FlexNet Code Insight
Manage Open Source Software License Compliance and Vulnerability Risk
FlexNet Code Insight manages OSS license compliance and vulnerability risk by automating the full process, including the request-to-use OSS and third-party code, scanning and reconciliation of actual to requested content, production of compliance documents and ongoing vulnerability scanning and intellectual property alerts. Its robust compliance library includes over 12.9 million open source components and over 2.5 million automated detection rules as well as integrated request and authorization workflow.
Track compliance quickly and accurately
FlexNet Code Insight identifies, approves, and tracks third-party content elements used in your code for compliance with your IP and security policies. Over 2.5 million automated detection rules make analysis faster and more accurate.
Quickly locate OSS components
Over 12.9 million open source components help you quickly find specific OSS or commercial components in use within your portfolio of products.
Stay current with automated updates
Update service adds components, versions, licenses, rules and vulnerabilities weekly (sometimes daily) so your systems use the latest information.
Act immediately on security alerts
Vulnerability alerts notify development and security teams if new application security vulnerabilities are reported for components in use.
Provides flexible analysis—quick to detailed
Multiple levels of analysis from quick assessment to detailed forensic analysis satisfy varying business needs. Patented scan and analysis technology yields comprehensive scan results for both source and binary materials.
Generates 3rd party notices
FlexNet Code Insight creates third-party notices for an accurate Bill of Materials for compliance and license obligations.
Guides developers to compliant components
Proven request and authorization workflow enables developers to request and receive permission before new code enters the code base and maintains a history of the request and usage details.
FlexNet Code Insight is used by over 400 software vendors, intelligent device and Internet of Things manufacturers as well as internal application development teams at enterprise and government organizations to simplify and manage their end-to-end policy for use of open source.
Unmatched Top- and Forensic-Level Scanning
FlexNet Code Insight’s special purpose search engine is optimized for analysis of source and binary files. Users get accurate and timely results whether the requirement is for a quick search for top level issues or a detailed analysis. It’s detection of open source software is based on a comparison of the target code base with the contents of the Compliance Library, a large database of continuously updated open source projects including version and license information.
More Accurate Analysis with Automated Detection Rules
FlexNet Code Insight includes rules based on human analysis of the most commonly used open source projects and via automated analysis of repositories. Users can also create their own rules to automate reporting of items that are unique to their projects. Utilizing multiple proprietary analysis techniques, FlexNet Code Insight performs component-level, package-manager and binary analysis on your codebase to quickly build inventory and produce reports, including source code, binary, licenses, copyrights, text strings, URLs, email addresses and Java NameSpace.
Robust Audit Analysis
Through three auditing techniques, FlexNet Code Insight provides the industry’s most robust OSS audit analysis.
- Detector Code Search: Fast, efficient ad-hoc searching across the scanned code base to discover references to files of unknown origin and to identify and remove false positives.
- Source Code Fingerprints: Sophisticated proprietary source code fingerprint and snippet matching helps users conduct detailed and forensic level analysis. Highlights match to third-party components from multiple sources to easily identify copy-paste and stolen-from code.
- Custom Fingerprints: Commercial and proprietary code may be fingerprinted for inclusion in the Compliance Library for ongoing detection and matching.