Creating Inventory from the Project Inventory Tab

Code Insight 2021 R1

Reviewers can create an inventory item to represent any third-party code or artifact that is not automatically detected by the system.

Use the following steps to create an inventory item from the Project Inventory tab as needed. Note the following:

•

When you save the inventory item, it is automatically published.

•

No files can be associated with an inventory item when it is created from the Project Inventory tab.

•

If you register a new component instance (a unique component-version-license combination) when creating inventory, the registered instance becomes available for selection across the system.

•

Inventory of type Work in Progress, Component, or License Only can be created.

To create an inventory item from the Project Inventory tab, do the following:

1.

Open the Project Inventory tab for the desired project (see Displaying Project Inventory).

2.

Click Add Item at the top of the Inventory Items list.

The New Inventory dialog opens.

3.

For the Name field, perform the appropriate step, based on the inventory type you intend to select for the Type field (see the next step):

•

For inventory of the type Work in Progress, specify a name for the inventory item. Best practice is to provide a name in the following conventional syntax used by Code Insight, even if the elements represented in the name are not available in the data library:

<COMPONENT_NAME> <VERSION> (LICENSE_NAME)

•

For inventory of the type Component or License only, leave the Name field blank. The field will be automatically populated based on the registered component or license instance.

4.

From the Type dropdown, select the type of inventory item you want to create and perform the related step or steps:

•

Work in Progress—Create this type of inventory item if you want to quickly represent third-party code or an artifact without having to select an associated component, version, or license from the data library. (You can later edit this inventory item to convert it to one of the other inventory types.) This option is typically used if you need a placeholder or cannot find the associated element in the data library. Items of type Work in Progress are not affected by policies and do not receive vulnerability updates or alerts.

•

Component—Create this type of inventory item if you know the component, version, and license for the third-party code or artifact and you either are able to locate it in the Code Insight data library using the Component Lookup feature or you need to create it as a custom component because it is not in the library. This type of inventory is associated with a registered component instance—that is, a unique component-version-license combination—and is affected by policies and receives vulnerability updates and alerts.

The Component Lookup feature, made available when you select the Component type, enables you to associate the inventory item with an existing registered component instance (or a new instance that you create) or to create the custom component and instance to associate with the item.

The following are basic steps for using Component Lookup. For more details, see Searching Components.

a.

Click the Lookup Component button to locate the component of interest (as described in the next steps) or to create a custom component and instance to associate with the inventory item (see Creating and Editing Custom Components for continued steps).

b.

In the list of results, navigate to the appropriate component, and click Show Versions to display the list of registered instances for that component.

c.

Click Use This Instance next to an existing registered instance to associate that instance with the inventory item.

or

Click Register New Instance to create a new instance. Complete the registration by selecting an existing component version (or choosing the Create Custom Version value to specify a new version) and then selecting the license to associate with the instance. Click Use This Instance next to the new instance to associate it with the inventory item.

The Name and Description editable fields for the inventory item are automatically populated with information based on the registered instance you selected. Additionally, the Component and License fields are displayed, showing the component, its version, and the license for the instance.

•

License Only—Create this type of inventory item if you know the license for the third-party code or artifact but do not know the component. (You can later edit this inventory item to convert it to one of the other inventory types.) This type of inventory is typically used for groups of files of unknown origin that are governed by a specific license. The inventory is affected by policies.

Simply select the appropriate license from License Only dropdown, which is enabled when you select this type.

The Name field for the inventory item is automatically populated with the name Files under <LICENSE_NAME> License, where <LICENSE_NAME> is license you selected.

A License Details tab is added, enabling to view details about the license selected for the inventory item.

5.

Update the remaining fields if appropriate:

•

Description—Any meaningful information about the inventory item. When the inventory type is Component, this field is automatically populated with information about the component, license, or both, but can be edited.

•

Url—The website for the third-party code or artifact represented by the inventory item.

•

Disclosed—Indicates whether the third-party component or artifact represented by the inventory item was a known third-party dependency in your code before it was discovered by the scan or you.

•

For Distribution Type, Part of Product, Linking, Modified, or Encryption, see Inventory Usage Information.

•

Workflow URL—Enter the URL (or a text reference such as a Jira issue number) that points to the specific request-related data for this inventory item as found in your site’s external workflow system.

Once you save this new item, the Inventory Details pane for the new item displays the URL as a link (labeled as View Associated Request), enabling the reviewer to easily access the workflow request data that tracks the status of open tasks for the inventory item.

If you enter a text reference, it is not converted to a link on the Inventory Details pane, but it still provides direction in locating the appropriate data in the workflow system.

The value remains None if you enter no URL or reference.

If additional request-related details are later made available for this inventory item, the icon will be displayed next to the URL. You can click the icon to open the Workflow Request Details window for a quick review of pertinent details about the request without having to access the workflow system.

Note:These details come from the specific external workflow system associated with your site. The details can vary based on your workflow system.

6.

Click Save. The name of the inventory item is added to the Inventory Items list.

7.

(Optional) If you created a License Only inventory item, view details about the license selected for the new inventory item on the Licenses Details tab in the right pane.