Examining a Codebase File Exactly Matching an Open-Source File

If your project is configured for exact-match scanning, the scan will identify files in the codebase whose content exactly matches files in the Compliance Library (CL). Follow these steps to examine a scanned codebase file whose content exactly matches one or more open-source or other third-party files (called remote files) in the CL. The Exact Matches tab for a given codebase file shows the matching remote files, along with the open-source or third-party component versions and licenses associated with each.

Note:By default, Code Insight does not perform source-code matching on files that are exact matches to CL files. However, you can enable your project scan to force source-code matching on files that are also exact matches. See Updating Scan Settings for a Project. For information about the results of source-code matching, see Examining Evidence of Open-Source Code in a Given Non-Binary File. Currently, exact matching is not available for files that are scanned by a scan agent plugin.

To examine a codebase file that exactly matches one or more remote files, do the following:

1. Ensure that you have run a scan with the Comprehensive Scan Profile selected for the desired project (or a custom scan profile with the Exact Matches feature enabled). For more information, see Updating Scan Settings for a Project.
2. Open the Analysis Workbench for the project. (For instructions, see Opening the Analysis Workbench.)
3. Click the Exact link in the legend at the top right of the page to find all files with exact matches (see Using the Filter Legend Options to Filter the Codebase). Results are listed in the File Search Results pane.
4. Select a codebase file from the File Search Results list, and select the Exact Matches tab.

Three Remote Files panels are displayed:

The information in the Remote Files panel on the left consists of a set of files from the open-source community that are an exact match to the scanned file. This means that the scanned file in the codebase likely originated from outside the organization, and thus its origin needs to be identified.
The Components panel lists the open-source or third-party components associated with each remote file.
The Licenses panel lists the licenses normally associated with each component.

See the More About the “Remote Files” Panels on the Exact or Partial Matches Tabs for more information about the functionality available from the three panels.

5. Select a remote file in the Remote Files panel to see the associated component and license information (on the Components and Licenses panels, respectively).
6. (Optional) Associate the codebase file to an inventory item based on the open-source or third-party component associated with a matching remote file. See Adding a Codebase File to Inventory Associated with a Remote File’s Open-Source Component for details.