Creating Inventory from the Inventory Items List
This section describes how to create inventory from the Inventory Items list in the Analysis Workbench. (For instructions on creating inventory items for codebase files in Codebase Files list or File Search Results list in the Analysis Workbench, see Creating Inventory with Associated Files from the Codebase Lists.)
To create inventory from the Inventory Items list, do the following:
|
2.
|
Navigate to the Inventory Items list. |
|
3.
|
Click Add New at the top of the Inventory Items list. A new item, showing default values, opens in its own tab in the Inventory Details pane. |
|
4.
|
For the Name field, perform the appropriate step, based on the inventory type you intend to select for the Type field (see the next step): |
|
•
|
For inventory of the type Work in Progress, specify a name for the inventory item. Best practice is to provide a name in the following conventional syntax used by Code Insight, even if the elements represented in the name are not available in the Data Library: |
<COMPONENT_NAME> <VERSION> (LICENSE_NAME)
|
•
|
For inventory of the type Component or License only, leave the Name field blank. The field will be automatically populated based on the registered component or license instance. |
|
5.
|
From the Type dropdown list, select the type of inventory item you want to create and then perform the related step or steps: |
|
•
|
Work in Progress—Create this type of inventory item if you want to quickly represent third-party code or an artifact without having to select an associated component, version, or license from the Data Library. (You can later edit this inventory item to convert it to one of the other inventory types.) This option is typically used if you need a placeholder or cannot find the associated element in the Data Library. Items of type Work in Progress are not affected by policies and do not receive vulnerability updates or alerts. |
|
•
|
Component—Create this type of inventory item if you know the component, version, and license for the third-party code or artifact and either you are able to locate it in the Code Insight Data Library using the Component Lookup feature or you need to create it as a custom component because it is not in the library. This type of inventory is associated with a registered component instance—that is, a unique component-version-license combination—and is affected by policies and receives vulnerability updates and alerts. |
The Component Lookup feature, made available when you select the Component type, enables you to associate the inventory item with an existing registered component instance (or a new instance that you create) or to create the custom component and instance to associate with the item.
The following are basic steps for using Component Lookup. For details, see Searching Components.
|
a.
|
Click the Lookup Component button to locate the component of interest (as described in the next steps) or to create a custom component and instance to associate with the inventory item (see Creating and Editing Custom Components for continued steps). |
|
b.
|
In the list of results, navigate to the appropriate component, and click Show Versions to display the list of registered instances for that component. |
|
c.
|
Click Use This Instance next to an existing registered instance (a component version and its license) to associate that instance with the inventory item. |
or
If you need to update the license for the existing instance that you want to associate with the inventory item, click the instance’s license in the Selected License column to display a dropdown that lists the licenses in categories. If you select the license from multiple licenses under the System Suggested License category or select the license from the Other Licenses category, the Update License Mapping window is displayed, giving you the option to save the license mapping at the system level. If you select Yes, all future inventory system-generated for the component version will be mapped to this license. (A user-preferred-license icon 
is displayed next to the license.) Any other instances for the same version in the list are replaced with this single instance that uses the user-preferred license. If you select No, the instance is simply updated. (For more information about the Update License Mapping window and the option to save your license mapping at the system level, see Specifying a User-Preferred License Mapping .)
Note that you cannot create a custom license from the Lookup Component window to associate with a component version. However, you can create a custom license for the inventory item from its from its Inventory Details tab. Alternatively, you can create custom licenses from the Policy Details window or from the Licenses tab on the Global Component & License Lookup page. For more information, see Creating and Editing Custom Licenses.
or
Click Register New Instance to create a new instance to associate with the inventory item. To create the new instance, select an existing component version (or choose the Create Custom Version value to specify a new version) and then select the license to associate with the instance. (See the previous paragraph for instructions on selecting a license. If you select No on the Update License Mapping window, a regular instance is added to the instance list for the component.) Once the new instance is created, click Use This Instance next to the new instance to associate it with the inventory item. (If you register a new component instance when creating inventory, the registered instance becomes available for selection across the system.)
Once the instance is selected, the Name and Description editable fields on the Inventory Details tab for the inventory item are automatically populated with information based on the registered instance you selected. Additionally, the Component and License fields are populated with the component, version, and license of the instance. Information 
icons are added so that you can view publicly available information about the selected component or its license.
You can also make a last-minute change to the selected component version or its associated license without returning to the Component Lookup feature. Simply click the Edit 
icon next to the Component or License value and select another version or license from respective dropdowns. If you select a new license, the Update License Mapping window might display (depending on your license selection). This window provides the option to save the license mapping for the component version at the system level. If you select Yes, all future inventory system-generated for the component version will be mapped to this license. If you select No, the license mapping for the component version is updated for the current inventory item only. (For more information about the Update License Mapping window and the option to save your license mapping at the system level, see Specifying a User-Preferred License Mapping .)
To help you make an informed decision about a version selection, click the View all versions link to open the Versions for <componentName> window. From here, view the list of all versions for the component and, for each version, its associated licenses and security vulnerability totals (by severity). You can also delve into more detail for each associated vulnerability. For more information, see Versions for <componentName> Window.
|
•
|
License Only—Create this type of inventory item if you know the license for the third-party code or artifact but do not know the component. (You can later edit this inventory item to convert it to one of the other inventory types.) This type of inventory is typically used for groups of files of unknown origin that are governed by a specific license. The inventory is affected by policies. |
When creating License Only inventory, also select the appropriate license from License dropdown list, which is enabled when you select this type.
The Name field for the inventory item is automatically populated with the name Files under <LICENSE_NAME> License, where <LICENSE_NAME> is license you selected.The 
icon is added so that you can view details about the selected license.(You can also click New to create a custom license. See When Creating or Editing a “License Only” Inventory Item for details.)
|
7.
|
When you completed the details for the new inventory item, click Save. The name of the inventory item appears in the Inventory Items pane. |
|
8.
|
(Optional) To report on newly created or edited inventory items, click Publish. |