FlexNet Code Insight empowers organizations to take control of and manage use of open source software (OSS) and third-party components.
It helps development, legal and security teams use automation to create a formal OSS strategy and policy that balances business benefits and risk management.
FlexNet Code Insight manages OSS license compliance and vulnerability risk by automating the full process, including the request-to-use OSS and third-party code, scanning and reconciliation of actual to requested content, production of compliance documents and ongoing vulnerability scanning and intellectual property alerts. Its robust compliance library includes over 12.9 million open source components and over 2.5 million automated detection rules as well as integrated request and authorization workflow.
FlexNet Code Insight Features
Unmatched Top- and Forensic-Level Scanning
FlexNet Code Insight’s special purpose search engine is optimized for analysis of source and binary files. Users get accurate and timely results whether the requirement is for a quick search for top level issues or a detailed analysis. It’s detection of open source software is based on a comparison of the target code base with the contents of the Compliance Library, a large database of continuously updated open source projects including version and license information. More details…
More Accurate Analysis with Automated Detection Rules
FlexNet Code Insight includes rules based on human analysis of the most commonly used open source projects and via automated analysis of repositories.
Users can also create their own rules to automate reporting of items that are unique to their projects.
Utilizing multiple proprietary analysis techniques, FlexNet Code Insight performs component-level, package-manager and binary analysis on your codebase to quickly build inventory and produce reports, including source code, binary, licenses, copyrights, text strings, URLs, email addresses and Java NameSpace.
Robust Audit Analysis
Through three auditing techniques, FlexNet Code Insight provides the industry’s most robust OSS audit analysis.
- Detector Code Search: Fast, efficient ad-hoc searching across the scanned code base to discover references to files of unknown origin and to identify and remove false positives.
- Source Code Fingerprints: Sophisticated proprietary source code fingerprint and snippet matching helps users conduct detailed and forensic level analysis. Highlights match to third-party components from multiple sources to easily identify copy-paste and stolen-from code.
- Custom Fingerprints: Commercial and proprietary code may be fingerprinted for inclusion in the Compliance Library for ongoing detection and matching.
Automatically Generates Third-Party Notices
Generate third-party notices for reporting OSS usage to fulfill compliance and license obligations.
Timely Notification of Vulnerable Code
Vulnerability status is visible on the inventory page and via vulnerability report. In addition, when an existing inventory item or request gains a new vulnerability, users are notified on the Security Alerts tab in the Web UI and via email.
Extensive Compliance Library and Language Coverage
The FlexNet Code Insight Compliance Library contains over 12.9 million OSS components, open source releases continuously collected over the last 12 years and commercial/third-party content. After collection, the results are indexed and packaged for use.
Proven and Scalable Request & Authorization Workflow
After developers OSS use, they receive authorization, either automatically or after review, by the appropriate stakeholders. Policy can be reinforced at the point of request and information recorded about where used, open source licenses, modifications and other relevant data. The authorization system was developed in cooperation with some of the world’s largest software companies.
The software license compliance and authorization system within FlexNet Code Insight can form part of a full OSS security policy. More details…
Extra Protection – Integrated Scanning and Authorization
The request and authorization workflow is fully integrated with scanning so that published scan results can be associated with existing requests. If scanning detects a component without a request, it creates a request for the discovered component.
Designed for Enterprise Environments
FlexNet Code Insight, designed for installation and use on-premises, has a full set of enterprise-ready features to allow operation within a modern and secure IT environment, allowing you to keep your valuable source code on-premises.
FlexNet Code Insight Integrations
Along with REST APIs which provide access to resources and data such as automated findings, audit and vulnerability information FlexNet Code Insight can be integrated with source code management (SCM) tools and continuous integration (CI) systems.
Source Code Management Tools
FlexNet Code Insight supports multiple SCM connectors to allow analysis workspaces to obtain the appropriate codebase prior to performing a scan. Supported SCM systems include:
- Subversion (recommended client TortoiseSVN)
- Microsoft Team Foundation Server
- Rational ClearCase
Analysis of a codebase can be automated as part of a continuous integration build process using either the FlexNet Code Insight Jenkins plugin or by integrating the command line tools.
About Flexera Software
Flexera Software helps application producers and enterprises manage application usage and increase the value they derive from their software through next-generation software licensing, compliance, security and installation solutions. More details…
Find out more…
To find out more about managing your use of open source software using FlexNet Code Insight please complete the form below.