Inventory View

Code Insight enables you to view published inventory of open-source (OSS) or third-party components found across the projects in your Code Insight system. This inventory, displayed in a single scrollable window called the Inventory view, provides the means to make overall assessments of the OSS or third-party code used in your company’s software deliverables.

Inventory View

Category

Column/Field

Description

Search and filter fields and buttons

Use these fields and buttons (which display at the top of the Inventory view) to filter and modify the inventory list in the view. For your reference, the total number of filtered inventory items currently displayed compared to the total number of items in the full Inventory view is tracked in the Inventory view header:

Enter Inventory Name

Use this field to filter the inventory list by inventory name. Enter a string by which to filter the inventory names.

If necessary, click the search icon next to the field to initiate search.

To remove the string and restore the full list of inventory items, click the X in the field.

Advanced Search button

Click this button to open the Advanced Inventory Search dialog. From this dialog, you can set search criteria (based on inventory attributes) by which to filter the inventory list. For details about the criteria available on this dialog, see Advanced Inventory Search Dialog.

 

Context for the view (dropdown list)

From this dropdown list, select the major context for the Inventory view:

My Projects— Show all published inventory across those Code Insight projects in which you are assigned a role. You might use this context to show areas where you need to provide review or remedial work, or you might want to review the overall state of inventory found in your projects. (This is the context enabled by default when you open the Inventory view.)
All Projects—Show all published inventory across all projects in your Code Insight system. This context is helpful in visualizing trends in your company’s use of open- source and third-party code in its software projects.
Select Project—Show all published inventory for a selected Code Insight project. Since projects represent versions of a particular software product, this view allows you to see all inventory items for that product. Furthermore, you can also opt to list the inventory for all child projects of the selected project. These child projects represent modules used by your top-level product. You can directly link to the inventory item of the child project or to the child project itself. You can also view the parent hierarchy of the child project to understand the provenance of the inventory items. (See Including the Inventory of Child Projects on the Inventory View for details.)

If you choose this option, a dialog is displayed from which to select a project. Once you choose the project, the inventory list is refreshed with the inventory for that project only.

Change Project

(Displayed once a specific project is selected for Select Project in the previous field) Click this button to select a different project whose inventory you want to display in the Inventory view.

 

Show All Items button

Click this button to remove all current criteria configured on the Advanced Inventory Search dialog and switch the focus of the Inventory view to show all projects.

Note:This button does not display if the Inventory view is already using the All Projects focus.

Include inventory items from child projects

If child projects have been identified for project currently in context in the Inventory view, select this option to refresh the view to include the inventory for these child projects. In this way, you can examine the inventory found across the project codebases for all parts of your software project, including its dependencies and sub-modules For more information, see Including the Inventory of Child Projects on the Inventory View.

Note that by selecting to include inventory from child projects, all child-projects associated recursively to the current top-level project will be included in your inventory items list. Each child project is identified by theicon next to its name in the list.

Inventory columns

The following columns identify and provide information about each inventory item listed in the Inventory view.

To manage column content, hover over the right side of a specific column header, and click its dropdown menu. From this menu, you can re-sort column values in ascending or descending order, as well as display or hide any column in the Inventory view. (By default, the #Files column is hidden.)

Note:Currently you can re-sort the values in the Project, Inventory Name, Priority, #Files, Status, and Created On columns.

To open a read-only version of the details for the given inventory item, click anywhere in the row for the item (except on linked text or a linked icon). A slide-out is displayed, showing most of the details that are also available for the item on its Project Inventory Details pane in the actual project. However, unlike the Project Inventory Details pane, the values on the slide-out are not editable. (While these values are read-only, certain ones are hyperlinked, enabling you to still explore and maintain the inventory item if you want.) For more information, see Opening a Read-Only Version of Inventory Details on the Inventory View. For a description of the inventory details available on the slide-out, see Project Inventory Details Pane.

Otherwise, you can use links directly on the Inventory view to open an inventory item’s associated project to examine the item within the context of its actual project and to edit its details as your permissions allow. See the Project and Inventory Name column descriptions.

 

Project

The name of the Code Insight project to which the given inventory item belongs.

If a project is a child project of the current project, theicon displays next to the child project name. Click this icon to view the recursive hierarchy of the child project’s parents.

To open the project to its Project Inventory tab, click the hyperlinked project name. From here, you can explore and edit all published inventory (including the given inventory item) as your permissions allow. For more information, see Open the Associated Project to the List of All Inventory in the Project .

Inventory Name

The name of the inventory item in component version (license) format.

To open the project to which the given inventory item belongs, click the hyperlinked inventory name. The project opens to the Project Inventory Details pane on the Project Inventory tab, providing access to all information available for the given inventory item within the project. From here you can explore and edit this inventory item as your permissions allow. For more information, see Open the Associated Project Directly to the Details for a Given Inventory Item.

Alternatively, instead of opening the project, you can view a read-only version of the inventory details within the Inventory view. See the Inventory columns description.

Priority

The inventory priority of the item (P1, P2, P3, or P4). For more information about this attribute, see Inventory Priority

Component

The name and version of the open-source or third-party component on which the inventory item is based. For more information about the component, click to open the Component Details window. This window shows publicly available details for the component as found in the Code Insight Data Library of third-party and OSS component information.

When a component is not known, N/A is displayed.

 

License

The license associated with the open-source or third-party component. For more information about the license, click to open the License Details window. See License Details Window for a description of the available details.

When a license is not known, the value I don’t know is displayed.

Vulnerabilities

A bar graph showing the count of known security vulnerabilities by severity color for the inventory item. Click the graph to view a list of these vulnerabilities and their CVSS details. For more information about security vulnerabilities, see Working with Security Vulnerabilities.

The counts in this graph do not include vulnerabilities that are currently suppressed. If the inventory item has no known vulnerabilities, None is displayed.

Tasks

Access to the open tasks for the inventory item:

If open tasks exist for the inventory item, the icon is displayed. Click this icon to open a Tasks window, listing the open tasks specific to the inventory item. From here, you can view or edit details for each open task, close the task, or create new tasks for the inventory item if needed.
If no open tasks exist for the inventory item, no icon is displayed.

Alerts

Access to any security alerts for the inventory item. An alert is generated if the Electronic Update or Library Refresh detects a new security vulnerability for the inventory item since the last scan.

If alerts exist for the inventory item, the icon is displayed. Click this icon to open an Alerts window, listing the new security vulnerabilities and their CVSS information. From here, you can change the priority or status of the alert. See Managing Security Vulnerability Alerts for details.
If no alerts exist for the inventory item, no icon is displayed.

# Files

The number of codebase associated with the inventory item.

 

Status

The status of the inventory item:

Approved—Approved for inclusion in the final notices of open-source and third-party components (such as a Bill of Materials or a similar document).
Rejected—Rejected for inclusion in the final notices.
Ready for Review—Not yet reviewed.

Created On

The date on which the inventory item was created.