Role of an Analyst

Code Insight 2021 R2

The role of a project Analyst in Code Insight is to transform the evidence uncovered by the Scan Server into an inventory item. Analysts create inventory items that associate files in your codebase to open-source and third-party projects, called components in Code Insight. For example, Analysts might evaluate files with a copyright of “Copyright (c) 2015 to 2021 Mark Smith” and a license match to the license used by the “zlib” component. The Analyst would then associate these files with an inventory item for the “zlib” open-source component and mark the files as reviewed to register progress.

The Analyst will evaluate all of the evidence within a codebase, create inventory items where appropriate, mark the analyzed files as reviewed, and finally publish them. The remaining sections in Auditing Scan Results in the Analysis Workbench describe these tasks.

Once published, the inventory will be available for reporting and review by Legal, Security, and Development teams, as described in Reviewing Published Inventory for a Project. The ultimate goal of both the audit and the review/remediation processes is to produce a complete and accurate inventory of open-source and third-party code within your products—sometimes referred to as a Bill of Materials (BOM).

Refer to the Code Insight User Roles and Permissions appendix for more information about Analyst role required to access the Analysis Workbench and to analyze and act on scan results.