Common Project Configurations
These are some examples of common project configurations:
| • | Project that manages server scan results—A project is configured for server scan (that is, a Scan Server scan) on one or more application source codebases that are uploaded to the Scan Server or synchronized to the server through a Source Control Management application. The scan profile for a given server scan can perform a full analysis of the source—including searches for exact matches of entire OSS or third-party files and for partial source-code matches (fingerprints)—and process files inside archives. |
| • | Project that manages remote-scan results—The project manages the results of remote scans performed on one or more remote server codebases—each codebase typically consisting of built artifacts residing on a build server (for example, a Jenkins or GitLab server or another supported build server, artifact repository, or version control system). A given remote scan is performed by a Code Insight scan-agent plugin, which sends the scan results to the project. (Currently, only OSS or third-party license evidence that the scan discovers in the codebase files is viewable in the project.) |
| • | Project for manage results of server and remote scans—The project is configured to perform server scans on the application’s source code (either uploaded or synchronized to the Scan Server), and it manages the results of remote scans performed on build server codebases. |
| • | Security-focused project—The policy profile selected for the project triggers an automatic review of project inventory based on the presence of security vulnerabilities, on the CVSS scores and severity of these vulnerabilities, and on other criteria. |
| • | Project focused on intellectual-property protection—The policy profile selected for the project triggers an automatic review of project inventory based on the presence of allowed and not-allowed components, version ranges, and licenses. |