Empower your organization to manage open source software (OSS) and third-party components. FlexNet Code Insight helps development, legal and security teams to reduce open source security risk and manage license compliance with an end-to-end system.
FlexNet Code Insight is a single integrated solution for open source license compliance and security. Find vulnerabilities and remediate associated risk, while you build your products and during their lifecycle. Manage open source license compliance. And add automation to your processes and implement a formal OSS strategy and policy that balances business benefits and risk management.
Identify Open Source Security Vulnerabilities and Manage Risk
Identify known vulnerabilities associated with t he open source in your applicat ions and get alerts when new vulnerabilities affecting you are reported. Analyze security risks within projects with easy-to-understand dashboards and reports.FlexNet Code Insight includes a robust framework supporting multiple data sources for vulnerability data, including NVD and advisories from Secunia Research at Flexera.
Comply with Open Source Licenses and Manage Obligations
Identify open source licenses and drill down into license details and risk. FlexNet Code Insight automates the creation of an accurate Bill of Materials (BOM) to ship with your products. This enables you to comply with license obligations that come with open source software and protect your IP.
Automate the review of commonly used components based on your company license policy. Developers can select components they intend to use, and submit for review. Developers also have access to usage guidance after a component is approved for use, or remediation notes if the component is rejected.
Seamlessly Integrated Into Your Development Lifecycle
Integrate open source scanning into your DevOps environment using FlexNet Code Insight’s plugins for Jenkins, Docker, Gradle, Apache Ant, Apache Maven, Bamboo and GIT. This allows you to scan your code and identify dependencies from the build environment. Integrate any external audit data into FlexNet Code Insight and develop your own plugins using the Scan Agent Framework. Create custom dashboards and reports with automated findings, audit and vulnerability information using REST APIs.
Dashboards and Reporting for Common Queries
Create Third Party Notices and generate reports to stay on top of your open source code. Quickly answer questions like these and many more:
- Are we exposed to a specific vulnerability?
- Are we exposed to high priority license issues and/or high severity vulnerabilities?
- Where are our outdated components?
- Where should we focus our limited analysis resources? Where are the issues that need attention now?
Flexible Scan and Analysis Profile Types
- Package discovery: Scan low risk applications for evidence of all commonly used software package managers for a quick healt h check of your products
- Standard Scan: Package analysis and build dependencies plus evidence of copyright, search terms, emails
- Comprehensive scan: Detailed code analysis to match to t hird-party components from mult iple sources to easily ident ify copy-paste code