What is Automated Analysis?

Code Insight provides an Automated Analysis facility that automatically identifies and inventories open-source and third-party components detected in packages of various formats during scans, thus eliminating the need for manual analyses of such ecosystems in codebases post-scan. The latest automated-detection rules for use by Automated Analysis are delivered to Code Insight as part of the Electronic Update process and can also be provided through internal processes.

Automated Analysis is used in both scanning scenarios outlined below:

•

Local scanning where the codebase is uploaded to the Scan Server or synchronized to the server from a Source Control Management system like Git or Perforce.

•

Remote scanning, where a scan-agent plugin performs a scan remotely on built artifacts or source code on an Engineering build server and sends results back to Code Insight. This applies to full scans performed internally by Automated Analysis, not forced