Skip to main content

File Stream

File Stream is the landing page of the Spectra Assure Portal, where you can view and manage all software packages uploaded and analyzed by your groups, as well as access their reports.

Uploaded packages are retained on the File Stream for 90 days, after which they're automatically removed. If you want to preserve these files without reuploading them to Projects and using your analysis capacity, you can move them to a project of your choice.

On this page, you can filter and sort the files you upload, but cannot organize them. To organize different versions of your files by a shared feature of your choice (most commonly by product name), you can use the Projects page.

Depending on your Portal user role, the File Stream page lets you:

  • manage software packages uploaded by you or the members of your group
  • upload new software packages
  • view and export reports for all software packages belonging to your group
  • approve/reject your software packages
  • download approved files

Navigating the File Stream pageโ€‹

All pages on the Portal share a header from which you can switch between various groups you belong to, and the tabs for each Portal page you can alternate between: File Stream, Projects, Members, and Settings (Figure 1, #1).

Figure 1 - Navigating the File Stream page
Figure 1 - Navigating the File Stream page

On the File Stream page, all uploaded software packages are displayed in the Software table containing the following fields (Figure 1, #4):

  • Info - dropdown containing the summarized software quality information for the uploaded software package. This is also where you can access the full report for your package
  • Status - indicates if your software package was uploaded successfully
  • User - indicates the name of the user who uploaded the package
  • File - indicates the full name of the software package, including its file type. The scan duration displayed underneath indicates how long it took to process the software package. Selecting the file name opens the analysis report in a new Portal tab
  • Usage - indicates the total size of the software package and how much of your group capacity was used when the package was uploaded to the Portal
  • Components - indicates the total number of components in the SBOM and how many of them are verified
  • Assessment/Issues - the only column with an interchangeable heading and related information. When Assessment is selected, it shows whether any issues with Compliance or Security were found, or if any Threats were detected. When Issues is selected, the column displays the total number of detected issues of high, medium or low severity
  • Approval - indicates if the software package was approved or rejected for use in your organization, if its approval was revoked, or if it's still awaiting approval

The uploads in the table can be ordered by the following column header values:

  • filename (File)
  • size (Usage)
  • the number of components (Components)
  • upload date (Assessment/Issues)

The information in the table can also be filtered based on the following criteria (Figure 1, #2):

  • who uploaded the file (All Uploads, My Uploads) and when the file will be deleted (Deleted in 7 days, Deleted in 30 days, Deleted in 60 days)
  • what its approval status is (All Approval Statuses, Requires Approval, Approved, Approval Rejected, Approval Revoked)

The progress bar on the right above the Software table displays the status of your group capacity (Figure 1, #3), which eliminates the need to check the Analysis Capacity page before or after each new upload.

The Software table header warns you when your group has files that will be removed in 7 days or less.

Upload a package to File Streamโ€‹

To upload your software packages to the File Stream page of the Portal, use the Upload File button above the Software table (Figure 1, #3). This prompts you to choose a file from your computer and afterwards to enter the required information on your software package:

  • Product - indicates the full name of the software package
  • Version - indicates the software package version
  • Publisher - indicates the software publisher
  • Platform - a dropdown from which you can choose the system for which the software has been developed
  • Category - a dropdown from which you can choose the general purpose of the software package
  • License - a dropdown from which you can choose the type of license for the software package. All license types from the SPDX License List are supported
  • Release - indicates the date of the software package release

When uploaded, files are automatically analyzed and added to the Software table on the File Stream page.

Manage your packagesโ€‹

After your software package has been analyzed, you can access the Actions menu at the right end of the table row of your package. From the Actions menu, you can do the following:

  1. Move to Project
  2. View Report
  3. Reanalyze
  4. Download File
  5. Delete File
  6. Approve/Reject

The availability of these actions depends on the user role you were assigned.

Move a file to a projectโ€‹

To preserve your files, you can move them from the File Stream to the Projects page. Before moving the file, you have to associate it with a project and a package, so that you can manage it as any other package version.

WARNING

When there's already a maximum number of versions inside a package (12), the oldest package version by upload date will be removed.

To move a package version from the File Stream, select Move to Project from the Actions menu. In the dialog that opens, you have to complete the following four steps:

  1. Select Project, where you can either select an existing project from the dropdown or create a new one if the project you searched for does not yet exist
  2. Select Package, where you can select an existing package from the dropdown. If the package you searched for does not yet exist, you can create a new one
  3. Software Info, where you can edit the same information about your software package that you need to enter when you're uploading it directly to the Projects page. All fields except for Version are automatically filled. The Derived field takes the last successfully uploaded version as its value. This field is available only when you're moving your file to a package that already contains at least one version.
  4. Overview, where you can once again check all the information on the package version you're moving, including its target location

You can switch back and forth between the steps by selecting them at the top of the dialog. This allows you to change any information on the package version up until you finish the process of moving your file to a desired project.

When all the steps are successfully completed, you can view your file inside the desired project and package on the Projects page. Upon move, this file is automatically reanalyzed without influencing your analysis capacity to ensure it is in sync with other package versions and to create diffs. Note that the file you moved is shown first in the list of package versions because it was uploaded last.

View a reportโ€‹

You can view the software package report on the Portal either from Info dropdown > View report or from the Actions menu at the end of each table row. Another way to access the report is by selecting the filename of the software package.

Reanalyze a fileโ€‹

You can reanalyze your software packages at any point in time from the Actions menu. However, the Portal will prompt you to reanalyze the file if your package report is outdated when you want to view it. Reports can be outdated for the following reasons:

  • the Portal analysis engine has been updated since you uploaded your package
  • the organization policy profile has changed since you uploaded your package
  • the group policy profile has changed since you uploaded your package
NOTE

Sending a file to reanalysis does not affect the group capacity in any way.

Download a fileโ€‹

To download approved packages in their original file format, select the Download File button in the Actions menu. In the pop-up that opens, you can do the following:

  • click the filename to complete the download action
  • view and copy the SHA256 file hash
  • select Close to cancel the download action

If the analysis capacity is exceeded, if file is not approved, or if you do not have the permission to approve files, selecting the Download File button results in an error. Only users with roles that allow file approval can download any file regardless of its approval status.

Delete a fileโ€‹

You can delete any software package belonging to your groups from the Actions menu. You should take into account that deleting the software package removes all its related metadata. Therefore, if you want to keep the reports of your deleted packages, you need to export them.

NOTE

You can export only the SBOM (in either CycloneDX or SPDX format) and Issues (in SARIF format) from the Report page.