InstallShield 2019 Express Edition
Integration with FlexNet Code Aware
InstallShield now includes integration with FlexNet Code Aware, an automated open source risk assessment and package discovery solution that enables you to quickly scan your products for security and intellectual property (IP) compliance risk.
The current release of FlexNet Code Aware supports analysis of the following files:
| • | Java Packages |
| • | Node Packages |
| • | Nuget Packages |
| • | RPM Packages |
| • | Ruby Packages |
| • | EXE & DLL Files |
Security vulnerabilities are looked up against the National Vulnerability Database (NVD).
Running FlexNet Code Aware
FlexNet Code requires a separate license from InstallShield. There is also trial/evaluation version. For more information, refer to the FlexNet Code Aware product page of the Flexera Web site.
To run FlexNet Code Aware from within InstallShield, click Scan Project using FlexNet Code Aware from the InstallShield Project menu. This menu option is disabled out if you are not currently in an open InstallShield project. A FlexNet Code Aware icon is also available on the InstallShield standard toolbar.
When FlexNet Code Aware completes the scan of your project, a summary displays showing the number of files scanned, and the number of open-source packages and vulnerabilities found. A View report button is provided if you have a fully licensed version of FlexNet Code Aware. For more information about the details provided in this report, refer to Reading the FlexNet Code Aware Report.
Reading the FlexNet Code Aware Report
Note • The FlexNet Code Aware Report is not available in trial/evaluation mode. A fully licensed version of FlexNet Code Aware is required.
To view the FlexNet Code Aware Report, click View report on the summary dialog that appears after FlexNet Code Aware has scanned your project.
The FlexNet Code Aware report consists of several sections:
| • | The initial Summary View presents the user with a Scan Summary, Operational Risk assessment, Security Vulnerability Exposure, and License Exposure. |
| • | The Scan Summary section provides details regarding the codebase that was scanned, including a breakdown of file types, percent of files analyzed, and number of findings. |
| • | The Operational Risk section provides a composite risk rating based on the combination of packages with Intellectual Property (IP) issues and packages with Security Vulnerabilities. |
| • | The Security Vulnerability Exposure and License Exposure sections provide a breakdown of the types and categories of identified issues. |
| • | The Package Inventory View, available by clicking view full package inventory in the Scan Summary section, provides a complete list of discovered open source and third-party packages with associated licenses, security vulnerabilities, dependencies, and detected copyright statements. |
The Package Inventory View provides filters that you can use to execute targeted queries to refine the list to various package types of interest.
Viewing Package Details
Click a vulnerability count listed in the Vulnerabilities column of the Package Inventory report page for each package you want to review. The Vulnerabilities detail page appears, covering a portion of the Package Inventory report.
InstallShield 2019 Express Edition Help LibraryApril 2019 |
Copyright Information | Flexera |