Rule-Processing Considerations
As you manage custom detection rules, consider how the rules are processed under certain circumstances:
| • | If the custom detection rule is associated with more than one file, the scan uses OR logic when processing the files against the target codebase. Consequently, only one file match between codebase and the rule is required to automatically create an inventory item. |
| • | If two rules are created with identical details and codebase files, a single inventory item is generated during a scan when both rules are applied. |
| • | If two rules are created with the same Component and License details but have different Inventory Name values, the rule created more recently is applied. |
| • | If two rules are created using the same Inventory Name, Component, and License details and the same codebase files, but have a different Description, URL, Audit Notes, As-Found License Text, or Notices Text value, a single inventory item is generated during a scan when both rules are applied. In the inventory item, values that differ between the rules for a given field are separated (shown on separate lines or with a separator) within the field. |
| • | If two rules with are created with the same codebase files but use a different Component value, two inventory items are generated during the scan. |
| • | If a rule has a File MD5 criterion for a given codebase file and another rule has a File Path criterion for the same codebase file but is set up for a different component, only the rule with the File MD5 file criterion will be processed. (In such cases, a rule with File MD5 detection criteria is given precedence over a rule with File Path detection criteria.) |