The Analyzer
FlexNet Code Insight 6.13.2
The Analyzer aids the auditing of third-party code by automatically identifying dependencies, packages, and source distributions. The Analyzer can be run at the following times:
|
•
|
Before a scan task to get an overview of the contents of your codebase. |
|
•
|
After a scan to create component groups/inventory items. |
The Analyzer provides the following functionality:
|
•
|
Builds notices for groups/inventory items where possible to make creating third-party notices easier. |
|
•
|
Support for Composer (php) packages. If there is a composer.lock file, those defined dependencies and versions will be used. If there is no lockfile (for example, if the package has not been installed), composer.json files are parsed for uninstalled 'required' dependencies and the versions are set to the most recent version in the Packagist registry that satisfies the given composer.json's semantic versioning restrictions. |
|
•
|
Support for npm uninstalled node modules. Inventory items are created when there is a package.json with dependencies even when the corresponding node modules are not present. The npm Analyzer uses the npm registry to get package information and resolve semantic versioning. Versions are set to the most recent version in the npm registry that satisfies the semantic versioning restrictions in the given package.json file. |
|
•
|
Support for Tomcat webapps rebranding. There are webapps named codeInsightScanner and palamidaScanEngine. The update jar can be used in Flexnet Code Insight versions 6.10.3+. |
Open topic with navigation