Creating an Inventory Item from the Analysis Workbench
When you identify third-party code in your codebase in the Analysis Workbench, you should create an inventory item to record it. Inventory items contain information critical for review and approval. The following describes the overall process for creating inventory in the Analysis Workbench.
|
Phase |
Description |
|
1 |
Filter files that contain evidence of third-party code, such as copyright text or content from an open source license. See Searching for Codebase Files Based on Search Criteria and Viewing a Summary of Evidence Detected Across the Codebase. |
|
2 |
Research the findings and identify the origin of the files. |
|
3 |
Create an inventory item with details about the origin of the code. This is typically an open source project, such as zlib, OpenSSL, or ReactJS. If you do not know code’s origin, you have options to create either a License Only inventory item (if the codebase files are governed by a common license) or a Work In Progress inventory item to serve as placeholder until you obtain more information. Inventory types are described in more detail in the procedure below. |
|
4 |
When all of the evidence is explained in the files you are looking at (bearing in mind that some files might have code from several origins), mark the files as “reviewed”. |
|
5 |
When you are finished analyzing evidence for the inventory items, publish the ones you would like to report on. (For example, you might not want to publish internal or test tools.) |
The following sections provide more details about creating inventory items from two locations in the Analysis Workbench:
| • | Creating Inventory from the Inventory Items List |
| • | Creating Inventory from Files Currently Selected in the Codebase List |