Adding Asset Match
Last updated
Was this helpful?
Last updated
Was this helpful?
Custom Asset matches may be added to both unmatched and matched asset artifacts. If you don't agree with an existing match, you can reject the match and add a custom Asset match using the process described below.
Asset Custom matches must be added from the Assets screen in CodeCertify or Review screen in AICertfy. Use the 3-dot menu next to the Asset to which you'd like to add your custom match, as shown below
This will display the Add Custom Match dialog
You must enter the URL for the open source asset that contains the matching code
Then select the Check Asset button, in order to continue. This step verifies whether or not the asset is discovered in our Knowledge Base and auto-populates all of the necessary fields.
Threatrix attempts to match the open source asset that you've provided with your source asset to calculate the Percent Match and Percent Copied values. In the case shown below, Threatrix could not find a matching body of code and shows a warning and requests that you complete the Percent Match and Percent Copied values. These values are NOT REQUIRED.
If you wish, you may override the license and/or copyright data provided by Threatrix. The License Search finds licenses in both Threatrix knowledge base and your Organizations private license knowledge base.
Once you're satisfied with the match data, click the Add button to associate the custom Asset match with your source file.
Your custom Asset matches knowledge base can be found in the Admin Settings under the Assets menu.
Clicking on a match displays the match details dialog
Custom Asset matches may be deleted by clicking the Delete icon next to each match.
Deleting a custom Asset match does NOT remove existing matches from current scan results. A new scan is required for changes to be applied to matches.
Changes to knowledge base Asset matches will not be reflected in current scan results. This includes changes to licenses and copyrights. A new scan is required for changes to be applied to matches.
Changes to Asset artifacts with custom matches will only be reflected in the scan results and not applied to custom Assets in your organizations knowledge base. This includes changes to licenses and copyrights.
