FlexNet Code Insight 6.13.2
The Analyzer technique uses a variety of methods to identify OSS content such as packages, source distributions, and dependencies. It creates groups and, optionally, a Group Builder or Quick Assessment workspace report. Analyzer detection methods include various package, search term, repository, digest and component analyzers with optional data lookups via Data Services (see Data Services). You can find details about the files and methods of detection used by the Analyzer in the Detection Notes group field. There are three ways to invoke analyzer:
| • | Analyzer as Part of Scan—As of version 6.13.1, the Analyzer automatically executes at the end of scans as long as it is enabled on the Automated Analysis tab for a project workspace (this is the default setting). If invoked in this manner, Analyzer creates groups for identified OSS content but does not generate a report. |
| • | Group Builder—You can use the Schedule Scan/Report feature to schedule a scan that is followed by the generation of the Group Builder report. This method creates groups for identified OSS content (the same set of groups as created by invoking Analyzer as part of scan) and generates the Palamida Analyzer - Group Builder report. This workspace report also includes a Bill of Materials, Security Vulnerability information, Third-Party Notices information and Codebase Metrics for the given workspace. Note that the report requires at least one successful scan prior to execution of the report. |
| • | Quick Assessment—Alternatively, you can use the Schedule Scan/Report feature to schedule the Quick Assessment report. This workspace report does not require a scan prior to execution of the report. It provides a quick overview of the codebase contents and includes a Bill of Materials, Security Vulnerability information, Third-Party Notices information and Codebase Metrics. |
The Analyzer uses Flexera’s Data Services (DS) to supplement license information, component metadata, and known security vulnerabilities for the detected groups. Data Services (DS) is a RESTful API hosted on Amazon Web Services. DS provides information about Open Source projects from the FlexNet Code Insight Data Library. Requests to Data Services take the form of an “HTTPS GET” request to the web service.
Files and code snippets are never sent to Data Services. The web service is only queried for information about Open Source projects as contained in the FlexNet Code Insight Data Library (for example, component information, vulnerabilities, licenses, digest-to-component data and so on) to enable rich inventory building.
Analyzer Requirements
The Analyzer requires outgoing TCP access on port 443 to access Data Services. Proxy support can be enabled in analyzer.properties. Depending on the security policy of your organization, the following URL may need to be added to the security policy white list: https://api.palamida.io.
FlexNet Code Insight 6.13.2 Online Help LibraryAugust 2019 |
Copyright Information | Flexera Software |