Project Inventory Details Pane

Click to recall (remove) a published inventory item from Inventory Items list if it does not fit the criteria for inclusion. The selected items are removed from the Project Inventory view and are only visible in the Analysis Workbench.

Show the details for the previous or next inventory item in the Inventory Items list.

The Yes, No, or N/A value indicating whether the component associated with the inventory item provides the encryption capabilities used in your product. Encryption can affect export controls.

This attribute can be updated on the Edit Inventory dialog (see Editing Inventory from the Project Inventory Tab).

A dropdown list showing the priority level given to this inventory item by the system, with P1 as the highest priority and P4 as the lowest.

You can change the priority for this inventory item by selecting a different priority from the dropdown list and clicking Save. For more information about priorities, see Inventory Priority.

The Inventory Details tab lists attributes of the inventory item.

A description of the inventory item. This attribute can be updated on the Edit Inventory dialog (see Editing Inventory from the Project Inventory Tab).

The Yes or No option indicating whether the third-party component or artifact represented by the inventory item known third-party dependency in your code before it was discovered by the scan or you.

This field is used most often by analysts to denote information about the state of the inventory item.

This attribute can be updated on the Edit Inventory dialog (see Editing Inventory from the Project Inventory Tab).

Notifies you whether or not security vulnerability alerts exist for this item. If alerts exist, click the x Open Alerts or x Closed Alerts link to view their details. If no alerts exist, None is displayed. You can open the Alerts dialog from this pane to change the status or priority of an alert. For more information, see Managing Security Vulnerability Alerts.

The URL link or a plain text reference (such as a Jira issue number) to request data pertaining to this inventory item in your site’s external workflow system. The link enables the reviewer to easily access the workflow data that tracks the status of open tasks for the inventory item. (The plain text reference still helps the reviewer locate the appropriate data in the workflow system.)

You can define this attribute when you edit or manually create an inventory item from the Analysis Workbench or the Project Inventory tab.

If no URL or reference has been defined, the value is None.

If additional request-related details are available for this inventory item, the icon is displayed next to the URL. Click the icon to open the Workflow Request Details window for a quick review of pertinent details about the request without having to access the workflow system.

Note • These details come from the specific external workflow system associated with your site. The details can vary based on your workflow system.

The name of the component. You can switch to a different component from the Edit Inventory dialog (see Editing Inventory from the Project Inventory Tab).

The external repository associated with the component. You can click the forge link to open the forge website.

Other licenses that can be associated with the component.

A bar graph showing the count of known vulnerabilities by severity color for the component. Click the graph to view the list of vulnerabilities and their details. For details about the graph and vulnerabilities in general, see Security Vulnerabilities Associated with Inventory.

If no vulnerabilities have been found for the inventory item, the value No is displayed in place of the graph.

The Notices Text tab is used to finalize the exact content to include in the Notices report. For more information, see Finalizing the Notices Text for the Notices Report.

The exact content to include in the Notices report. You can edit any license text previously saved to this field or add your own license text, such as license information for rules that you developed during your manual research on the inventory item. You can also copy the As-Found License Text content to the Notices Text field and modify it as needed. Or you can leave this field empty. Click Save at the top of the field if you make any changes to this field.

If you provide information in this field, the Notices report pulls the content of only this field into the report. If this field is empty, the content of the As-Found License Text field is used in the report. If both fields are empty, the report uses the license content from FlexNet Code Insight data library (see License Details from the Code Insight Data Library).

For more information, see Finalizing the Notices Text for the Notices Report.

System notes that can specify the following:

Notes helpful provided by a reviewer to assist other reviewers or to provide guidance to software engineers assigned tasks to fix or modify the use of the OSS or third-party software in the product code.

The option indicating how the inventory item is distributed:

The option indicating whether the libraries are statically linked (included in the materials), dynamically linked (brought in at runtime), or not linked at all. The Unknown value indicates that linking status is not known.

Linking can affect license priority and obligations.

The Yes, No, or Unknown option indicating whether the component provides the encryption capabilities used in the product. Encryption can affect export controls.