Example Custom Reports
To assist in creating your own custom reports, Code Insight provides the following collection of example custom reports (located in Revenera’s public GitHub report repositories):
| • | Project Inventory Report |
| • | Evidence Report |
| • | Project Comparison Report |
| • | Claimed Evidence Report |
| • | Vulnerabilities Report |
| • | Third-Party Notices Report |
The example reports can be registered by following the instructions in sca-codeinsight-reports-installer READme. If your Code Insight server uses a self-signed certificate, you must download and register these reports manually, just as you would register your own custom reports (see the article referenced earlier in About Custom Reports for Projects).
Once the reports are registered, you can modify them as your own or use them as a basis for creating other custom reports.
Disclaimer for Using the Example Custom Reports
These report scripts are being provided solely as examples. They are external to, and not an official part of, the Code Insight product, as the following disclaimer explains.
THE REPORT SCRIPTS ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SCRIPT OR THE USE OR OTHER DEALINGS IN THE REPORT SCRIPTS.
This report provides an easy, quick method for obtaining a high-level summary of the inventory items within a project.
If you have designated a parent-child hierarchy for your projects to better represent your company offerings, this report can be configured to pull in all child projects (recursively) for the current project and roll up the associated inventory information on a project, as well as an application, basis. Including child projects in the report is useful for keeping track of your software Bill of Materials (SBOM). The report can be further customized to report on other inventory attributes, such as third-party notices, which in turn would capture the notices for all the third-party components included in the report scope.
The report is available in the sca-codeinsight-reports-project-inventory repository in Github.
This report allows you to report on the following types evidence found in the project:
| • | Copyrights |
| • | Licenses |
| • | Emails and URLs |
| • | Search terms |
| • | Exact-file matches |
| • | Source-code matches (snippets) |
The report is available in the sca-codeinsight-reports-third-party-evidence repository in GitHub.
This report compares the inventory of two projects or two project versions, enabling you to identify inventory differences and commonalities.
The report is available in the sca-codeinsight-reports-project-comparison repository in GitHub.
This report allows you to determine which files in a project contain only evidence that is claimable based on string comparisons to the follow evidence types:
| • | Copyrights |
| • | Emails/URLs |
Additionally, you can configure the report so that scanned files that contain only the evidence for the specified claimable values are marked as reviewed and associated with the appropriate inventory items.
The report is available in the sca-codeinsight-reports-claim-files repository in GitHub.
This security-focused report calls out all vulnerable project inventory items and lists their associated security vulnerabilities. Use this report to easily collect and review security issues or to share data with your Security team. The report supports searches and enables you to click-through to the actual vulnerable inventory in Code Insight for additional information.
The report is available in the sca-codeinsight-project-vulnerabilities repository in GitHub.
This report provides the Notices text for the licenses associated with inventory in the project. This report will automatically include licenses with attribution data if available, thus satisfying the attribution requirement of third-party licenses.
The report will also update an inventory item’s Notices Text field for with the attributed license text when possible, based on report options. When multiple licenses are found, all variants will be included, in which case you might need to manually inspect and modify this content for the appropriate inventory in the project.
The report is available in the sca-codeinsight-reports-project-vulnerabilities repository in GitHub.