Inventory Copyrights and Usage Information
Code Insight provides the ability to view and edit both copyrights and usage information for a given OSS or third-party component associated with an inventory item.
Copyrights information outlines the legal ownership and licensing details of the OSS or third-party component. It specifies the copyright holders, applicable licenses and ensures compliance with the legal terms under which the components are used.
Usage information describes how a software package developed in your organization uses the OSS or third-party component. Usage information is important because it aids auditors and reviewers in determining how closely to monitor an inventory item for intellectual property (IP) and security risks and whether to approve or reject the item, create tasks for its remediation, and issue alerts and notifications pertaining to the item. Usage properties can also help users determine whether an inventory item should be included in Third-Party Notices and what steps need to be taken to satisfy license obligations and conditions of use. Usage information can help to identify license conflicts and compatibility issues.
The inventory item copyrights and usage fields are available in the Copyrights and Usage tab for an inventory item, as found only in the Inventory Details tab on the Analysis Workbench. The inventory item usage fields are available on the Usage tab for an inventory item, as found only on the Project Inventory tab.
The following displays the Copyrights and Usage tab for a given inventory item on the Inventory Details tab in the Analysis Workbench:
The following displays the Usage tab for a given inventory item on the Project Inventory tab:
Copyrights Field
|
•
|
Copyrights—Displays open-source or third-party copyrights associated with component versions of the inventory item and also open-source or third-party copyrights pertaining to its associated files. |
If a codebase scan or rescan identifies updates or additions of open-source or third-party copyrights for an inventory item, the corresponding Copyrights field is updated accordingly. This field reflects both newly added or updated copyrights along with previously existing ones.
The Copyrights and Usage tab allows you to edit or remove the existing open-source or third-party copyrights—sourced from the associated files and Code Insight Data Library—in the Copyrights field for an inventory item and additionally, you can also add a new required open-source or third-party copyright in the same field for the inventory item. You can use the following icons, available in the Copyrights and Usage tab, to manage these copyrights in the Copyrights field:
|
•
|
Add new copyright—Click the Add new copyright icon  to add the required open-source or third-party copyright for an inventory item. |
|
•
|
Remove selected copyright—Click the Remove selected copyright icon  to remove an existing open-source or third-party copyright from an inventory item or from its associated files. |
Once you have made changes in the Copyrights field for the inventory item, click the Save button next to Create Custom Rule button (in the Inventory Details tab header).
Note:Consider the following information pertaining to copyrights in the Copyrights field:
|
•
|
The Copyrights field can include a maximum of 30,000 open-source or third-party copyrights. |
|
•
|
Each open-source or third-party copyright text in the Copyrights field can be up to 512 characters long and can also include alphanumeric characters. |
|
•
|
If multiple identical open-source or third-party copyrights are sourced from multiple sources for an inventory item, the Copyrights field will display only a single instance of copyright. |
|
•
|
When a file is associated with an inventory item, the open-source or third-party copyright pertaining to the associated file is added for the inventory item only after a scan or re-scan of the related codebase. |
|
•
|
If an associated file is removed from an inventory item, the corresponding open-source or third-party copyright is not removed and remains for the inventory item. |
|
•
|
If a user adds or manually enters an open-source or third-party copyright in the Copyrights field for an inventory item and the same open-source or third-party copyright already exists in the field, the recently added or entered open-source or third-party copyright is removed, followed by the following error message: |
|
•
|
If a component version of an inventory item is updated during a scan or rescan, then related open-source or third-party copyright is also updated for the inventory item after clicking the Save button next to Create Custom Rule button. |
Usage Fields
|
•
|
Distribution Type—Indicates how you are distributing the OSS or third-party component associated with the inventory item. The distribution type can affect license priority and obligations. |
|
•
|
Externally with your product, shipped to customers (outside of your organization, including a private cloud deployment at the customer’s site) |
|
•
|
As an application hosted in your company’s data center (such as a SAAS application) |
|
•
|
Internally only (such as an internal test framework included in the codebase but not distributed with the product) |
|
•
|
Distribution method unknown |
|
•
|
Part of Product—Indicates whether the OSS or third-party component is part of the core product or an infrastructure piece such as a build or test tool. This information can affect whether third-party notices are required for this item. |
|
•
|
Linking—Indicates how your software package links to libraries in the OSS or third-party component—statically (the component is included in the materials), dynamically (the component is brought in at runtime), or not linked at all. Linking can affect license priority and obligations. |
|
•
|
Modified—Indicates whether code from the OSS or third-party package has been modified for use by your organization. |
|
•
|
Encryption—Indicates whether the component provides encryption capabilities used in the product. Encryption can affect export controls. |
For explicit directions on viewing or editing inventory item copyrights and usage fields in the Analysis Workbench, see Viewing or Editing Inventory Copyrights and Usage Information from the Analysis Workbench.
For explicit directions on viewing inventory item usage fields and editing inventory items on the Project Inventory tab, see the following: