cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
lpopescu
Level 5

How do you handle auditing large projects since workspaces are no longer available in V7?

Jump to solution

In V6 we could create a multitude of workspaces for each project.  In our case we would create at least two workspaces.  One for the project artifacts that get pulled into the build, and the other for project sources. This allowed us to concentrate on separate type of audits, and once finished we could publish Audit Inventory and Notices reports for the artifacts and sources as a whole.

In V7 the workspaces have been removed and we no longer have the ability to separate a project into different sections.

In V7 we have the option to

“Add New” ->  Folder

“Add New” -> Project

However, if I create a “Folder” and under that folder I create two projects, (one for artifacts and one for sources) I cannot generate a “Folder” Notices or “Folder” Audit report. I can only generate those reports per project. 

Are you going to allow “Folder” reports in future releases?  If not, do you have any suggestions on how to deal with large projects that need to be broken down into smaller components in V7, yet we need to generate a final report for all those projects?

Thanks,

lp

0 Kudos
(1) Solution
alexrybak
Revenera
Revenera

This is a great question as it is relevant for many of our Code Insight V6 customers looking at Code Insight V7.

Code Insight V7 is designed to support large codebases by saving scan results file by file rather than caching results in memory and performing a large save at the end of the scan. For this reason, there is no longer a need for a workspace entity that was primarily implemented in Code Insight V6 to allow breaking up codebases into manageable pieces.

Currently, Code Insight V7 allows for two types of projects: standard and inventory only.

  • A standard project is designed for pre-build source (mostly) codebase scanning on the Code Insight scan server. The codebase is either synced using one of our SCM plugins (Git, Perforce, and TFS), or manually uploaded to the scan server. This type of scan results in automated inventory items as well as file-level forensic scan results that are then manually analyzed and converted to manually-created inventory items.
  • An inventory only project is designed for a post-build binary (mostly) codebase scanning on the remote build server. This type of scan results in automated inventory items representing the packages in the post-build artifacts.

Currently, Code Insight V7 does not support an out of the box folder level  Web UI interface or report to roll-up results from both projects. What we recommend is that users treat the standard project as the master project, and the inventory only project as the slave. For the time being, you can use the project data export feature to periodically export the inventory items from the inventory only project and import that into the standard project. You can then use the project dashboard and project inventory Web UI pages as well as the Project Report to manage your data.

The Code Insight V7 product roadmap includes the following capabilities to address this gap:

  • The 2019 R3 release (late 2019) includes a custom reports framework. This could be used to develop a custom report to span multiple projects as a short-term solution.
  • The 2019 R3 release (late 2019) includes merging both project types into a single project. This will allow users to support both local comprehensive scanning of pre-build source codebases along with one or more remote scans for automated inventory based on post-build artifacts.

I hope this addresses your question, and welcome any feedback on our future plans.

Cheers!

-Alex

View solution in original post

(1) Reply
alexrybak
Revenera
Revenera

This is a great question as it is relevant for many of our Code Insight V6 customers looking at Code Insight V7.

Code Insight V7 is designed to support large codebases by saving scan results file by file rather than caching results in memory and performing a large save at the end of the scan. For this reason, there is no longer a need for a workspace entity that was primarily implemented in Code Insight V6 to allow breaking up codebases into manageable pieces.

Currently, Code Insight V7 allows for two types of projects: standard and inventory only.

  • A standard project is designed for pre-build source (mostly) codebase scanning on the Code Insight scan server. The codebase is either synced using one of our SCM plugins (Git, Perforce, and TFS), or manually uploaded to the scan server. This type of scan results in automated inventory items as well as file-level forensic scan results that are then manually analyzed and converted to manually-created inventory items.
  • An inventory only project is designed for a post-build binary (mostly) codebase scanning on the remote build server. This type of scan results in automated inventory items representing the packages in the post-build artifacts.

Currently, Code Insight V7 does not support an out of the box folder level  Web UI interface or report to roll-up results from both projects. What we recommend is that users treat the standard project as the master project, and the inventory only project as the slave. For the time being, you can use the project data export feature to periodically export the inventory items from the inventory only project and import that into the standard project. You can then use the project dashboard and project inventory Web UI pages as well as the Project Report to manage your data.

The Code Insight V7 product roadmap includes the following capabilities to address this gap:

  • The 2019 R3 release (late 2019) includes a custom reports framework. This could be used to develop a custom report to span multiple projects as a short-term solution.
  • The 2019 R3 release (late 2019) includes merging both project types into a single project. This will allow users to support both local comprehensive scanning of pre-build source codebases along with one or more remote scans for automated inventory based on post-build artifacts.

I hope this addresses your question, and welcome any feedback on our future plans.

Cheers!

-Alex