Inventory Details Pane in the Analysis Workbench
FlexNet Code Insight 2020 R2
The Inventory Details pane in the Analysis Workbench contains a sub-tab for each inventory item you have opened from the Inventory Items pane. Each sub-tab contains the following fields describing a given inventory item:
|
Category |
Column/Field |
Description |
||||||||||||
|
Header information |
The Inventory Details pane header shows buttons that enable you take actions on the inventory item and lists attributes about the item and its associated component. |
|||||||||||||
|
Recall |
Click to recall (remove) a published inventory item from Inventory Items list if it does not fit the criteria for inclusion. The selected items are removed from the Project Inventory view and are only visible in the Analysis Workbench. |
|||||||||||||
|
Create Custom Rule |
(Available when inventory Type is Component) Click to open the Custom Detection Rule dialog to define an new detection rule for codebase files that are associated with a third-party component but not associated with inventory. For details, see Managing Custom Detection Rules. |
|||||||||||||
|
Save |
Click to save any changes you have made to the inventory details. |
|||||||||||||
|
Close |
Click to close the Inventory Details pane without saving changes. You are asked to save changes before the actual closure. |
|||||||||||||
|
|
Review Status |
The status of the inventory item:
|
||||||||||||
|
Alerts |
Notifies you whether or not security alerts exist for this item. If alerts exist, click the x Open Alerts or x Closed Alerts link to view their details. If no alerts exist, None is displayed. You can access the Alerts dialog from this pane to change the status or priority of an alert. For more information, see Managing Security Vulnerability Alerts. |
|||||||||||||
|
Priority |
A dropdown list showing the priority level given to this inventory item by the system, with P1 as the highest priority and P4 as the lowest. You can change the priority for this inventory item by selecting a different priority from the dropdown list and clicking Save. For more information about priorities, see Inventory Priority. |
|||||||||||||
|
Vulnerabilities |
A bar graph showing the count of known vulnerabilities by severity color for the inventory item. Click the graph to view the list of vulnerabilities and their details. For details about the graph and vulnerabilities in general, see Security Vulnerabilities Associated with Inventory. If no vulnerabilities have been found for the inventory item, the value No is displayed in place of the graph. (In the Analysis Workbench, if the Type value for the inventory item is Work in Progress or License Only, the value N/A is displayed.) |
|||||||||||||
|
Created By |
The name of the person or process that created the inventory item. |
|||||||||||||
|
Confidence |
A simple three-segment graph representing the Confidence level (High, Medium, or Low) of the inventory item. The Confidence level is the measure of the strength of the discovery technique used to generate the inventory item. The graph shows three shaded segments for High confidence, two for Medium, and one for Low. For more information about the Confidence levels, see Inventory Confidence in the “Using FlexNet Code Insight” chapter. |
|||||||||||||
|
Created On |
The date that the inventory item was created. |
|||||||||||||
|
|
Updated On |
The date that the inventory item was updated. If the item has not been updated since the creation date, the date shown here will be the same as the Created On date. |
||||||||||||
|
Inventory details |
The following attributes describe the inventory item. You can update these attributes as needed from this pane. For details, see Editing Inventory from the Analysis Workbench or Creating an Inventory Item from the Analysis Workbench. |
|||||||||||||
|
Name |
The name of the inventory item. |
|||||||||||||
|
Type |
The type of finding of this item:
|
|||||||||||||
|
Component |
The name of the component. Click |
|||||||||||||
|
License |
The name of the license associated with this component. Click |
|||||||||||||
|
Description |
A description of the inventory item. You can update the description as needed. |
|||||||||||||
|
URL |
The URL of the license for this inventory item. You can update the URL as needed. |
|||||||||||||
|
Disclosed |
The Yes or No option indicating whether the third-party component or artifact represented by the inventory item known third-party dependency in your code before it was discovered by the scan or you. This field is used most often by analysts to denote information about the state of the inventory item. |
|||||||||||||
|
|
Workflow URL |
The URL (or a text reference such as a Jira issue number) that points to the request data pertaining to this inventory item as found in your site’s external workflow system. When you view this value on the Inventory Details tab in Project Inventory, the URL displays as a link (labeled as View Associated Request), enabling the reviewer to easily access to the workflow data that tracks the status of open tasks for the inventory item. A text reference entered here is not converted to a link on the Inventory Details tab, but it still provides direction in locating the appropriate data in the workflow system. The value is None if you enter no URL or reference. Additionally, when you view the Inventory Details tab in Project Inventory, an |
||||||||||||
|
Usage tab |
The Usage tab provides details on how your product uses the OSS or third-party software. You can update this information as needed from this pane when editing an existing inventory item or creating a new one. See Viewing or Editing Inventory Usage Information from the Analysis Workbench. |
|||||||||||||
|
Distribution Type |
The option indicating how the inventory item is distributed:
|
|||||||||||||
|
Part of Product |
The Yes, No, or unknown option indicating whether the item is part of the core product or an infrastructure piece such as a build or test tool. This can affect whether third-party notices are required for this item. |
|||||||||||||
|
Linking |
The option indicating whether the libraries are statically linked (included in the materials), dynamically linked (brought in at runtime), or not linked at all. The Unknown value indicates that linking status is not known. Linking can affect license priority and obligations. |
|||||||||||||
|
|
Modified |
The Yes, No, or Unknown option indicating whether a project contributor, such as a developer, has modified the software from its original form. Modification can be an important factor for determining license obligations and distribution requirements that are governed by a specific license. |
||||||||||||
|
Encryption |
The Yes, No, or Unknown option indicating whether the component provides the encryption capabilities used in the product. Encryption can affect export controls. |
|||||||||||||
|
Notes tab |
The Notes tab provides information about the automated and manual analysis of codebase as it relates to an inventory item. |
|||||||||||||
|
Detection Notes |
System notes that can specify the following:
|
|||||||||||||
|
Audit Notes |
Any notes added to the inventory item by the auditor or reviewer, based on findings during the analysis. You can edit these notes as needed from this pane when editing an existing inventory item or creating a new one. See Viewing and Updating Detection and Auditing Notes in the Analysis Workbench. |
|||||||||||||
|
Associated Files tab |
Click this tab to view a list of the files that are part of the inventory for this project. The file entry shows the icons representing the types of evidence found in the file (see Using the Filter Legend Options to Filter the Codebase). A check mark indicates whether the file has been reviewed. If necessary, click the |
|||||||||||||
|
Notices Text tab |
The Notices Text tab is used to finalize the exact content to include in the Notices report. You can edit the notices content as needed from this pane when editing an existing inventory item or creating a new one. For more information, see Finalizing the Notices Text for the Notices Report. |
|||||||||||||
|
As-Found License Text |
The As-Found License Text field shows the license text or license references found in the scanned codebase. You cannot edit this field, but you can click Copy to Notices Text to copy the text to the Notices Text field. If content already exists in the Notices Text field, you can choose either to append the As-Found License Text content to the existing notices content or to replace the existing notices content. |
|||||||||||||
|
Notices Text |
The exact content to include in the Notices report. You can edit any license text previously saved to this field or add your own license text, such as license information for rules that you developed during your manual research on the inventory item. You can also copy the As-Found License Text content to the Notices Text field and modify it as needed. Or you can leave this field empty. If you provide information in this field, the Notices report pulls the content of only this field into the report. If this field is empty, the content of the As-Found License Text field is used in the report. If both fields are empty, the report uses the license content from FlexNet Code Insight data library (see License Details from the Code Insight Data Library). For more information, see Finalizing the Notices Text for the Notices Report. |
|||||||||||||
to view publicly available information about the component; or click 
to select a new version (or license) for the inventory item.
to view additional information about the license; or click 
to select a new license (or version) for the inventory item.
icon will be displayed next to the URL if additional request-related details are available for the inventory item. The reviewer can then click the icon for a quick review of pertinent details about the request without having to access the workflow system.
to disassociate the file from the inventory item.