How Remote Scans Work

Once a Code Insight scan-agent plugin is installed and the scan is configured as part of your build process, the scan agent, when run, collects and sends the scan results back to a project in Code Insight. The results provide information about the scanned files (including any license evidence found) and published inventory awaiting review, management, and remediation through Code Insight user interface.

As with published inventory generated by the Code Insight scan server, published inventory generated by a scan-agent plugin can be automatically reviewed by license or security policies as part of the scan and, for inventory not reviewed by policy, can be reviewed manually by legal or security experts. Security alerts with corresponding email notifications will be generated for any inventory item with new security vulnerabilities.

Considerations

Consider the following:

•

For files scanned by a Code Insight scan-agent plugin on a remote system, currently only license evidence found in these files is currently reported in Code Insight.

•

Code Insight does not generate email notifications for remote scan events.