Creating Inventory from the Inventory Items List
This section describes how to create inventory from the Inventory Items list in the Analysis Workbench. (For instructions on creating inventory items for codebase files in Codebase Files list or File Search Results list in the Analysis Workbench, see Creating Inventory with Associated Files from the Codebase Lists.)
To create inventory from the Inventory Items list, do the following:
|
2.
|
Navigate to the Inventory Items list. |
|
3.
|
Click Add New at the top of the Inventory Items list. A new item, showing default values, opens in its own tab in the Inventory Details pane. |
|
4.
|
For the Name field, perform the appropriate step, based on the inventory type you intend to select for the Type field (see the next step): |
|
•
|
For inventory of the type Work in Progress, specify a name for the inventory item. Best practice is to provide a name in the following conventional syntax used by Code Insight, even if the elements represented in the name are not available in the data library: |
<COMPONENT_NAME> <VERSION> (LICENSE_NAME)
|
•
|
For inventory of the type Component or License only, leave the Name field blank. The field will be automatically populated based on the registered component or license instance. |
|
5.
|
From the Type dropdown list, select the type of inventory item you want to create and then perform the related step or steps: |
|
•
|
Work in Progress—Create this type of inventory item if you want to quickly represent third-party code or an artifact without having to select an associated component, version, or license from the data library. (You can later edit this inventory item to convert it to one of the other inventory types.) This option is typically used if you need a placeholder or cannot find the associated element in the data library. Items of type Work in Progress are not affected by policies and do not receive vulnerability updates or alerts. |
|
•
|
Component—Create this type of inventory item if you know the component, version, and license for the third-party code or artifact and either you are able to locate it in the Code Insight data library using the Component Lookup feature or you need to create it as a custom component because it is not in the library. This type of inventory is associated with a registered component instance—that is, a unique component-version-license combination—and is affected by policies and receives vulnerability updates and alerts. |
The Component Lookup feature, made available when you select the Component type, enables you to associate the inventory item with an existing registered component instance (or a new instance that you create) or to create the custom component and instance to associate with the item.
The following are basic steps for using Component Lookup. For details, see Searching Components.
|
a.
|
Click the Lookup Component button to locate the component of interest (as described in the next steps) or to create a custom component and instance to associate with the inventory item (see Creating and Editing Custom Components for continued steps). |
|
b.
|
In the list of results, navigate to the appropriate component, and click Show Versions to display the list of registered instances for that component. |
|
c.
|
Click Use This Instance next to an existing registered instance to associate that instance with the inventory item. |
or
Click Register New Instance to create a new instance. Complete the registration by selecting an existing component version (or choosing the Create Custom Version value to specify a new version) and then selecting the license to associate with the instance. Click Use This Instance next to the new instance to associate it with the inventory item. (If you register a new component instance when creating inventory, the registered instance becomes available for selection across the system.)
The Name and Description editable fields for the inventory item are automatically populated with information based on the registered instance you selected. Additionally, the Component and License fields are displayed, showing the component, its version, and the license for the instance. Information 
icons are added so that you can view publicly available information about the selected component or its license.
You can also make a last-minute change to the selected component version or its associated license without returning to the Component Lookup feature. Simply click the Edit 
icon next to the Component or License value and select another version or license. To help you make an informed decision about a version selection, click the View all versions link to open the Versions for <componentName> window. From here, view the list of all versions for the component and, for each version, its associated licenses and security vulnerability totals (by severity). You can also delve into more detail for each associated vulnerability. For more information, see Versions for <componentName> Window.
|
•
|
License Only—Create this type of inventory item if you know the license for the third-party code or artifact but do not know the component. (You can later edit this inventory item to convert it to one of the other inventory types.) This type of inventory is typically used for groups of files of unknown origin that are governed by a specific license. The inventory is affected by policies. |
When creating License Only inventory, also select the appropriate license from License dropdown list, which is enabled when you select this type.
The Name field for the inventory item is automatically populated with the name Files under <LICENSE_NAME> License, where <LICENSE_NAME> is license you selected.The 
icon is added so that you can view details about the selected license.(You can also click New to create a custom license. See When Creating or Editing a “License Only” Inventory Item for details.)
|
7.
|
When you completed the details for the new inventory item, click Save. The name of the inventory item appears in the Inventory Items pane. |
|
8.
|
(Optional) To report on newly created or edited inventory items, click Publish. |