Roles and Responsibilities
Code Insight 6.14.2
The following Set Up and Code Management Tasks table provides a summary of the Code Insight process and shows which user roles are eligible for which activities.
Code Insight requires some application administrative setup tasks. Then all of the ongoing code management cycle tasks occur in parallel. Users can perform any function appropriate to their assigned roles and the progress of the project.
Code Insight includes automatic approval and rejection features to facilitate efficient responses to requesters, as well as a manual review feature.
| • | Automatic Acceptance: The automatic acceptance feature of the policy engine gives developers and other requesters an immediate answer as to which components are already approved for use. This is useful, for example, for setting up pre-approved versions of a corporate repository. |
| • | Automatic Rejection: This feature gives requesters an immediate answer when users request known unacceptable components. Automatic rejection is useful for quickly communicating inappropriate license/usage combinations and unsecured components. |
| • | Manual Review: This feature allows employees with the appropriate permissions to review component requests, which may have varying restrictions and need to be reviewed on a case-by-case basis. We suggest that the policy administrator set the Review policy before allowing users to access the application’s features. |
These features allow users to see the policies and rules in real time as they make requests and perform reviews related to specific projects. However, you can also do this after users have accessed the system.
|
Task |
Category |
Milestone Target |
Role |
Activity |
||||||||
|
Setting up and Configuring a Project |
Create Project |
Project start |
Application Admin |
Create users, teams, projects |
||||||||
|
Review Project Policy |
Project start, Ongoing |
Policy Admin |
|
|||||||||
|
Configure Project |
Project Start |
Participant (selected as the Project Owner) |
Set project users roles, such as assign auditor and security analyst Define request review process Associated workspaces with project |
|||||||||
|
Code Management Cycle |
Conduct Audit |
Ongoing |
Auditor |
Audit codebase associated with project and publish groups to create inventory items |
||||||||
|
Create Component Requests |
Ongoing |
Requester |
Create requests, review and acknowledge conditions of use imposed by reviewers |
|||||||||
|
Review a Request |
Ongoing |
Reviewer |
Review requests and define conditions of use (technical, business, legal, etc.) |
|||||||||
|
Reconcile Inventory |
Ongoing |
Owner or project participant |
Review project inventory detected via audit and associate with request approving its use |
|||||||||
|
Security Review for Vulnerabilities |
Ongoing |
Project Security Analyst |
Review vulnerabilities associated with project inventory detected via audit |
|||||||||
|
Report Generation |
Ongoing |
Various |
Capture a summary of inventory or security cycle status to share with project team |