Skip to main content

Inventory

System-generated inventory is created by Code Insight during a scan and is available for view in the Analysis Workbench and, if automatically published, on the Project Inventory tab. An inventory item represents an explicit finding in the scanned codebase and can represent any of the following: top-level component, bundled component, component found inside an archive, or direct or transitive dependency component.

note

Consider the following information:

  • Alternatively, you can review the published inventory across all projects. For details, see Viewing Inventory Across All Projects.
  • During an initial scan of a codebase, the inventory items (those were initially associated with multiple licenses) are generated with a specific license based on the ranking order of licenses, defined in the License Ranking Order section on the System Settings tab. Creation of those inventory items considers both PDL licenses and scan licenses (listed as the multiple licenses in the Detection Notes field on the Notes tab for an inventory item). This feature of creating and updating inventory items based on the ranking order of license is also applicable to scan agents. For more information, see System Settings Tab.

Inventory Item Details

An inventory item typically has an associated component, version, license and list of security vulnerabilities, as well as other details about these elements. See Inventory Details Tab in the Analysis Workbench for a full description of the information collected by the scan.

These are some important elements about an inventory item that you can view at a glance:

The following example highlights these elements for a given inventory item on the Project Inventory tab. (For more information about the Analysis Workbench , see Analyzing Scan Results in a Project. For information about the Project Inventory tab, see Reviewing Project Inventory.)