Creating a Project Without Uploading a Codebase

Some organizations might be interested in reviewing the inventory that results from a scan of their product’s post-build artifacts on the build server. Other organizations might want to review the inventory resulting from a codebase scan but are reluctant to upload their product codebase (or synchronize a Source Control Management repository) to Code Insight. Instead, they want to keep their codebase in its existing development system due to security, consistency, or other concerns.

To address these requirements, Code Insight provides scan-agent plugins t

Using Scan-Agent Plugins

Code Insight offers scan-agent plugins that scan codebase files or built artifacts wherever they reside and send the results as inventory to the Code Insight Core Server for review and remediation by users. This process requires a Code Insight project on the Core Server for handling the returned results, but requires no codebase upload or synchronization to Code Insight.

Using Both a Scan Agent-Plugin and the Scan Server

Organizations might still want to upload a their product codebase to Code Insight to perform a server scan, but then use a scan plugin to remotely scan post-build artifacts directly on the build server. They can use the same Code Insight project to handle the results of both scans, enabling them to compare the resulting inventories, resolve discrepancies, and determine a final inventory list.