Common Terminology
Code Insight 6.14.2 SP2
The following are common terms that appear in Code Insight documents and on reports and product pages:
|
Terms |
Definitions |
|||||||||
|
AutoWriteUp - Ibiblio Maven2 |
Uses component information from the bulk collection of metadata from a Maven mirror to create inventory items for jars. |
|||||||||
|
CL |
Compliance library, a collection of data that Code Insight uses to generate an inventory of OSS and third-party components and associated vulnerabilities. This library is large and is provided on a separate disk. |
|||||||||
|
Component Analyzers |
The analyzers identify source distributions of common open source projects, especially targeting those in the C/C++ where package managers and metadata files are not standard. These analyzers are attuned to regularities across the entire history of the open source project, so generally even a version released tomorrow can be identified reliably. Other analyzers identify packages and components from widely used package managers and repositories. |
|||||||||
|
Component Analyzer - Abstracted |
This Analyzer leverages the high-quality data of a component analyzer when that component is found in other, non-source-code contexts (such as binary distributions). |
|||||||||
|
Composer (php) Package Analyzer |
An analyzer for Composer (php) packages. If there is a composer.lock file, those defined dependencies and versions will be used. If there is no lockfile (e.g. if the package has not been 'installed'), then composer.json files are parsed for uninstalled 'required' dependencies (Uninstalled Composer Dependency). In this case, versions are set at the most recent version in the Packagist registry (packagist.org) that satisfies the given composer.json's semantic versioning restrictions (Composer/Packagist API). |
|||||||||
|
CPE |
Common Platform Enumeration, a widely-used, standard methodology to define and distinguish such items as application classes, operating systems, and hardware present in a organization’s computing environment. |
|||||||||
|
CRAN Analyzer |
Uses metadata within a CRAN source code package to create an inventory item. |
|||||||||
|
CVE |
Common Vulnerabilities and Exposures, a list of known information-security vulnerabilities and exposures in commercial and open-source software. Hackers can use software errors and software code errors to gain access to a company’s computer systems. For more information, visit http://cve.mitre.org/. Code Insight supports only the CVSS v2 scoring system when reporting security vulnerability details. |
|||||||||
|
Data Services - Component Lookup |
Uses Data Services to look up the best FlexeNet Code Insight component match. |
|||||||||
|
Data Services - Digest |
Use a file's md5 digest to determine whether the file has an Auto-WriteUp rule or other library data associated with it. |
|||||||||
|
Data Services - Maven Component Lookup |
Uses GroupId and ArtifactId to select the best FlexeNet Code Insight component. |
|||||||||
|
Data Services - Release Name |
Uses Data Services to analyze the origin of the file based on library collection data. |
|||||||||
|
GPL |
General Public License. These licenses for open source code expose commercial code that contains open source to public copyright. |
|||||||||
|
Intellectual Property (IP) |
Refers to creations of the intellect for which a monopoly is assigned to designated owners by law. In the context of Code Insight and this guide, IP refers to programming code created internally or externally. |
|||||||||
|
Intellectual property rights (IPRs) |
Legal protections, such as trademark, copyright and patents, given to the owners and/or creators of IP. |
|||||||||
|
Inventory |
A list of all available OSS components. Inventory takes the form of published groups from the Detector, the result of auditing analysis. |
|||||||||
|
JDBC Driver Connector File |
A file required to establish a connection with your data source. You must specify this file during installation. |
|||||||||
|
Jenkins |
A Java open source automation server that supports continuous integration. |
|||||||||
|
License Lookup - Component Level |
Identifies the license(s) of a component across versions. Typically this will be an aggregate of the licenses for the project over time or the license at the time of data collection. |
|||||||||
|
License Lookup - Version Level |
Identifies the license(s) of a component at a specific version. This data is sensitive the possibility of a change in license over time. |
|||||||||
|
LOC |
Lines of Code. |
|||||||||
|
NPM Analyzer |
Identifies node_modules from npm and other components using a package.json file to store metadata. |
|||||||||
|
OSS |
Open Source Software. |
|||||||||
|
Policies |
Rules and conditions assigned globally or to specific teams or projects which automate the review process of inventory items and/or requests to use OSS components. |
|||||||||
|
POM |
Project Object Model |
|||||||||
|
POM Analyzer |
An analyzer that analyzes pom.xml files to determine dependencies and resolve versions based on the project's declared or inherited properties. The Analyzer will attempt to retrieve pom information about dependencies from the local maven repositories (as defined in the pom.xml) or Maven Central. To become an inventory item, dependencies must:
|
|||||||||
|
POM Ancestry License |
Indicates a license determined by the declared license in a parent POM file. |
|||||||||
|
POM Dependency |
A GroupId ArtifactId pair identified as a dependency within a pom.xml file. See POM Analyzer for the conditions under which a dependency will become an inventory item. |
|||||||||
|
POM License Declaration |
Indicates a license determined by the declared license in the POM. |
|||||||||
|
POM Transitive Dependency |
A dependency not declared directly in a project’s POM, but inferred from the retrieved POM of a dependency. |
|||||||||
|
POM <type> Copyright |
Indicates various methods for building a copyright for the purpose of creating a notice. |
|||||||||
|
Projects |
Specific development goals, usually a software application or element that a project team is developing. Projects are comprised of workspaces, policies, requests, inventory, and tasks. |
|||||||||
|
Related Component Lookup |
Improves component information, such as CVEs and License data, by finding different FlexeNet Code Insight components for the same Open Source project as found in different forges (e.g. the component that corresponds to the RPM's centos distribution and the SourceForge source repository). |
|||||||||
|
Reports |
Project- or inventory-based lists of code, license citations filtered by global, team, or project parameters. |
|||||||||
|
Requests |
Inquiries from users asking if certain third-party code or components are allowable for use in their software development projects. |
|||||||||
|
RPM Metadata |
Uses metadata store inside an RPM to create an inventory item. |
|||||||||
|
RubyGem Analyzer |
Uses metadata within a RubyGem package in source code form to create an inventory item. |
|||||||||
|
RubyGems API |
Indicates that the RubyGems.org API (rubygems.org) was used to get metadata about a .gem package to create an inventory item. |
|||||||||
|
SCA |
Software Composition Analysis. |
|||||||||
|
Tasks |
Individual actions in the code management workflow. |
|||||||||
|
Uninstalled Node Module Dependency Inventory |
When there is a package.json with dependencies but the corresponding node modules are not installed. The NPM API uses the npm registry (registry.npmjs.org) to get package information and resolve semantic versioning. Versions are set at the most recent version in the npm registry that satisfies the semantic versioning restrictions in the given package.json file. |
|||||||||
|
Users |
Those accessing the application on a frequent or infrequent basis with roles and responsibilities that have been assigned to them by the application administrator and project owner. |
|||||||||
|
Viral license |
A derogatory term synonymous with copyleft license, itself a play on the term “copyright.” In general, if your codebase contains open source code, you are required to retain a copyright statement that contains license terms and author acknowledgment in any application or software derived from your codebase. In addition, any codebase containing code covered by a viral license must be provided for free. |
|||||||||
|
Workspace |
A container for codebase scan settings and scan results. A project may contain multiple workspaces which together comprise the entire codebase for that project. |