Export and Import
The following are enhancements to the Code Insight project export and import functionality:
Support to Import SBOM Files into Code Insight Project
Previously, Code Insight did not support the import of SBOM (Software Bill of Materials) data in a project.
Starting in this release, a new option, SBOM File (CycloneDX/SPDX) has been added to the Import Type field's dropdown list on the Import Project Data dialog box. If you set the Import Type field to the SBOM File (CycloneDX/SPDX), Code Insight allows you to select SBOM data to import into a desired Code Insight project by using the Browse tab next to the Choose File to Import field.
You can import SBOM data in one of the following file formats:
| • | .json (complies with either the CycloneDX or SPDX (Software Package Data Exchange) standards). |
| • | .xml (complies with the CycloneDX standard). |
| • | .spdx (complies with the SPDX (Software Package Data Exchange) standard). |
Importing SBOM data into a Code Insight project enhances software security, compliance, and risk management by providing a comprehensive inventory of all software components, libraries, and dependencies within a project.
The following displays the Import Type field set to the SBOM File (CycloneDX/SPDX) option in the Import Project Data dialog:
Maintain Source Inventory Relationships in Target During Copy Process
Starting in this release, the Project Copy process—which copies all scan results from the scanned project (source) to the new project (target) without running a scan on the new project (target)—now also includes the copying of relationship details pertaining to all inventory items from the scanned project (source) to the new project (target).
Support to Copy the Inventory-Relationships Information During Branching
Starting in this release, the “copy of project information" phase of the branching operation between Code Insight projects has been enhanced to include copying inventory-relationships data from the source project to the branched project.
This enhancement enables you to preserve the inventory-relationships data in addition to any file-audit data, inventory, and inventory-review data of the source project in the branched project.
For more details on handling identical inventory items in project-branching, see the “Other Considerations About the Project-Branching Operation” section in the Code Insight User Guide.
Merging Inventory Items With the Same CVL During Import
Starting in this release, Code Insight supports the merging of identical inventory items—those which includes the same unique combination of component-version-license (CVL)—during project import.
While importing a project, if an inventory item in the source project includes the same unique combination of component-version-license (CVL) as an inventory item in the target project, Code Insight merges both inventory items. The resulting inventory item in the target project reflects the updated Relationship field value on the Project Inventory Details pane, and its name displays only the actual CVL.
For more details on merging of inventory items with the same CVL during project import, see the "Handling of Identical Inventory During a Project Import" section in the Code Insight User Guide.
Ability to Export Relationship and Dependency Details During Project Data Export
Previously, Code Insight's export functionality did not include the export of inventory items' relationship and dependency details while exporting scanned project data from a source project to the target project.
Code Insight 2024 R4 enhances the support to export the inventory items' relationship and dependency details as a part of scanned project data export process. Due to this enhancement, whenever scanned data is exported from any source project to the target project created in Code Insight 2024 R4 or later, both the Relationship and Dependency Level fields in the Inventory Details tab on the Project Inventory Details pane for each inventory item (scanned source project data) in the target project reflect the relationship and dependency details according to their source project only.