The Code Insight extension allows development teams to easily integrate open source scanning into their build process by performing the following functions:
scans materials in your build environment
automatically discovers all open source components in your build
automatically creates tasks in Code Insight (with optional external JIRA work items) for any non-compliant items based on your configured policies
continuous monitors your bill of materials and generates alerts for any new security vulnerabilities
#About Code Insight
Code Insight helps development, legal and security teams to reduce open source security risk and manage license compliance with an end-to-end system. It is a single integrated solution for open source license compliance and security. Find vulnerabilities and remediate associated risk, while you build your products and during their lifecycle. Manage open source license compliance. And add automation to your processes and implement a formal OSS strategy and policy that balances business benefits and risk management.
Follow the steps below to configure your Code Insight extension:
Setup Code Insight server.
Create a project.
Obtain an Authentication token for your account.
Enter the unique alias value for your project. The alias represents a container in which all the files scanned in this instance will be shown.
A user-defined name for the instance where the scan-agent plugin is configured to run agent scans. This is required value for scan running in a dynamic host environment. (Note that this property along with the alias property will remain unchanged for each subsequent rescan.
Install the extension by clicking on "Get it free" button above.