Create Custom Detection Rule Dialog

The Create Custom Detection Rule dialog enables you to create a custom detection rule. You can define these rules as needed to supplement the internal detection rules used by Automated Analysis to automatically create inventory during a scan. The custom detection rules are saved to the Code Insight Data Library for global use across projects. For more information about custom detection rules, see Managing Custom Detection Rules.

This dialog is accessed from two locations:

•

From the Inventory Details tab in the Analysis Workbench for an inventory item of the “component” type—whether system-generated or manually created—to which codebase files have been manually associated (as described in Creating a Custom Detection Rule Within Context of an Inventory Item).

•

From Custom Detection Rules tab accessed from the Data Library page on the Code Insight main menu (as described in Creating a Custom Detection Rule from Scratch).

The ability to edit certain fields depends on how you accessed the dialog. To help explain these differences, the following table designates the two access locations as “Inventory Details tab” and “Custom Detection Rules tab”.

The following describes the columns and actions you can perform from the Custom Detection Rule dialog. Unless specified as “Required” in this table, the fields are optional

Create Custom Detection Rule Dialog

Category

Column/Field

Description

Inventory Name

Use this field if you want to enter a custom name for the inventory item created by this rule. This name overwrites the default component version (license) name that the rule normally assigns to the inventory item, based on the Component and License attributes specified.

Note that, depending on how you access the Create Custom Detection Rule dialog, this field either initially is empty or explicitly contains the default inventory name. (If this field is empty or contains all blank spaces, the default name is assigned to an inventory item.) Either way, you have the option to leave the field as is or edit it to provide a custom inventory name.

The maximum size for this value is 255 characters.

Note:When two rules are defined with these same Component and License attributes but with different inventory names, only the most recently created rule is applied during scans.

Component selection

The following fields describe the component on which the custom detection rule is based.

•

If you have accessed this dialog from the Inventory Details tab for an inventory item in the Analysis Workbench, these fields are auto-populated with component information from the inventory item. The Component and License fields are not editable.

•

If you have accessed this dialog from the Custom Detection Rules tab on the Data Library page, these fields are populated once you select the component. The fields are editable as described below.

Component

(Required) The name of the component on which this detection rule is based.

•

If you accessed this dialog from the Custom Detection Rules tab, click Lookup Component to select the component and its version, license, and forge URL. The License and URL fields are populated accordingly.

You cannot edit this field directly, but you can always select a different component.

•

If you accessed this dialog from the Inventory Details tab, this field is not editable.

License

(Required) The license associated with the component.

•

If you accessed this dialog from the Custom Detection Rules tab, you cannot edit the field directly once it is populated from the component selection, but you can select a different license. To do so, click

to switch to another license and, optionally, change the component version. Additionally, click

to view the details and text of the selected license as stored in the Code Insight Data Library.

•

If you accessed this dialog from the Inventory Details tab, this field is not editable.

Description

Enter a description of the component (or update the pre-populated description).

URL

(Required) Enter the forge URL for the component (or update the pre-populated URL).

License, notices, and note content

The following fields are used to provide license or notice content and audit notes to be included in the inventory items created by this rule. These field are editable.

If you accessed this dialog from the Inventory Details tab in the Analysis Workbench, these fields might be pre-populated with information from the manually created inventory. However, you can edit this information as needed.

As-Found License Text

Enter (or update) the license content that was discovered for the component during scans.

This information is considered for use in the Notices report. If no Notices Text content is provided (see next field), the Notices report uses the content in this field as the license text for the third-party component. For more information, see Finalizing the Notices Text for the Notices Report.

Notices Text

Enter (or update) the exact license content to include in the Notices report. This content is usually a modification of the text in As-Found License Text. (You can copy the As-Found License Text content to the Notices Text field and edit it.)

If content exists in this field, the Notices report uses it as the license text for the third-party component and ignores any information in the As-Found License Text field. For more information, see Finalizing the Notices Text for the Notices Report.

Audit Notes

Enter (or update) any notes or findings per analysis of the inventory item that might be helpful to the inventory reviewers.

File MD5 list

(This single field for specifying file criteria is available only if you have accessed the current dialog from the Inventory Details tab in the Analysis Workbench to create a rule within the context of an inventory item.)

The File MD5 list box is pre-populated with a set of file criteria used for detecting the third-party or OSS component for which the rule is being created. The criteria is based on the MD5 value of each file associated with the inventory item in which context you are creating the rule.

To identify which of the displayed criteria the rule should apply, click the checkbox next to each desired criterion. (Be sure to clear the checkbox next to any criterion that you want to exclude from the rule.) At least one criterion must be selected.

Consider that, if the custom detection rule is defined with multiple file criteria, the scan uses OR logic when processing the criteria against the target codebase. Consequently, only one file match between codebase and the rule is required to automatically create an inventory item. For a comprehensive list of rule-processing behavior, see Rule-Processing Considerations.

Detection Criteria

(This field and its related File MD5 or File Path field for specifying file criteria are available only if you have accessed the current dialog from the Custom Detection Rules tab on the Data Library page to create the rule from scratch.)

Select the type of file criteria that you are specifying to detect the presence of the third-party or OSS component:

•

File MD5—The file in each criterion is identified by its MD5 value. (Default)

•

File Path—The file in each criterion is identified by its file path.

The set of file criteria in the rule must be of the same criteria type.

If you attempt to set up detection criteria for both types, keep in mind that you lose the criteria for the type that is currently not selected for Detection Criteria when you save the rule. A custom detection rule allows only a single set of criteria (File MD5 or File Path) to exist at any one time.

Also consider that, if the custom detection rule is defined with multiple file criteria, the scan uses OR logic when processing the criteria against the target codebase. Consequently, only one file match between codebase and the rule is required to automatically create an inventory item. For a comprehensive list of rule-processing behavior, see Rule-Processing Considerations.

At least one criterion for the rule’s specified criteria type is required.

File MD5 grid

(Available if Detection Criteria is File MD5) Add and manage the file criterion consisting of the file name and the MD5 value for each file used as an indicator of the existence of the component.

At least one file criterion is required.

•

To add a file criterion—Click Add File and enter the file’s name and MD5 value in the Name and MD5 fields, respectively, in the new row.

•

To edit a file criterion—Click within the Name or MD5 field in the row for the criterion and make the textual changes.

•

To remove a file criterion—Click

at the end of the row for the criterion.

File Path text box

(Available if Detection Criteria is File Path) Add and manage the file criterion consisting of the file path for each file used as an indicator of the existence of the component. At least one file criterion is required.

•

To add a file path—Click the Add icon

and enter the file’s path in the new row. You can provide the file’s absolute or relative path or enter a path pattern.

A path pattern consists of the asterisk symbol * within the path, denoting any number of directories or files. For example, the following path pattern indicates that any file with the extension .h under the directory root will be considered detection criteria for the rule.

**/root/*.h

•

To edit a file path—Click within the path row and make the textual changes.

•

To remove a file path—Click within the path row, and then click the Remove icon

Actions

The following are actions conclude the rule-creation session.

Save

Click Save to save the new custom detection rule to the Code Insight Data Library. You will be asked for confirmation to proceed with the creation.

Cancel

Click Cancel to cancel the rule creation process. You will be asked for confirmation to proceed with the cancellation.