Viewing and Updating Notes and Guidance
The Notes & Guidance tab can provide notes about the automated and manual analysis performed on the codebase as it relates to the current inventory item. The tab can also include guidance on how to remediate issues associated with your product’s use of the OSS or third-party software identified by the inventory item.
To view notes and guidance, do the following:
|
2.
|
Select an inventory item from list. |
|
4.
|
Review or update content in the following fields as needed. All information is editable except for the information in the Detection Notes field: |
|
•
|
Audit Notes—Information recorded about the analysis of the code associated with the component in your codebase. For example, these notes might indicate that the inventory item for the component needed to be manually created based codebase evidence that was not detected in scan. |
|
•
|
Usage Guidance—Two kinds of Information: 1) Information propagated from policies that rejected or approved the inventory during the automatic review process that occurred when the inventory was published. This content can explain why the item was rejected or provide requirements and recommendations for using those items that were approved. You cannot edit this content. 2) Reviewers’ own notes and concerns about the use of the component in your product software. This information is editable. |
|
•
|
Remediation Notes—A description of items to be addressed or actions to be taken before the use of this software in your product is acceptable from a legal or security standpoint. |
|
5.
|
Click Save in any field in which you have made changes. |
|
6.
|
When you have finished with this tab, navigate to another tab for the inventory item, or select another inventory item. |