Rule-Processing Considerations
As you manage custom detection rules, consider how the rules are processed under certain circumstances:
| • | If the custom detection rule is associated with more than one file, the scan uses OR logic when processing the files against the target codebase. Consequently, only one file match between codebase and the rule is required to automatically create an inventory item. |
| • | If two rules are created with identical details and codebase files, a single inventory item is generated during a scan when both rules are applied. |
| • | If two rules are created using the same component, version, and license details and the same codebase files, but have different Description, URL, Audit Notes, As-Found License Text, or Notices Text content, a single inventory item is generated during a scan when both rules are applied. In the inventory item, values that differ between the rules for a given field are separated (shown on separate lines or with a separator) within the field. |
| • | If two rules with are created with the same codebase files but use a different component, two inventory items are generated during the scan. |