Creating Inventory from the Project Inventory Tab

Reviewers can create an inventory item to represent any third-party code or artifact that is not automatically detected by the system.

Use the following steps to create an inventory item from the Project Inventory tab as needed. Note the following:

•

When you save the inventory item, it is automatically published.

•

No files can be associated with an inventory item when it is created from the Project Inventory tab.

•

If you register a new component instance (a unique component-version-license combination) when creating inventory, the registered instance becomes available for selection across the system.

•

Inventory of type Work in Progress, Component, or License Only can be created.

To create an inventory item from the Project Inventory tab, do the following:

1.

Open the Project Inventory tab for the desired project (see Displaying Project Inventory).

2.

Click Add Item at the top of the Inventory Items list.

The New Inventory dialog opens.

3.

For the Name field, perform the appropriate step, based on the inventory type you intend to select for the Type field (see the next step):

•

For inventory of the type Work in Progress, specify a name for the inventory item. Best practice is to provide a name in the following conventional syntax used by Code Insight, even if the elements represented in the name are not available in the Data Library:

<Component_name> <version> <License_name>

•

For inventory of the type Component or License only, leave the Name field blank. The field will be automatically populated based on the registered component or license instance.

4.

From the Type dropdown list, select the type of inventory item you want to create and then perform the related step or steps:

•

Work in Progress—Create this type of inventory item if you want to quickly represent third-party code or an artifact without having to select an associated component, version, or license from the Code Insight Data Library. (You can later edit this inventory item to convert it to one of the other inventory types.) This option is typically used if you need a placeholder or cannot find the associated element in the Data Library. Items of type Work in Progress are not affected by policies and do not receive vulnerability updates or alerts.

•

Component—Create this type of inventory item if third-party code or artifacts point to a definite component version and possibly its license. You need to associate this type of inventory with a registered component instance—that is, a unique component-version-license combination found in the Code Insight Data Library. Use the Lookup Component feature, made available when you select the Component type, to locate this component instance and associate it with the inventory item. If are unable to locate the appropriate instance, the Lookup Component feature enables you to create a custom component. See Using “Lookup Component” to Search for Components to Associate with Inventory for further instructions.

Once the instance is associated with inventory item, the Name, Description, Component, and License fields on the Inventory Details tab are automatically populated with information based on the selected instance. Additionally, Information icons are available next to the Component and License fields so that you can view publicly available information about the selected component or its license.

This inventory type is affected by policies and receives vulnerability updates and alerts.

•

License Only—Create this type of inventory item if evidence shows groups of codebase files of unknown origin are governed by a specific license. (You can later edit this inventory item to convert it to one of the other inventory types.) This inventory type is affected by policies

When creating License Only inventory, also select the appropriate license from License dropdown list, which is enabled when you select this type.

The Name field for the inventory item is automatically populated with the name Files under <License_name>, where <License_name> is license you selected. The icon is added so that you can view details about the selected license.(You can also click New to create a custom license. See Creating a Custom License While Creating or Editing a “License Only” Inventory Item for further instructions.)

5.

Update the remaining fields if appropriate. For a description of each field, see Project Inventory Details Pane.

Click Save. The inventory item is added as a published item to the Inventory Items list on the Project Inventory tab and in the Analysis Workbench.

Additionally, when the new inventory item is saved, it is it automatically reviewed by the review policy profile associated with project. (See Managing Policies to Automatically Review Inventory for more information.)

•

If the inventory item meets at least one of the criteria in the review policy, the item is assigned an Approved or Rejected status, overwriting the current status.

•

If the inventory item does not meet any of the policy criteria, the item is assigned the status Not Reviewed, indicating that a manual review is required.

Note:Based on your project’s configuration, additional events can occur once an inventory item is rejected or assigned a Not Reviewed status. (For example, a Rejected status can automatically create a remediation task for the inventory item.) See Updating Inventory Review and Remediation Settings for a Project for more information.

6.

(Optional) If you created a License Only inventory item, view details about the license selected for the new inventory item on the Licenses Details tab in the right pane.