Inventory Usage Information
Code Insight provides the ability to see and edit usage information for a given OSS or third-party component associated with an inventory item. Usage information describes how a software package developed in your organization uses the OSS or third-party component. This information is important because it aids auditors and reviewers in determining how closely to monitor an inventory item for intellectual property (IP) and security risks and whether to approve or reject the item, create tasks for its remediation, and issue alerts and notifications pertaining to the item. Usage properties can also help users determine whether an inventory item should be included in Third-Party Notices and what steps need to be taken to satisfy license obligations and conditions of use. Finally, usage information can help to identify license conflicts and compatibility issues.
The inventory usage fields are available on the Usage tab for a given inventory item, as found both on the Project Inventory tab (shown below) and in the inventory view in the Analysis Workbench. You can update these fields when you manually create or edit inventory items.
|
•
|
Distribution Type—Indicates how you are distributing the OSS or third-party component associated with the inventory item. The distribution type can affect license priority and obligations. |
|
•
|
Externally with your product, shipped to customers (outside of your organization, including a private cloud deployment at the customer’s site) |
|
•
|
As an application hosted in your company’s data center (such as a SAAS application) |
|
•
|
Internally only (such as an internal test framework included in the codebase but not distributed with the product) |
|
•
|
Distribution method unknown |
|
•
|
Part of Product—Indicates whether the OSS or third-party component is part of the core product or an infrastructure piece such as a build or test tool. This information can affect whether third-party notices are required for this item. |
|
•
|
Linking—Indicates how your software package links to libraries in the OSS or third-party component—statically (the component is included in the materials), dynamically (the component is brought in at runtime), or not linked at all. Linking can affect license priority and obligations. |
|
•
|
Modified—Indicates whether code from the OSS or third-party package has been modified for use by your organization. |
|
•
|
Encryption—Indicates whether the component provides encryption capabilities used in the product. Encryption can affect export controls. |
For explicit directions on viewing or editing inventory usage either in the Analysis Workbench or on the Project Inventory tab, see the following: