Reviewing Inventory

Code Insight 6.14.2 SP1

Code Insight provides a process by which the project owner can review inventory items and determine whether to make an immediate decision or to require a full review including the completion of a request form. We refer to this process as a Quick Review.

Once the auditor publishes groups from the Detector client, the published groups are available as inventory items in the web client. The project owner can at any time review an inventory item and immediately mark it as approved or rejected for use. Using this operation allows you to skip the full review (workflow) as defined for that project.

Generally, you might use this process as part of a meeting involving all concerned parties: development, legal, security, and any other stakeholders. For example, stakeholders might discuss a set of inventory items ready for review, and then decide if an inventory item should be approved for use, rejected for use, or require a full review including completing the request form associated with the project. If there are any security vulnerabilities associated with the inventory item, a security analyst is required to review these vulnerabilities.