Scan-Agent Plugins

Code Insight supports a scan-agent plugin, which is installed directly in your development environment to perform scans on your product’s source files and built artifacts as part of your software development process. This type of scan is an alternative to the standard scan, which is performed source codebase files that are uploaded to Code Insight. (Scans on codebases uploaded to the Scan Server are described in Code Insight User Guide.)

The scan-agent plugin is configured to scan a specific set of files within the context of an Engineering application (such as an IDE, artifact repository, CI tool, a build, testing, or installation tool, or a source-management application). Once configured, the plugin can be invoked to run a scan as part of the build process. The scan results, sent back to Code Insight, include scanned-file information and published inventory awaiting review, management, and remediation. Just as with published inventory produced by the Code Insight Scan Server, published inventory produced by a scan-agent plugin can be automatically reviewed by license or security policies during the scan. Inventory not reviewed by policy can be reviewed manually by legal or security experts. Security alerts with corresponding email notifications are automatically generated for any inventory item with new security vulnerabilities.

Code Insight offers a set of standard scan-agent plugins that are pre-built and ready for immediate deployment. It also provides a generic scan-agent plugin (also pre-built) that can be used as a standalone scan-agent to scan arbitrary file systems or integrated with certain Engineering applications for automatic code scanning.

Additionally, Code Insight offers a Scan Agent toolkit that enables you to create a custom scan-agent plugin that integrates with your development ecosystem.