Skip to main content

What is a Codebase Scan?

During a scan, Code Insight performs a static analysis of files of any type (source or binary) in the target codebase, using automated detection rules to identify open-source or third-party components and their versions, licenses, and security vulnerabilities. The scan generates inventory items based on the component information it identifies.

Additionally, the scan can identify components by searching for files and source code in the codebase that match files (exact-content matching) or source-code snippets found in open-source and third-party software. Detection of file and source-code snippet matches is based on the comparison of the scanned codebase with the contents of the Compliance Library (CL), a large library containing the information needed to perform content matching.

The evidence that Code Insight discovers during a scan includes:

  • Third-party copyright statements

  • Open-source license text matches

  • File name matches to files collected in the CL

  • Code-snippet matches to code collected in the CL

  • Search terms (text string) matches

  • Email addresses and URLs

The scanner will also automatically generate inventory based on various automated discovery techniques:

  • Automated Analysis of packages (such as .jar, NuGet)

  • Automated Analysis based on search terms, file names, and other heuristics

  • AutoWriteUp Rules from the Code Insight CL

Code Insight continually updates the CL with new open-source releases and newly reported security vulnerabilities.