FlexNet Code Insight Review

A decent web interface for reports, but the snippet style code matching requires too much effort


What is our primary use case?

I was trying to assess our third party software risks and license risk. We also wanted to ensure we had proper third party license compliance.

How has it helped my organization?

After about a year, we never really institutionalized the reports and review data coming from Flexera due to a number of issues. Some of those issues were internal for sure, but others were with the tool itself. In the end, the tool did bring some needed viability into the scope of FOSS (Free / Open Source Software) issues, but not much more than that.

What is most valuable?

It had a web interface into the reporting tools that was decent, and open source components could be reported per project and/or aggregated similar to other software composition tools. Unfortunately, I found the user interface cumbersome and difficult to use.

What needs improvement?

Due to the "snippet match" nature of the scans, we found that it was too much effort to properly validate and catalog each open source component with every new project/product.  Incremental results were also difficult to achieve even after consulting with the vendor. We found there were too many false positives and the code-snippet validator had bugs and presented too many false positives.

My experience with this tool has turned me away from "snippet"-focused composition analysis. We have switched to one that uses more complete code signatures that do not require validation and review of findings in most cases.

For how long have I used the solution?

Less than one year.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email