File Stream
File Stream is the landing page of the Spectra Assure Portal, where you can view and manage all software packages uploaded and analyzed by your groups, as well as access their reports. You can learn more about the contents of the SAFE reports on the Report page.
Uploaded packages are retained on the File Stream for 90 days, after which they're automatically removed. If you want to preserve these files without reuploading them to Projects and using your analysis capacity, you can move them to a project of your choice.
On this page, you can filter and sort the files you upload, but cannot organize them. To organize different versions of your files by a shared feature of your choice (most commonly by product name), you can use the Projects page.
Depending on your Portal user role, the File Stream page lets you:
- manage software packages uploaded by you or the members of your group
- upload new software packages
- view and export reports for all software packages belonging to your group
- download approved files
- approve/reject your software packages
Differences between File Stream and Projectsโ
When you start using the Portal, you'll typically work with the File Stream first, and gradually move to the Projects. The following table lists the key differences between these two Portal features to help you understand their advantages and workflows.
| Feature | File Stream | Projects |
|---|---|---|
| File organization Work with multiple versions of a software package and group them into projects | โ | โ๏ธ |
| Unlimited file retention Analyzed files and their reports aren't automatically removed from the Portal | โ | โ๏ธ |
| Version diff Compare two versions of a software package to view their differences | โ | โ๏ธ |
| View report Access the SAFE report for a successfully analyzed file | โ๏ธ | โ๏ธ |
| Share report Send the link to a SAFE report to anyone in or outside your organization | โ | โ๏ธ |
| Export report Download sections of the SAFE report and the SBOM for a file | โ๏ธ | โ๏ธ |
| Get RL-SAFE archive Download the complete SAFE report for a software version | โ | โ๏ธ |
| Export PDF Download the Summary page of the SAFE report in the PDF format | โ๏ธ | โ๏ธ |
| Download file Download the analyzed software binary from the Portal to your local system | โ๏ธ | โ๏ธ |
| Mark file as released Differentiate released software versions from unreleased ones | โ | โ๏ธ |
| Reanalyze file Scan a previously analyzed file again to refresh the SAFE report | โ๏ธ | โ๏ธ |
| Delete file Remove an analyzed file, its metadata and report from the Portal | โ๏ธ | โ๏ธ |
| Approve or reject file Mark an analyzed file as (un)acceptable for use in your organization | โ๏ธ | โ๏ธ |
| File filtering Display analyzed files that match specific criteria | โ๏ธ | โ |
| Reproducible builds Analyze a reproducible build artifact of a software version | โ | โ๏ธ |
Navigating the File Stream pageโ
All pages on the Portal share a header from which you can switch between various groups you belong to, and the tabs for each Portal page you can alternate between: File Stream, Projects, Members, and Settings.
On the File Stream page, all uploaded software packages are displayed in the Software table containing the following fields:
- Info - dropdown containing the summarized software quality information for the uploaded software package. This is also where you can access the full report for your package
- Status - indicates if your software package was uploaded successfully
- User - indicates the Portal user who uploaded the package
- File - indicates the full name of the software package, including its file type. The scan duration displayed underneath indicates how long it took to process the software package. Selecting the file name opens the analysis report in a new Portal tab
- Usage - indicates the total size of the software package and how much of your group capacity was used when the package was uploaded to the Portal
- Components - indicates the total number of components in the SBOM and how many of them are verified
- SAFE Assessment/Issues - the only column with an interchangeable heading and related information. When SAFE Assessment is selected, it shows whether any issues with Compliance or Security were found, or if any Threats were detected. Any of these can be disabled for each user. In that case, they will not affect the overall CI status. When Issues is selected, the column displays the total number of detected issues of high, medium or low severity. This column also shows when the software package will be automatically removed from the File Stream
- Approval - indicates if the software package was approved or rejected for use in your organization, if its approval was revoked, or if it's still awaiting approval
The uploads in the table can be ordered by the following column header values:
- filename (File)
- size (Usage)
- the number of components (Components)
- upload date (SAFE Assessment/Issues)
The information in the table can also be filtered based on the following criteria:
- who uploaded the file (All Uploads, My Uploads) and when the file will be deleted (Deleted in 7 days, Deleted in 30 days, Deleted in 60 days)
- what its approval status is (All Approval Statuses, Requires Approval, Approved, Approval Rejected, Approval Revoked)
The progress bar on the right above the Software table displays the status of your group capacity, which eliminates the need to check the Analysis Capacity page before or after each new upload.
The Software table header warns you when your group has files that will be removed in 7 days or less.
Upload a package to File Streamโ
To upload your software packages to the File Stream page of the Portal, use the Upload File button above the Software table.
This prompts you to choose a file from your computer and afterwards to enter the required information on your software package:
- Product - indicates the full name of the software package
- Version - indicates the software package version
- Publisher - indicates the software publisher
- Platform - a dropdown from which you can choose the system for which the software has been developed
- Category - a dropdown from which you can choose the general purpose of the software package
- License - a dropdown from which you can choose the type of license for the software package. All license types from the SPDX License List are supported
When uploaded, files are automatically analyzed and added to the Software table on the File Stream page.
Next stepsโ
To learn how to work with the packages on the File Stream, go to the File Stream workflows page.