Other organizations might want to review the inventory resulting from a codebase scan but are reluctant to upload their product codebase to FlexNet Code Insight. Instead, they want to keep their codebase in its existing development system due to security, consistency, or other concerns. To address these requirements, FlexNet Code Insight provides scan agent plugins that can scan codebase files or built artifacts wherever they reside and send the results as inventory to the Code Insight Core Server for review and remediation by users. This process requires an inventory-only project on the Core Server for handling the returned results, but requires no codebase upload to Code Insight.
Organizations might still want to upload a their product codebase to Code Insight to perform a standard scan, but then use a remote scan plugin to scan post-build artifacts directly on the build server. They can compare the resulting inventories in Code Insight, resolve discrepancies, and determine a final inventory list.
The following is the overall process for creating an inventory-only project and performing a scan on a remote codebase:
Phase 1—Create an inventory-only project in FlexNet Code Insight. See About Code Insight Projects.
Phase 2—Create a valid JSON Web Token (JWT) for the user whose account will be used to connect to FlexNet Code Insight. For instructions on generating the JWT, see Managing Authorization Tokens in the “Using FlexNet Code Insight” chapter.
Phase 3—Install and configure the appropriate scan agent plugin. (For information how to install and configure the plugin, see the FlexNet Code Insight Plugins Guide.) As part of the configuration process, you will need to provide the name of the inventory-only project that you created, the URL of the FlexNet Code Insight core server, and the JWT.
When the plugin is invoked (for example, by a build in Jenkins) the remote codebase will be scanned, and identified inventory items will be created on the FlexNet Code Insight server. The resulting inventory can be managed in FlexNet Code Insight.
Note • In the case of an inventory-only project, the Analysis Workbench will not be available. However, all other inventory management functionality is supported.