Viewing or Updating Detection and Auditing Notes in the Analysis Workbench

The Notes tab can provide information about the automated and manual analysis of codebase files in relation to the inventory item selected in the Analysis Workbench. This can help you in your analysis of your product’s use of the OSS or third-party software identified by the inventory item.

To view notes, do the following:

1.

Open the Analysis Workbench for the desired project. (For instructions, see Opening the Analysis Workbench.)

2.

From the Inventory Details tab for a selected inventory item in the Analysis Workbench, select the Notes tab.

3.

Review or update content in the following fields as needed:

•

Detection Notes—Information generated during the scan to explain the means by which the scan detected OSS or third-party software in the codebase and to specify name of the SBOM file from where the inventory item generated. Information in the Detection Notes are specified by the following attributes:

•

Detected By—indicates the automated detection technique(s) responsible for the inventory finding.

•

Created via—indicates the SBOM file name from where the inventory item generated. (This information is displayed only when the SBOM data import is performed on the project.)

The following example shows that the detection techniques used to find the inventory item included Component Analyzer.

The Detection Notes content is not editable.

 

•

Audit Notes—Information recorded about the manual analysis of the codebase associated with this software. You can add your own notes. For example, you might indicate that you needed to create this inventory item manually.

4.

Click Save in the upper right corner of the Inventory Details tab to save the updates. If this inventory item is currently published, the save can trigger an automatic review of the inventory item. See Automatic Review Triggered When Saving Existing Inventory in the Analysis Workbench for details.