Source Code Versioning Source code repository tracks all

  • Slides: 5
Download presentation
Source Code Versioning • Source code repository tracks all code changes over time •

Source Code Versioning • Source code repository tracks all code changes over time • Commits to master branch can be tagged with version numbers • Tagged releases need to be scanned for 3 rd party libraries using Code. Insight • After inventory items are reviewed and all issues mitigated, the final license notification file shall be checked into the tagged release before releasing software

License Identification & Approval Process All source code for applications that are distributed internally

License Identification & Approval Process All source code for applications that are distributed internally or externally must be scanned for license compliance. Code that is only utilized internally by developments teams (i. e. test harnesses) are exempt since that code is not bundled for distribution. Check-in license notice file into source control for each release Application Source Code Scan for 3 rd Party Content License Inventory Code Changes Issue Backlog Auto detection Evidence of Party Content Flexera Code. Insight Auto Approved License Policy 3 rd Manual analysis Generate 3 rd Party Software attribution file for each release and link on About Page Legal Team for License Review with Design Chair Security Team for Vulnerability Assessment Auto Rejected Define Mitigation Plan Rejected Approved

Flexera Code. Insight Version Support Current State Versioning is not supported. Each project must

Flexera Code. Insight Version Support Current State Versioning is not supported. Each project must be manually setup and configured Project v 1 Proposed State Versioning of software should be supported implicitly Software Product Source Files Version 1 Scan Results Source Files Scan Results License Inventory Project v 2 Source Files Scan Results License Inventory Behind the scene “version” can function just like “project” Inventory transfer between projects is manual process and only works via REST interface Version 2 Source Files Scan Results License Inventory Version N Source Files Scan Results License Inventory Transfer of inventory list should be implicit during version setup process

Proposal Mockup – Version Setup Add the following inputs to the source code upload

Proposal Mockup – Version Setup Add the following inputs to the source code upload form: 1) Version Number (required) 2) If product contains prior versions, check box to import prior release inventory items

Proposal Mockup – Version Results Selection Show latest version and provide option to switch

Proposal Mockup – Version Results Selection Show latest version and provide option to switch to older versions Codebase is tied to version number

Moose Tracks Moose Tracks Moose Tracks Moose TracksMoose Tracks Moose Tracks Moose Tracks Moose Tracks
Chapter 11 Versioning The Role of Versioning inChapter 11 Versioning The Role of Versioning in
Terena OER Repository Analysis General Repository information RepositoryTerena OER Repository Analysis General Repository information Repository
ELEMENTS OF RAILWAY TRACKS ELEMENTS OF RAILWAY TRACKSELEMENTS OF RAILWAY TRACKS ELEMENTS OF RAILWAY TRACKS