FlexNet Code Insight is an end-to-end solution for managing open source and third party code in software development projects. With a growing library of 12.9 million open source components and over 2.5 million automated detection rules as well as integrated request and authorization workflow – FlexNet Code Insight is comprehensive and increasingly automated.
It allows organizations to implement a full cycle solution starting with the request to use, followed by scanning and reconciliation of actual to requested content, and finally with production of compliance documents and on-going monitoring for vulnerability and intellectual property alerts.
By gaining visibility and control of all open source software (OSS) and third party content, organizations can fully benefit from an open source development strategy while minimizing exposure to intellectual property and vulnerability risks.
Comprehensive and Accurate Scanning
FlexNet Code Insight’s special purpose search engine is optimized for analysis of source and binary files using a number of detection techniques. Detection of open source materials is based on comparison of the target codebase with the contents of the Compliance Library, a large database of open source projects, which includes version and license information. By providing continuous updates of the Compliance Library with new open source releases using both automated detection and manual techniques, users get accurate and timely results, whether the requirement is a quick search for top level issues or a detailed analysis.
Automated Analysis with Autoexpert
A continuously updated and expanded set of detection rules and multiple proprietary analysis techniques make examination of scan results increasingly automated. The function of rules is to analyze scan results using known associations between scan results and open source artifacts. When a rule fires, the first operation is to create a placeholder for the presence of the open source component (a group) and add as much information as possible to the group, including component name, version, license, license text, copyright text, known vulnerabilities and any notes which further describe the component.
FlexNet Code Insight includes rules based on human analysis of the most commonly used open source projects and via automated analysis of repositories. Users can also create their own rules to automate reporting of items which are unique to their projects. Utilizing multiple proprietary analysis techniques, FlexNet Code Insight performs component-level, package-manager and binary analysis on your codebase to quickly build inventory and produce reports, including:
Unlike a web search engine which has a single search parameter per search, the FlexNet Code Insight search scan engine breaks a source code file into many individual searches (snippets) so that the system can identify partial matches to open source. Matches from the most likely origin file and matches from other files are highlighted to ensure that the analyst has a complete picture.
A file hash (MD5) is compared against known OSS file hash values from the compliance library and matches are reported as exact matches. In addition, string, copyright, license text, and email/URL detectors are available for text that survives compilation. Releases (components + versions) containing the files with evidence (string, copyright, license text and email/URL) are displayed. MD5 hash values are also used for some types of detection rules to make component identification automatic.