File Stream
File Stream is the landing page of the Spectra Assure Portal, where you can view and manage all software packages uploaded and analyzed by your groups, as well as access their reports. You can learn more about the contents of the SAFE reports on the Report page.
Uploaded packages are retained on the File Stream for 90 days, after which they're automatically removed. If you want to preserve these files without reuploading them to Projects and using your analysis capacity, you can move them to a project of your choice.
On this page, you can filter and sort the files you upload, but cannot organize them. To organize different versions of your files by a shared feature of your choice (most commonly by product name), you can use the Projects page.
Depending on your Portal user role, the File Stream page lets you:
- manage software packages uploaded by you or the members of your group
- upload new software packages
- view and export reports for all software packages belonging to your group
- download approved files
- approve/reject your software packages
Differences between File Stream and Projectsโ
When you start using the Portal, you'll typically work with the File Stream first, and gradually move to the Projects. The following table lists the key differences between these two Portal features to help you understand their advantages and workflows.
| Feature | File Stream | Projects |
|---|---|---|
| File organization Work with multiple versions of a software package and group them into projects | โ | โ๏ธ |
| Unlimited file retention Analyzed files and their reports aren't automatically removed from the Portal | โ | โ๏ธ |
| Version diff Compare two versions of a software package to view their differences | โ | โ๏ธ |
| View report Access the SAFE report for a successfully analyzed file | โ๏ธ | โ๏ธ |
| Share report Send the link to a SAFE report to anyone in or outside your organization | โ | โ๏ธ |
| Export report Download sections of the SAFE report and the SBOM for a file | โ๏ธ | โ๏ธ |
| Get RL-SAFE archive Download the complete SAFE report for a software version | โ | โ๏ธ |
| Export PDF Download the Summary page of the SAFE report in the PDF format | โ๏ธ | โ๏ธ |
| Download file Download the analyzed software binary from the Portal to your local system | โ๏ธ | โ๏ธ |
| Mark file as released Differentiate released software versions from unreleased ones | โ | โ๏ธ |
| Reanalyze file Scan a previously analyzed file again to refresh the SAFE report | โ๏ธ | โ๏ธ |
| Delete file Remove an analyzed file, its metadata and report from the Portal | โ๏ธ | โ๏ธ |
| Approve or reject file Mark an analyzed file as (un)acceptable for use in your organization | โ๏ธ | โ๏ธ |
| File filtering Display analyzed files that match specific criteria | โ๏ธ | โ |
| Reproducible builds Analyze a reproducible build artifact of a software version | โ | โ๏ธ |
| Auto-approval Automatically approve packages that pass the configured SAFE Level for your group | โ๏ธ | โ๏ธ |
Navigating the File Stream pageโ
All pages on the Portal share a header from which you can switch between various groups you belong to, and the tabs for each Portal page you can alternate between: File Stream, Projects, and Policies.
On the File Stream page, all uploaded software packages are displayed in the File Stream table containing the following fields:
- Info - dropdown containing the summarized software quality information for the uploaded software package. This is also where you can access the full report for the uploaded software package
- Status - indicates the overall CI status (pass or fail) of your package
- Approval - indicates if the software package was approved (manually or automatically) or rejected for use in your organization, if its approval was revoked, or if it's still awaiting approval
- File - indicates the full name of the software package, including its file type. The icon next to it shows who uploaded the file, while the removal countdown displayed underneath indicates how long until the file is automatically removed from File Stream. Selecting the file name opens the analysis report in a new Portal tab
- SAFE Assessment, surfacing the count of most severe issues detected across risk categories. Any of these can be disabled for each user and in that case, they will not affect the overall CI status. The number of issues detected in a particular risk category is a link leading to the corresponding page in the report, while hovering over the category name where any additional risks have been found opens a small SAFE Assessment card
- Usage - indicates the total size of the software package and how much of your group capacity was used when the package was uploaded to the Portal
The Actions menu at the end of each table row is represented by three dots (โฎ). A complete list of available actions can be found on the File Stream workflows page.
The uploads in the table can be ordered by the following values from the Sort By dropdown above the table:
- upload date
- file name
- quota usage (file size)
The information in the table can also be filtered based on the following criteria:
- who uploaded the file (All Uploads, My Uploads) and when the file will be deleted (Deleted in 7 days, Deleted in 30 days, Deleted in 60 days)
- what its approval status is (All Approval Statuses, Approval Pending, Approved, Approval Rejected, Approval Revoked)
The progress bar on the right above the File Stream table displays the status of your group capacity, which eliminates the need to check the Analysis Capacity page before or after each new upload.
The File Stream table header warns you when your group has files that will be removed in 7 days or less.
Upload to File Streamโ
File Stream supports the following:
- direct file upload
- file import from a specified URL
Your Portal instance remembers your choice when you leave the page. However, you can switch back and forth between the upload options as much as you want to.
When uploaded, files are automatically analyzed and added to the File Stream table on the File Stream page.
Upload a fileโ
To upload your software packages to the File Stream page of the Portal, use the button above the File Stream table.
Click on the button after selecting Upload File from the dropdown.
This prompts you to choose a file from your computer and afterwards to enter the required information on your software package:
- Product - indicates the full name of the software package
- Version - indicates the software package version
- Publisher - indicates the software publisher
- Platform - a dropdown from which you can choose the system for which the software has been developed
- Category - a dropdown from which you can choose the general purpose of the software package
- License - a dropdown from which you can choose the type of license for the software package. All license types from the SPDX License List are supported
If a file is encrypted using one of the default passwords listed below, Spectra Assure can automatically decrypt it. Uploading a file protected with a different password to the Portal will produce incomplete analysis results.
Default password list
1234
infected
password
VelvetSweatshop
Import from URLโ
If you do not have a file saved locally, you can import it from a URL.
Click on the button above the File Stream table after choosing URL Import from the dropdown.
This prompts you to provide the following information:
- File URL, where the file you want to import resides
- Basic Authentication information, if the URL requires either Username and Password or a Bearer Token to access the file
In the second step, you can see the estimated size of the file you want to import and the preview of how much quota you're going to spend on the file import.
Afterwards, enter the same required information on your software package as during the file upload. If you're satisfied with your choices, move on to the last step (overview), where you can see the summary of your import options.
Next stepsโ
To learn how to work with the packages on the File Stream, go to the File Stream workflows page.