Project Inventory Tab

The Project Inventory tab lets you search and review the published inventory of open-source and third-party components found in the source code and artifacts scanned in a Code Insight project. To access the Project Inventory tab, see Displaying Project Inventory.

About Published Project Inventory

An inventory item can be placed in a published state automatically by a scan (based on policy criteria) or manually by an analyst if enough evidence exists to ensure that this component is actually used by your code. At publication, those inventory items that are not automatically approved (based on policy criteria) will need to be reviewed to validate that they should be included in the Bill of Materials for your product.

The Project Inventory tab provides the means of finalizing the inventory to include in your Bill of Materials. The tab enables legal and security experts to review the published inventory as needed and either approve items for inclusion in the Bill of Materials or reject them until further review or remediation efforts are performed. The reviewers can create tasks for the additional reviews or for the remediation work required by software engineering to fix security or legal risks in the code.

Field Descriptions

The Project Inventory tab consists of two panes: the left pane showing the list of published inventory for the project and the Project Inventory Details pane on the right showing the details of the inventory item currently selected in the list. The following table describes the information on this tab.

Project Inventory Tab
		Field/Panes	Description
Inventory Items (x) pane	This pane shows the list of inventory items that have been published in the project. The pane title includes the number of inventory items currently displayed in the list.
	Inventory item fields	The following properties describe each inventory item in the list.
		Name	The inventory item name in componentName version (license) format, as in the following: apache-activemq 5.4 (Apache-2.0) If the inventory item is a dependency of another inventory item, the relationship is shown within brackets, as in this example: activemq-optional 5.4.0 [Bundled with apache-aapache-activemq 5.4] (Apache-2.0) You can sort the inventory list on this column in ascending or descending alphabetical order. To view or edit information about an inventory item, click the hyperlinked inventory name to open its Project Inventory Details pane.
		Priority	The inventory priority, indicating how the item ranks in importance in the review process, with P1 as the highest priority and P4 as the lowest. For more information about inventory priority, see Inventory Priority. You can sort the inventory list on this column in ascending (P1 to P4) or descending numeric order (P4 to P1).
		Vulns	The total number of security vulnerabilities associated with the inventory item. Vulnerability details for the inventory item are available in the Project Inventory Details Pane when you select the item.
		Status	The review status of the inventory item: Not Reviewed, Approved, or Rejected. For more information about the inventory status, see Review Status of Inventory. You can use this column to sort the inventory list by review status in ascending (Not Reviewed, Approved, Rejected) or descending (Rejected, Approved, Not Reviewed) order.
	Inventory search options	If you need to filter the inventory list to locate the inventory items to review, use either or both of these options.
		Enter Inventory Name	To filter the inventory list by a string contained in the item name, enter this string in the Enter inventory name box. As you type each character in the string, the list is automatically filtered according to the entered characters. This current name filter is copied to the Advanced Inventory Search Dialog should you later perform an Advanced Inventory Search (by clicking Advanced Search). Likewise, if you enter a name filter on the Advanced Inventory Search dialog, it is copied to this field. This behavior enables you to keep the name filter persistent. However, you can always change or remove the filter in either location.
		Advanced Search	To filter the inventory list by one or more inventory properties, click the Advanced Search button. For complete details about performing an advanced inventory search, see Advanced Inventory Search Dialog.
	Add Item	This button is visible only if you have Analyst permissions. To add a new inventory item to the list, click this button to open the New Inventory dialog. (The new item is automatically placed in the published state.) For more information creating an inventory item, see Creating Inventory from the Project Inventory Tab.
Project Inventory Details pane	When you select an inventory item, the Project Inventory Details pane on the right is populated with details about the item. From this pane, you can edit the item’s properties, set up review and remediation tasks for the item, provide audit, usage-guidance, and remediation notes, edit the item’s third-party Notices content, and ultimately approve or reject the item for its inclusion in the Bill of Materials. For complete information, see Project Inventory Details Pane.