Discover and Track All Open Source Software
FlexNet Code Insight scans your applications to identify Open Source components in Source code, Software packages, Binaries, Code Snippets, Build dependencies, Docker containers and Multimedia files. The product also detects Copyright, Email/URLs and Custom Search terms to find evidence of OSS in your applications.
You can adjust the depth and breadth of scan and analysis based on your project. A quick scan helps you prioritize issues based on a high-level overview. Trigger deep scans where necessary to create a detailed and complete analysis.
Proactive and Continuous Monitoring of Open Source Security Vulnerabilities
Identify known vulnerabilities associated with the open source in your applications and get alerts when new vulnerabilities affecting you are reported. Analyze security risks within projects with easy-to-understand dashboards and reports.
FlexNet Code Insight includes a robust framework supporting multiple data sources for vulnerability data, including NVD and advisories from Secunia Research at Flexera.
Comply with Open Source Licenses and Manage Obligations
Identify open source licenses and drill down into license details and risk. FlexNet Code Insight automates the creation of an accurate Bill of Materials (BOM) to ship with your products.
This enables you to comply with license obligations that come with open source software and protect your IP.
Automate the review of commonly used components based on your company license policy. Developers can select components they intend to use, and submit for review. Developers also have access to usage guidance after a component is approved for use, or remediation notes if the component is rejected.
Seamlessly Integrated Into Your Build Environment
Integrate open source scanning into your DevOps environment using the FlexNet Code Insight’s plugins for Jenkins and Docker. This allows you to scan your code and identify dependencies from the build environment.
Integrate any external audit data into FlexNet Code Insight and develop your own plugins using the Scan Agent Framework.
Create custom dashboards and reports with automated findings, audit and vulnerability information using REST APIs.
Dashboards and Reporting for Common Queries
Create Third Party Notices and generate reports to stay on top of your open source code. Quickly answer questions like these and many more:
- Are we exposed to a specific vulnerability?
- Are we exposed to high priority license issues and/or high severity vulnerabilities?
- Where are our outdated components?
- Where should we focus our limited analysis resources?
- Where are the issues that need attention now?
Flexible Scan and Analysis Profile Types
- Package discovery: Scan low risk applications for evidence of all commonly used software package managers for a quick health check of your products
- Standard scan: Package analysis and build dependencies plus evidence of copyright, search terms, emails
- Comprehensive scan: Detailed code analysis to match to third-party components from multiple sources to easily identify copy-paste code
Designed for Enterprise Environments
FlexNet Code Insight, designed for installation and use on-premises, has a full set of enterprise-ready features to allow operation within a modern and secure IT environment, allowing you to keep your valuable source code on-premises.