Code Insight Process Flow
The Code Insight process flow consists of a repeatable set of steps that you can perform to manage the open‑source/third-party components used in your software development projects. The following diagram provides an overview of the steps in this process flow.
Code Insight Process flow
The Code Insight process flow consists of the following steps.
| # | Step | Performed By | Description | More Information |
|---|---|---|---|---|
| 1 | Upload Codebase | Project Administrator or Analyst | Create a new project and upload a ZIP file containing the source code and binary files of the codebase you want to scan. The codebase is uploaded to the Scan Server. | See Creating a Project and Uploading a Codebase and Other Methods for Accessing a Codebase to Scan. |
| 2 | Scan Codebase | Project Administrator or Analyst | Scan the codebase files to find evidence of open-source or third-party components, based on Automated Analysis and on a comparison of the codebase with the contents of the Compliance Library (CL) (if it is installed). The scan translates these findings into an inventory of third-party components for the project. | See Performing a Scan. |
| 3 | Audit Scan Results | Analyst | Use the Analysis Workbench tab of the Projects view to manually analyze the automatically-generated inventory items and the remaining files that contain evidence of third-party component usage. Create any additional inventory items as required. Publish inventory items to the Project Inventory page for stakeholder review. Additionally, generate an Audit Report containing findings and deliver it to the project reviewer, usually in Excel format. | See Auditing the Scan Results and Generating an Audit Report. |
| 4 | Review Inventory | Project reviewer or Analyst | Security and legal experts review the findings of the analyst in review meetings, using the Project Inventory page to approve or reject each inventory item. These experts develop a remediation plan for any rejected inventory items, making notes in the inventory items, assigning review or remediation tasks, or adding additional columns to the Excel version of the Audit Report. | See Approving/Rejecting Inventory Items. |
| 5 | Remediate Issues | Engineering | Engineering addresses remediation plan to resolve all rejected inventory items, and delivers new version of the codebase. Codebase is rescanned until it is approved for release. | See Performing Remediation. |
| 6 | Release Product with Notices Report | Release Manager | Product is released with a third-party Notices Report, listing all approved open-source/third-party components in the application. | See Releasing the Product with a Notices Report. |