Creating an Inventory Item from the Analysis Workbench
When you identify third-party code in your codebase, you should create an inventory item to record it. Inventory items contain information critical for review and approval. The following describes the overall process for creating inventory in the Analysis Workbench.
|
Phase |
Description |
|
1 |
Filter files that contain evidence of third-party code, such as copyright text or content from an open source license. See Searching for Codebase Files Based on Search Criteria and Viewing a Summary of Evidence Detected Across the Codebase. |
|
2 |
Research the findings and identify the origin of the files. |
|
3 |
Create an inventory item with details about the origin of the code. This is typically an open source project, such as zlib, OpenSSL, or ReactJS. If you do not know code’s origin, you have options to create either a License Only inventory item (if the codebase files are governed by a common license) or a Work In Progress inventory item to serve as placeholder until you obtain more information. Inventory types are described in more detail in the procedure below. |
|
4 |
When all of the evidence is explained in the files you are looking at (bearing in mind that some files might have code from several origins), mark the files as “reviewed”. |
|
5 |
When you are finished creating inventory items, publish the ones you would like to report on. You can choose not to publish internal or test tools. |
For more details about creating inventory items in the Analysis Workbench, see the following sections:
| • | Creating Inventory from the Inventory Items List |
| • | Creating Inventory with Associated Files from the Codebase Lists |