Setting Project Defaults
The settings on the Project Defaults tab on the Administration page work provide a convenient way to default fields used to configure new projects to ensure consistency and enable an easier project creation experience for users.
To set project defaults, do the following:
- On the Code Insight Dashboard, click administration. The Administration page appears with a list of side tabs. (You can also access this page by clicking the icon
in the upper right corner of the Code Insight web page to open the Code Insight main menu. From this menu, select ADMINISTRATION.)
Project Default Descriptions
The following table lists the project default descriptions.
| Category | Field |
|---|---|
| General Options | These options set defaults for project creation and assign default users to project roles. Users can change these defaults when creating a project or when editing a project or its users using `Manage Project \ |
| Project Visibility | Select the default for visibility status— Public or Private —for projects. (The initial system default is Public .) Any user in the system read-only access to a public project. To what degree a user can interact with the project depends on whether the user has a project role and what the role is—Project Administrator, Analyst, or Reviewer. However, private projects are hidden from all users except the Project Contact and those users assigned as Project Administrators, Analysts, Reviewers, or Observers of the project. Additionally, project and vulnerability ID searches will not return private projects unless the user performing the search has the permissions to see a given private project. |
| Project Risk | Select the default risk value ( Low , Medium , or High ) for projects. To edit, select another value from the dropdown list. The initial system default is Medium . |
| General Options (continued) | Project Users |
| On the data import or rescan, delete inventory with no associated files | This option determines whether “empty” system-generated inventory items are deleted in the target project during project imports and rescans. Empty inventory items have no associated files. Selected—Deletes empty inventory items from the target project during project imports and rescans. Only inventory items with associated files are retained/created. Unselected—Retains/creates all inventory items—with or without matching associated files in the target codebase—in the target project during imports and rescans. For example, you might want to retain inventory items to save their analysis details. (Users will need to manually delete inventory that is not applicable in the current project.) This configuration (unselected) is required when importing a scanned codebase into an inventory-only project, which has no codebase, to ensure inventory is generated in the target project. |
| Expand Source and Uber jar files | This option determines whether uber and sources jars and are expanded during a codebase upload to the project. When selected, this option enables the expansion of the uploaded top-level uber or sources jar and any uber or sources jars contained in the uploaded jar, according to the expansion level defined for the upload. When not selected, this option does expand any uber or sources files in the uploaded codebase. For more information, see the “Expansion of a Sources or Uber Jar” section in the Code Insight User Guide. |
| Scan Settings | These options identify the default Scan Server and scan profile for projects. Users can change these settings when creating a project or when editing a project using `Manage Project \ |
| Scan Profile | Select the scan profile to default for projects. Click to view the details of the scan profile. |
| Scan Settings (continued) | Scan Server |
| Automated Inventory Publish Options | These options configure defaults for automatically publishing project inventory as part of the project scan process. Users can change these settings at the project level by navigating to the project Summary tab and selecting `Manage Project \ |
| Auto-publish system-created inventory items meeting this minimum Confidence Level | Select this option to enable the auto-publication of system-generated inventory items. (By default, the option is selected.) Then select the minimum Inventory Confidence level required to determine which items to auto-publish: Low—Automatically publish all system-generated inventory. Medium—Automatically publish only those system-generated inventory items with Medium and High confidence levels. High—Automatically publish only those system-generated inventory items with a High confidence level. For a description of the Confidence levels and how they are used, refer to the “Inventory Confidence” section in Code Insight User Guide. |
| Automated Inventory Publish Options (continued) | Do not auto-publish inventory items with an undetermined license |
| Mark associated file as reviewed | Select this option if you want Code Insight to automatically mark the files associated with each automatically published inventory item as “reviewed”. This option is available only if Auto\-publish system\-created inventory items meeting this minimum Confidence level is selected. |
| Automated Review Options | These options configure defaults for enabling policies that automatically accept or reject inventory when it is published. Users can change these settings when creating a project or when editing a project using `Manage Project \ |
| Policy Profile | Select the default policy profile to associate with all new projects. (The system default is Default License Policy Profile .) The policy profile contains a set of policies that use components, versions, licenses, and vulnerability scores and severities as criteria to automatically reject or approve inventory items during a codebase scan (or post-scan). For more information about policy profiles in general, see “Managing Policy Profiles” in the online help or the Code Insight User Guide. |
| Automated Review Options (continued) | Automatically reject inventory items impacted by a new vulnerability that violates your policy |
| Manual Review Options | These options configure defaults for project inventory not automatically reviewed by policy. Users can change these settings at the project level by navigating to `Manage Project \ |
| Manual Review Options (continued) | What should happen if inventory items are not reviewed by policy? |
| Select the minimum priority to perform the action selected above | (Enabled when an option other than do nothing is selected for the previous field.) Select the default minimum inventory priority ( P1 , P2 , P3 , or P4 ) to which the value for the previous field applies. For example, if the previous field is set to send an email notification to the project contact and minimum priority is set to P3 , then the email notification will be sent for only those non-reviewed inventory items with a P1, P2, or P3 priority. No email notification will be sent for P4 inventory items. This option has no effect when the do nothing value is selected. |
| Manual Review Options (continued) | What type of manual reviews will be performed on this project? |
| Select reviewers for this project | If desired, designate a new default Legal reviewer or Security reviewer (or both) to which to assign manual review tasks. (The Project Contact is the designated as the initial system default for both reviewers.) Then, depending on the type of manual review selected for the project (see the What type of manual reviews will be performed\.\.\. option described previously), Code Insight determines which reviewer (Legal or Security or both) is assigned the task and then notified of the task by email. The reviewer(s) can then manage the task accordingly, possibly reassigning it to another user. For details about managing and reassigning tasks, see “Creating and Managing Tasks for Project Inventory” in the online help or the Code Insight User Guide. To select a new default reviewer, click Change User next to the name of the current Legal reviewer or Security reviewer assignee, then select a user from the Select new\.\.\.contact dialog, and click Apply . (To reset the reviewer to the Project Contact, click Reset .) When a new default reviewer is selected, that user is automatically given the role of project “reviewer” should the user not currently have this role. However, should the current reviewer reassign a specific task to another user, the “reviewer” role is not automatically assigned to that user. If “Project Contact” is specified as a default reviewer, the Project Contact’s actual user name is displayed for the reviewer in the project. |
| Remediation Options | These options configure defaults for rejected project inventory. Users can change these settings at the project level by navigating to `Manage Project \ |
| What should happen if inventory items are rejected? | Determine what action should be triggered for those inventory items that are automatically rejected by policy during an Electronic Update, Library Refresh, or the publication of inventory (either as part of a scan or manually by a user): Do nothing—Simply show the status of the inventory item as Reject on the Project Inventory tab. Send an email notification to the project contact—Automatically send an email to the Project Contact, stating the need for remediation work on the inventory item. Automatically create a remediation task—Automatically create a remediation task assigned to the default development contact (see the Assignee for remediation work option) and send an email, notifying the this contact about the assigned task. The Project Contact is automatically designated as the task creator. Automatically create a remediation task and an external work item—Automatically do the following: Create a remediation task assigned to the default development contact (see the Assignee for remediation work option) and send an email, notifying the contact about the assigned task. (See the previous bulleted item for more information.) The Project Contact is automatically designated as the creator of manual review task. Create a work item and associate it with the task. The work item is created in your Application Lifecycle Management (ALM) system by using the settings defined for the ALM instance with which the Code Insight project is associated. For more information about configuring an ALM instance for the project, see “ALM Settings” in the online help or the Code Insight User Guide. Currently Code Insight supports only Jira as an ALM system and Jira issues as work items. |
| Remediation Options (continued) | Assignee for remediation work |