Scan Evidence
Code Insight 2020 R3
Scan evidence is generated by Code Insight during a scan and is available for view in the Analysis Workbench to any analyst assigned to the project. Scan evidence is typically an indicator of open-source or third-party content in the codebase. It can be useful for verifying system-generated inventory, identifying and creating additional inventory not discovered during scan, finding embedded licenses and copyrights in bundled code or archives, determining file origin, and locating stolen or borrowed code.
Note:Currently, open-source and third-party evidence is available only for files scanned by the Scan Server, not for files scanned by a Code Insight scan-agent plugin on a remote system.
You can quickly view filter on and view the following evidence for codebase files in the Analysis Workbench. (For more details about examining evidence in the Analysis Workbench, see Examining and Managing Open-Source Evidence for a Given File and Viewing a Summary of Copyright, Email, URL, License, and Search-Term Evidence Detected Across the Codebase.)
| • | Exact Matches—A whole-file match to a file in the Compliance Library |
| • | Source Matches—Snippet-level matches to files in the Compliance Library |
| • | Copyrights—Third-party copyright statements detected in the code |
| • | Emails/URLs—Third-party emails and URLs detected in the code |
| • | Licenses—Licenses detected in the code based on custom license patterns supplied by Electronic Update |
| • | Search Terms—String matches based on pre-configured search terms provided by Code Insight and on custom search terms added by the user as part of the Scan Profile |