Inventory Priority

The priority of an inventory item is meant to highlight which items are in more need of a review than others during the inventory review process. Code Insight uses the following algorithms determine the default priority of an inventory item.

You can manually change the inventory priority by simply selecting a different priority from the Priority dropdown list either in the Analysis Workbench or on the Project Inventory tab.

For a “Component” Inventory Type

Code Insight sets the inventory priority to P1 if any of these circumstances exist:

•

The inventory item has at least one associated security vulnerability with a severity of High (for CVSS v2.0) or Critical (for CVSS v3.x).

•

The Selected License priority is P1 (see License Priority).

•

No licenses are found (that is, the Selected License value is I don’t know and no evidence of other licenses is found in the files associated with the inventory item).

Otherwise, when the user or system selects a component-version-license triad, the inventory priority is based on the license priority or highest associated security vulnerability severity, unless that would mean lowering an existing inventory priority.

Note:If the Selected License value for an inventory item is I don’t know but evidence of other licenses is found in the files associated with inventory item, the inventory priority is based on the highest priority among the found licenses or the highest associated vulnerability severity.

For a “License-Only” Inventory Type

When a user selects a license for a license-only inventory item, the inventory priority is set to the license priority (see License Priority) unless that would mean lowering an existing inventory priority.

Note:Due to the algorithm used to calculate the priority, the system-generated inventory priority will never be lowered by the system. It can only be lowered explicitly by the user.