Creating Inventory from the Inventory Items List
Code Insight 2021 R1
This section describes how to create inventory from the Inventory Items list in the Analysis Workbench. (For instructions on creating inventory items for codebase files in Codebase Files list or File Search Results list in the Analysis Workbench, see Creating Inventory with Associated Files from the Codebase Lists.)
To create inventory from the Inventory Items list, do the following:
|
2.
|
Navigate to the Inventory Items list. |
|
3.
|
Click Add New at the top of the Inventory Items list. A new item, showing default values, opens in its own tab in the Inventory Details pane. |
|
4.
|
For the Name field, perform the appropriate step, based on the inventory type you intend to select for the Type field (see the next step): |
|
•
|
For inventory of the type Work in Progress, specify a name for the inventory item. Best practice is to provide a name in the following conventional syntax used by Code Insight, even if the elements represented in the name are not available in the data library: |
<COMPONENT_NAME> <VERSION> (LICENSE_NAME)
|
•
|
For inventory of the type Component or License only, leave the Name field blank. The field will be automatically populated based on the registered component or license instance. |
|
5.
|
From the Type dropdown, select the type of inventory item you want to create and perform the related step or steps: |
|
•
|
Work in Progress—Create this type of inventory item if you want to quickly represent third-party code or an artifact without having to select an associated component, version, or license from the data library. (You can later edit this inventory item to convert it to one of the other inventory types.) This option is typically used if you need a placeholder or cannot find the associated element in the data library. Items of type Work in Progress are not affected by policies and do not receive vulnerability updates or alerts. |
|
•
|
Component—Create this type of inventory item if you know the component, version, and license for the third-party code or artifact and either you are able to locate it in the Code Insight data library using the Component Lookup feature or you need to create it as a custom component because it is not in the library. This type of inventory is associated with a registered component instance—that is, a unique component-version-license combination—and is affected by policies and receives vulnerability updates and alerts. |
The Component Lookup feature, made available when you select the Component type, enables you to associate the inventory item with an existing registered component instance (or a new instance that you create) or to create the custom component and instance to associate with the item.
The following are basic steps for using Component Lookup. For details, see Searching Components.
|
a.
|
Click the Lookup Component button to locate the component of interest (as described in the next steps) or to create a custom component and instance to associate with the inventory item (see Creating and Editing Custom Components for continued steps). |
|
b.
|
In the list of results, navigate to the appropriate component, and click Show Versions to display the list of registered instances for that component. |
|
c.
|
Click Use This Instance next to an existing registered instance to associate that instance with the inventory item. |
or
Click Register New Instance to create a new instance. Complete the registration by selecting an existing component version (or choosing the Create Custom Version value to specify a new version) and then selecting the license to associate with the instance. Click Use This Instance next to the new instance to associate it with the inventory item. (If you register a new component instance when creating inventory, the registered instance becomes available for selection across the system.)
The Name and Description editable fields for the inventory item are automatically populated with information based on the registered instance you selected. Additionally, the Component and License fields are displayed, showing the component, its version, and the license for the instance.
|
•
|
License Only—Create this type of inventory item if you know the license for the third-party code or artifact but do not know the component. (You can later edit this inventory item to convert it to one of the other inventory types.) This type of inventory is typically used for groups of files of unknown origin that are governed by a specific license. The inventory is affected by policies. |
Simply select the appropriate license from License Only dropdown, which is enabled when you select this type.
The Name field for the inventory item is automatically populated with the name Files under <LICENSE_NAME> License, where <LICENSE_NAME> is license you selected.
|
6.
|
Update the remaining fields if appropriate: |
|
•
|
Description—Provide any meaningful information about the inventory item. When the inventory type is Component, this field is automatically populated with information about the component, license, or both, but can be edited. |
|
•
|
Url—Enter the website for the third-party code or artifact represented by the inventory item. |
|
•
|
Provenance—The source project from which the current inventory item is derived. When creating an inventory item, this property automatically shows Originated in this project. For details about this field, see Inventory Details Tab in the Analysis Workbench. |
Note:You cannot update this property from the Code Insight Web UI in general, but you can edit it when creating or updating inventory using the Inventory REST API.
|
•
|
Disclosed—Indicate whether the third-party component or artifact represented by the inventory item was a known third-party dependency in your code before it was discovered by the scan or you. |
|
•
|
Workflow URL—Enter the URL (or a text reference such as a Jira issue number) that points to the specific request-related data for this inventory item as found in your site’s external workflow system. |
If a URL is entered here, it will display as a link (labeled as View Associated Request) on the Inventory Details tab in Project Inventory. This link enables the reviewer to easily access the workflow request data that tracks the status of open tasks for the inventory item.
If a string that provides reference information is entered here, it is not converted to a link on the Inventory Details tab. However, depending on the string content, it can still provide direction in locating appropriate data in the workflow system.
The value remains None if you enter no URL or reference.
Additionally, when you view the Inventory Details tab in Project Inventory, an 
icon will be displayed next to the URL if additional request-related details are available for the inventory item. The reviewer can then click the icon for a quick review of pertinent details about the request without having to access the workflow system.
|
7.
|
(Recommended) On the Notes & Guidance tab, add content to the Audit Notes field to indicate that this inventory item was manually created. This is helpful information for other auditors and for reviewers. |
|
9.
|
When you completed the details for the new inventory item, click Save. The name of the inventory item appears in the Inventory Items pane. |
|
10.
|
(Optional) To report on newly created or edited inventory items, click Publish. |