Skip to main content

Analyzing Codebase Files and Creating Inventory Items

After the codebase is scanned, the results of the scan should be reviewed and evaluated by an analyst. In Code Insight terminology, this is called auditing. The goal of an audit is a complete and accurate inventory of third-party code within a product. During an audit, the analyst needs to discover all code that:

  • Is under licenses that put your proprietary source code at risk.

  • Has known security vulnerabilities.

  • Has no license or is under business unfriendly licenses from competitors or malicious sources.

The analyst needs to review all listed files in the codebase and mark them as reviewed. In some cases, the analyst may need to associate discovered evidence with existing inventory items or new inventory items that they create. The analyst’s final step it to publish all reviewed inventory items, making them available for reporting and review by security and legal experts. For detailed information on how to perform these tasks, refer to the Code Insight User Guide.