Commits to master branch can be tagged with version numbers Tagged releases need to be scanned for 3 rd party libraries using CodeInsight After inventory items are reviewed and all issues mitigated the final license notification file shall be checked into the tagged release before releasing so ID: 1014964
Download Presentation The PPT/PDF document "Source Code Versioning Source code repos..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1. Source Code VersioningSource code repository tracks all code changes over timeCommits to master branch can be tagged with version numbersTagged releases need to be scanned for 3rd party libraries using CodeInsightAfter inventory items are reviewed and all issues mitigated, the final license notification file shall be checked into the tagged release before releasing software
2. License Identification & Approval Process All source code for applications that are distributed internally or externally must be scanned for license compliance. Code that is only utilized internally by developments teams (i.e. test harnesses) are exempt since that code is not bundled for distribution.Application Source CodeScan for 3rd Party ContentLicense InventoryAuto detectionEvidence of 3rd Party ContentManual analysisReview with Design ChairIssue BacklogAuto RejectedLegal Team for License ReviewCode ChangesGenerate 3rd Party Software attribution file for each release and link on About PageApprovedCheck-in license notice file into source control for each releaseFlexera CodeInsightDefine Mitigation PlanRejectedSecurity Team for Vulnerability AssessmentLicense PolicyAuto Approved
3. Flexera CodeInsight Version SupportCurrent StateProposed StateSource FilesScan ResultsLicense InventoryProject v1Source FilesScan ResultsLicense InventoryVersion 1Software ProductSource FilesScan ResultsLicense InventoryProject v2Versioning is not supported. Each project must be manually setup and configuredInventory transfer between projects is manual process and only works via REST interfaceVersioning of software should be supported implicitlyBehind the scene “version” can function just like “project”Transfer of inventory list should be implicit during version setup processSource FilesScan ResultsLicense InventoryVersion 2Source FilesScan ResultsLicense InventoryVersion N
4. Proposal Mockup – Version SetupAdd the following inputs to the source code upload form:Version Number (required)If product contains prior versions, check box to import prior release inventory items
5. Proposal Mockup – Version Results SelectionShow latest version and provide option to switch to older versionsCodebase is tied to version number