Why Auditors Perform Tasks

Code Insight 6.14.2

The main job function of the auditor is to analyze the results of the codebase scan, and generate an inventory (bill of materials) using the automated detection techniques as well as the other available third- party indicator evidence that resulted from the scan. By subsequently publishing the detected inventory, issues related to IP compliance and security vulnerabilities can be brought to the attention of the rest of the team.

The auditor does not make any compliance decisions. His or her sole responsibility is to analyze the scan results and generate a complete and accurate inventory of third-party materials. Once the inventory is published the rest of the workflow determines the validity of the existence of the inventory items.