This is a terrible solution. Attached is my proposal for how CodeInsight should support versions. ... View more

Your comments did not address the issue. Below are some examples to further explain the problem. Exact Matches Example: Scan detected icon file "Magic_Wand.png" in source code and provides potential matches to 58 open source projects. None of these open source projects were the author of the file which was located at https://www.iconfinder.com/icons/58574/magic_wand_icon along with details on author and license. Since all 58 project contain the exact file, it would be good to establish timeline to know who created the file first to help narrow search. In this specific example, they likely all copied off internet. It would be good enhancement for CodeInsight to index the publicly available image & icons from https://www.iconfinder.com & http://www.softicons.com Partial Match Example: Scan detected partial code match against >1000 open source projects which all had 95% code match. When there is such as large number of potential matches, it would be good to establish timeline to know who created the file first to help narrow search. We eventually located the author website https://www.wpftutorial.net/PasswordBox.html by searching Google using code snippet of the first couple of lines. ... View more

We actually use all three depending on our situation.  For example, if we have multiple people reviewing the same scan, the person who is responsible for following up on text and license matches to "gpl" will often create an unpublished group called "not gpl" so that if other people working on the scan are reviewing other indicators they can see that someone has already identified the gpl match is a false positive.  If I am just working on a scan by myself,  once I have reviewed all the indicators associated with a file I will mark it as reviewed. If you find a search term is creating "too many" false positive you can try to fine tune the text strings that are in the scan settings based on the results you are seeing.  If the false positive is in in-house proprietary code, it might be helpful to create a group called in-house code to mark files that have false positive indicators.  Especially, if you are familiar with the code and know that it was authored by your developers.  It can be a quicker way to remove false positives. Ultimately, practice seems to be the best medicine for quickly identifying false positives and quickly marking them. ... View more

Thanks for the suggestion.  I'll pass it along to our product team!!   Cheers,   Dave McLoughlin ... View more

Hi Thanks for that. Email has been sent as you suggest. Awaiting for the response. Thanks again. Thanks, G Harihara Sudhan +91-9972390371 ... View more