Quick Start

Creating A CodeCertify Project

Project Structure

AICertify and CodeCertify projects are structured in a way that allows our customers to build projects that represent real world products.

In the real world, software-based products are constructed from various source of code that must all come together to create a release for a given product.

AICertify and CodeCertify projects allow your team to aggregate all of these various sources of code that make up a given release. Each source is known as a module. Modules are first class citizens from which you can perform review actions, generate reports and apply specific policy that make meeting security, compliance and regulatory requirements much faster and easier.

Modules can be added to *Certify projects from various sources, including:

  • Importing source code or binary projects from upstream vendors

  • Public and private Source Code Repositories

  • Public and private Container Repositories

Consider a very simple Infotainment System may contain modules from various vendors that make up the functionality in that System. Your team can each of the modules to a project that enbales them to see the various aspect of legal and security risk and enable them to take action, create policy and engage directly with the engineering team to mitigate various risks.

Project Summary Tab

The project summary tab provides a glimpse into the review status of of your project, and both license and security risks associated with those modules. A sumary of all discovered licenses and vulnerabilities are available from this pane.

Learn more here

CodeCertify Project Summary

Components Tab

CodeCertify components tab displays scan results for artifacts that are declared in dependency files(POM, NPM, etc), discovered libraries that are included with the project(zip, tar, nupkg, deb, jar, etc) and source-based libraries such as javascript CDN references or whole source components.

Learn more here

CodeCertify Components Tab

Assets Tab

CodeCertify Assets tab displays the file(i.e source code, config files, dependency files, etc) artifacts in your project. The filters default to those source artifacts with a match to open source so that your team can quicklly determine the IP and legal risks from those artifacts.

Learn more here

Last updated

Was this helpful?