Quick Start
Last updated
Was this helpful?
Last updated
Was this helpful?
AICertify and CodeCertify projects are structured in a way that allows our customers to build projects that represent real world products.
In the real world, software-based products are constructed from various source of code that must all come together to create a release for a given product.
AICertify and CodeCertify projects allow your team to aggregate all of these various sources of code that make up a given release. Each source is known as a module. Modules are first class citizens from which you can perform review actions, generate reports and apply specific policy that make meeting security, compliance and regulatory requirements much faster and easier.
Modules can be added to *Certify projects from various sources, including:
Importing source code or binary projects from upstream vendors
Public and private Source Code Repositories
Public and private Container Repositories
Consider a very simple Infotainment System may contain modules from various vendors that make up the functionality in that System. Your team can each of the modules to a project that enbales them to see the various aspect of legal and security risk and enable them to take action, create policy and engage directly with the engineering team to mitigate various risks.
The project summary tab provides a glimpse into the review status of of your project, and both license and security risks associated with those modules. A sumary of all discovered licenses and vulnerabilities are available from this pane.
CodeCertify components tab displays scan results for artifacts that are declared in dependency files(POM, NPM, etc), discovered libraries that are included with the project(zip, tar, nupkg, deb, jar, etc) and source-based libraries such as javascript CDN references or whole source components.
CodeCertify Assets tab displays the file(i.e source code, config files, dependency files, etc) artifacts in your project. The filters default to those source artifacts with a match to open source so that your team can quicklly determine the IP and legal risks from those artifacts.
