Role of an Analyst

The role of a project Analyst in Code Insight is to use the Analysis Workbench as a means to transform the evidence uncovered by the Scan Server into an inventory item. Analysts create inventory items that associate files in your codebase to open-source and third-party projects, called components in Code Insight. For example, Analysts might locate files whose content contains both the string “Copyright (c) 2015 to 2021 Mark Smith” and text matching a license used by the “zlib” component. The Analyst could then associate these files with an inventory item for the “zlib” open-source component and mark the files as reviewed to register progress.

The Analyst will evaluate all of the evidence within a codebase, create inventory items where appropriate, mark the analyzed files as reviewed, and finally publish them. The remaining sections in this chapter describe these tasks.

Once published, the inventory will be available for reporting and review by Legal, Security, and Development teams, as described in Reviewing Project Inventory. The ultimate goal of both the audit and the review/remediation processes is to produce a complete and accurate inventory of open-source and third-party code within your products—sometimes referred to as a Bill of Materials (BOM).

Refer to the Code Insight User Roles and Permissions section for more information about Analyst role required to access the Analysis Workbench and to analyze and act on scan results.