Scan Evidence
Scan evidence is generated by Code Insight during a scan and is available for view in the Analysis Workbench to any analyst assigned to the project. Scan evidence is typically an indicator of open-source or third-party content in the codebase. It can be useful for verifying system-generated inventory, identifying and creating additional inventory not discovered during scan, finding embedded licenses and copyrights in bundled code or archives, determining file origin, and locating stolen or borrowed code.
You can quickly view filter on the following evidence in codebase files in the Analysis Workbench. (For more details about examining evidence in the Analysis Workbench, see Examining and Managing Open-Source Evidence for a Given File and Viewing a Summary of Evidence Detected Across the Codebase.)
| • | Exact Matches—A whole-file match to a file in the Compliance Library |
| • | Source Matches—Snippet-level matches to files in the Compliance Library |
| • | Copyrights—Third-party copyright statements detected in the code |
| • | Emails/URLs—Third-party emails and URLs detected in the code |
| • | Licenses—Licenses detected in the code based on custom license patterns supplied by Electronic Update |
| • | Search Terms—String matches based on pre-configured search terms provided by Code Insight and on custom search terms added by the user as part of the Scan Profile |
Scan Evidence from Scan-Agent Plugins
For files scanned by a Code Insight scan-agent plugin on a remote system, only license evidence is currently reported in Code Insight.