System Settings Tab

The System Settings tab on the Administration page is used to define settings that configure your Code Insight system. The tab provides the following configuration settings:

System Settings Tab

Section

Field

Description

Security Vulnerability Options

Select the CVSS (Common Vulnerability Scoring System) version—CVSS v3.x (3.0 and 3.1) or CVSS v2.0 in which to display security vulnerability scores and severities in the Code Insight Web UI. Initially, CVSS v 2.0 is the default.

If you switch versions, the CVSS scores and severity values displayed for vulnerabilities will be impacted, as will policies based on these values. For more information, see Security Vulnerabilities Associated with Inventory and Managing Policies to Automatically Review Inventory.

Configure SBOM Insights

If your site intends to export project inventory data to SBOM Insights (a Revenera SCA product), complete the following fields that configure the Code Insight connection to SBOM Insights. Each of these fields is required to create the connection. A Test Connection button is available in this section to ensure the connection works. For more information, see “Configuring Code Insight for Exports to SBOM Insights” in the Code Insight Installation & Configuration Guide.

SBOM Insights URL

Provide the URL for your SBOM Insights instance, as in this example:

https://sca-app.revenera.com 

This URL is shown in the address on your browser once you log into SBOM Insights, as shown in this example:

Organization ID

Provide the Organization ID in SBOM Insights to which the Code Insight data will be exported.

This ID is shown in the address on your browser once you log into SBOM Insights, as shown in this example:

API Refresh Token

Enter the API refresh token generated in SBOM Insights. This token is required to give Code Insight access to SBOM Insights. Instructions for generating this token are found in Generating a Refresh Token in the SBOM Insights user documentation.

 

Test Connection

Once you have completed the fields above, click this button to determine whether a connection can be successfully established between Code Insight and SBOM Insights.

If a connection is established, a “Test Connection Successful” message is displayed in the upper right of the screen.
If the connection fails, an error message is displayed, explaining the error. Edit the connection information as needed and test the connection again.

Save

Click this button to store the connection properties in the Code Insight database.

This action also tests the connection. If the connection fails, an error message is displayed and the data is not saved. Edit the information as needed and try to save again.

Custom Fields sections

The Custom Fields for Inventory and Custom Fields for Projects sections provide a means for the System Administrator to manage custom fields for inventory and projects. Within each section, the administrator can create new custom fields, view the list of existing fields, and edit field definitions. By default, a custom field is available for all inventory items or all projects in your Code Insight system. Users with appropriate permissions can then update the field’s value for a specific inventory item or project. (Note, however, that the System Administration can limit the field’s availability in Code Insight.)

A maximum for five custom fields for inventory and thirty custom field for projects can be created. A custom field cannot be deleted but can be disabled (and then re-enabled as needed).

Note:After a fresh installation of Code Insight, no custom fields exist until the System Administrator creates them.

The remainder of this table describes the mechanisms and attributes used to define and manage custom fields in the Custom Fields for Inventory and Custom Fields for Projects sections. For details about managing custom fields, see “Creating and Managing Custom Fields for Inventory” and “Creating and Managing Custom Fields for Projects” in the Code Insight Installation & Configuration Guide.

Add Field button

Within the Custom Fields for Inventory or Custom Fields for Projects section, click this button to open the Add Custom Field window, enabling you to create a custom field. Once the field is defined and saved, it is added to the list of custom fields displayed in the section.

 

Update Field icon

Attributes for custom fields

To edit the definition of an existing custom field within the Custom Fields for Inventory or Custom Fields for Projects section, click the icon in the Action column for the field in the list. The Edit Custom Field dialog is opened, enabling you to change the field’s attributes. Once saved, the changes are reflected in the attributes for that field in the list.

The following attributes are used to define a custom field in either the Custom Fields for Inventory or Custom Fields for Projects section. These attributes are also displayed for each field in the list of existing custom fields in the section.

Note:When setting up the custom SBOM Bucket Name project field required for exporting inventory data to SBOM Insights, you must specify certain attribute values. See “Configuring Code Insight for Exports to SBOM Insights” in the Code Insight Installation & Configuration Guide for instructions.

Enabled

The attribute controlling whether the custom field is activated in Code Insight.

Yes—The field will be activated and made available in Code Insight across all projects. Use the Visible in UI attribute (see next) to determine whether the field will be displayed in both the Code Insight REST interface and the Web UI or only in the REST interface.
No—The field will not be available in Code Insight. All other attributes defined here are ignored (until the field is enabled).

 

 

Visible in UI

The attribute determining whether the custom field is visible in both the Code Insight Web UI and the REST interface or in the REST interface only. (The custom-field locations in the UI for inventory items include the Inventory Details tab on the Project Inventory pane and the Inventory Details tab in the Analysis Workbench. For projects, the UI locations include a project’s Summary tab and its Summary > Manage Project > Edit Project > Custom Fields tab.)

Yes—The field is visible in both the Code Insight Web UI and the REST interface, enabling users to use either the UI or REST APIs to view and update the field’s value. (Default)
No—The field does not display in the Code Insight Web UI. Users must use REST APIs to view and update the field’s value.

Field Label

(Required) The name of the custom field. The maximum length is 30 characters.

Field Type

(Available only when defining custom fields for projects) The data type of the custom field:

Text Field—A text field that has a maximum of 128 characters.
Text Area—A large text field that has a maximum of 512 characters. (Default)
Drop-Down List—A dropdown list of multiple options from which a user selects one option. When you choose this field type, the Drop-Down List Options field is enabled to define the options (see the next description).

Note:All custom fields for inventory are automatically configured as Text Area fields that have a maximum size of 64K. The field type cannot be changed.

 

 

Drop-Down List Options

(Available only when defining custom fields for projects and the Field Type is Drop-Down List) The field that defines and manages the options in the dropdown list.

To add an option to the dropdown list, click Add Item next to the field. The Add Item pop-up is displayed, allowing you to create an option label up to 30 characters.
To remove an existing option, click the X to the right of the option label.
To edit an option label, remove the option and re-add the option with the updated label.

No limit exists on the number of options the field can have.

Help Text

Information that is displayed when a user selects the icon for the field in the Web UI. Provide content that helps users enter an appropriate value for the field. For example, you might describe the purpose the field and the type of value it requires. If you specify text with http:// or
https://, the value will be hyperlinked.

The maximum length is 150 characters.

If this attribute is left blank, the icon will not be available for the custom field in the Web UI.

License Ranking Order

The Inventory items with multiple licenses—generated during a codebase scan or rescan—will be created or updated with a specific license based on the defined ranking order of licenses.

To apply the ranking order of licenses, use the following fields.

Use License Ranking order in cases of multiple licenses

Select this checkbox to enable the License Ranking Order field to define or manage the ranking order of licenses.

By default, this check box is cleared.

License Ranking Order

Define or manage a list of licenses in required order to associate with inventory items.

Use the following icons available in the License Ranking Order section to manage the licenses in this field:

Move license up—Click the following icon to move the selected license up in the ranking order.

 

(Continued)

Move license down—Click the following icon to move the selected license down in the ranking order.

Add a license—Click the following icon to add a new license in the License Ranking Order field.

To add a license, do the following:

Click the Add a license icon to display the Add a license to the Ranking list pop-up.
Select a required license from the License dropdown.
Click Add button to add a license in the License Ranking Order field.
Delete a license—Click the following icon to remove a license from defined ranking order in the License Ranking Order field.

Note:Only a System Administrator can use the License Ranking Order field to define or manage the ranking order of licenses.

By default, licenses from the Code Insight database are listed in the License Ranking Order field based on the following license priorities order:

Permissive/Public Domain (P3)
Weak Copyleft/Commercial/Uncommon (P2)
Viral/Strong Copyleft (P1)

Note:The following scenarios describe how an inventory item created or updated with a specific license based on the default ranking order of licenses in the License Ranking Order field:

If an inventory item contains multiple licenses with the Permissive/Public Domain (P3) and Weak Copyleft/Commercial/Uncommon (P2) license priorities, the license with the Permissive/Public Domain priority (P3) available in the default ranking order of licenses in the License Ranking Order field will be selected while creating or updating the inventory item during a scan or rescan.

(Continued)

(Continued)

If an inventory item contains multiple licenses only with the Permissive/Public Domain (P3) license priority, the license that appears first in the default ranking order of licenses in the License Ranking Order field will be selected while creating or updating the inventory item during a scan or rescan.

Save

Click this button to store the defined license ranking order in the Code Insight database.

See Also

Security Vulnerabilities Associated with Inventory

Managing Policies to Automatically Review Inventory

Policy Details Window

“Setting the Common Vulnerability Scoring System” in the Code Insight Installation and Configuration Guide

“Creating and Managing Custom Fields for Inventory” in the Code Insight Installation and Configuration Guide

“Creating and Managing Custom Fields for Projects” in the Code Insight Installation and Configuration Guide