Project Management
The following enhancements to Code Insight project management are now available.
Project Inventory Export to SBOM Insights
This release introduces feature that exports inventory data from a Code Insight project to SBOM Insights.
About SBOM Insights
SBOM Insights (a Revenera SCA product) gives organizations the ability to manage security and legal risk by maintaining a complete, accurate SBOM (Software Bill of Materials) in the cloud. SBOM Insights aggregates this SBOM over multiple sources and provides full visibility of its contents to security and legal teams, as well as to supply chain partners.
The New Export Feature
If Code Insight has been configured to perform SBOM Insights exports, Project Analysts can now export inventory data from a given Code Insight project directly to SBOM Insights. When the export process is finished, SBOM Insights automatically imports the exported data to a bucket, where the data is managed and aggregated with SBOMs from other sources. (For complete information about SBOM Insights, click here to access the SBOM Insights user documentation.)
Configuration and Process Overview
Refer to the following table for an overview of the configuration tasks and the process involved in an export from Code Insight to SBOM Insights.
|
Phase |
Performed By |
Description |
For More Information |
|
1 |
Code Insight System Administrator |
Configures Code Insight to enable SBOM exports. |
Refer to “Configuring Code Insight for Exports to SBOM Insights” in the Code Insight Installation & Configuration Guide. |
|
2 |
Code Insight Project Administrator |
Assigns the Code Insight project to a specific SBOM Insights bucket. |
Refer to “Assigning the Project to an SBOM Insights Bucket” in the Code Insight User Guide. |
|
3 |
Code Insight Project Analyst |
Initiates the process that exports the project’s inventory to SBOM Insights and imports it to the specified bucket. |
Refer to “Exporting Project Inventory to SBOM Insights” in the Code Insight User Guide. |
|
4 |
SBOM Insights |
Automatically imports the exported inventory to the assigned bucket as a set of “SBOM parts”. |
Click here to open to the section in the SBOM Insights help describing SBOM parts and their import into SBOM Insights. |
|
5 |
Any Code Insight user |
Accesses the Code Insight Jobs queue to track the progress of the export. |
Refer to “Monitoring the Code Insight Jobs Queue” in the Code Insight User Guide. |
Automatic Update of Notices Across Inventory in a Project
Code Insight offers a new feature that automatically updates all inventory items in a project with the appropriate third-party notices obtained from the Revenera Data Library. Users can choose to update the notices text for every inventory item in the project or only those inventory items with an empty Notices Text field. When the option to update the notices text for all inventory is performed, any existing notices text for inventory is overwritten.
When initiated, the notices update is scheduled in the Code Insight Jobs queue.
Only Project Analysts can perform a notices update through the UI. However, both Project Analysts and Project Reviewers can perform this operation through the REST interface. See New APIs.
For complete information about using this new feature, refer to “Updating Third-Party Notices Across Inventory for a Project” in the Code Insight User Guide.