Projects
Projects are one of the main features of the Spectra Assure Portal. With Projects, you can manage your software releases and organize software packages by a shared feature - typically by the product name. Each project consists of one or more software packages, which serve as the basis for package version tracking.
On the Projects page, you can view and manage all projects, packages, and package versions added by your groups. For each package version, you can access its detailed report after the analysis. You can learn more about the contents of Spectra Assure analysis reports on the Report page.
Depending on your Portal user role, the Projects page lets you:
- create projects
- add packages to your projects
- version track your packages
- modify projects and packages created by you or the members of your groups
- manage software package versions and their artifacts uploaded by you or the members of your groups
Differences between File Stream and Projectsโ
When you start using the Portal, you'll typically work with the File Stream first, and gradually move to the Projects. The following table lists the key differences between these two Portal features to help you understand their advantages and workflows.
| Feature | File Stream | Projects |
|---|---|---|
| File organization Work with multiple versions of a software package and group them into projects | โ | โ๏ธ |
| Unlimited file retention Analyzed files and their reports aren't automatically removed from the Portal | โ | โ๏ธ |
| Version diff Compare two versions of a software package to view their differences | โ | โ๏ธ |
| View report Access the SAFE report for a successfully analyzed file | โ๏ธ | โ๏ธ |
| Share report Send the link to a SAFE report to anyone in or outside your organization | โ | โ๏ธ |
| Export report Download sections of the SAFE report and the SBOM for a file | โ๏ธ | โ๏ธ |
| Get RL-SAFE archive Download the complete SAFE report for a software version | โ | โ๏ธ |
| Export PDF Download the Summary page of the SAFE report in the PDF format | โ๏ธ | โ๏ธ |
| Download file Download the analyzed software binary from the Portal to your local system | โ๏ธ | โ๏ธ |
| Mark file as released Differentiate released software versions from unreleased ones | โ | โ๏ธ |
| Reanalyze file Scan a previously analyzed file again to refresh the SAFE report | โ๏ธ | โ๏ธ |
| Delete file Remove an analyzed file, its metadata and report from the Portal | โ๏ธ | โ๏ธ |
| Approve or reject file Mark an analyzed file as (un)acceptable for use in your organization | โ๏ธ | โ๏ธ |
| File filtering Display analyzed files that match specific criteria | โ๏ธ | โ |
| Reproducible builds Analyze a reproducible build artifact of a software version | โ | โ๏ธ |
Navigating the Projects pageโ
All pages on the Portal share a header from which you can switch between various groups you belong to, and the tabs for each Portal page you can alternate between: File Stream, Projects, Members, and Settings.
When you first open the Projects page, you need to either create a new project or choose an existing project to view. If your group already has some projects, they are listed in the sidebar on the left.
This sidebar is always visible when switching between projects, packages, and versions, and it includes the following:
- the progress bar, showing the current status of the analysis capacity for your group. This eliminates the need to check the Analysis Capacity page before or after each new upload
- the
Create Projectbutton, used to create new projects in your currently selected group - the search bar, used to find projects and packages created in your currently selected group
- group projects - dropdowns from which you can access your group's projects and their packages
Every project and package in the sidebar has an Actions menu, with different options for projects and packages.
If you want more space for your data, you can collapse the sidebar at any time by clicking on the arrow button at the bottom.
When collapsed, you can see only the progress bar, the Create Project button, and the search bar.
View packages in a projectโ
Selecting a project in the sidebar opens the list of all packages inside the project.
Packages are displayed in the Packages table containing the following fields:
- Status - indicates the overall CI status of the latest package version (pass or fail). It can also be none if no versions exist inside this package
- Package - indicates the package name. You can set this up when creating a package, and change it at any time with the Edit Package option. Selecting the package name opens the Releases view
- # Versions - indicates the total number of software package versions inside a package
- SAFE Assessment/Issues - the only column with an interchangeable heading and related information. When SAFE Assessment is selected, it shows whether any issues with Compliance or Security were found, or if any Threats were detected. Any of these can be disabled for each user. In that case, they will not affect the overall CI status. When Issues is selected, the column displays the total number of detected issues of high, medium or low severity. This information refers to the latest released package version
- Last Scan - indicates when the package was last scanned. This timestamp changes whenever a version inside the package is reanalyzed
- Approval - indicates if the latest released package version was approved or rejected for use in your organization, if its approval was revoked, or if it's still awaiting approval
- Actions - the menu containing everything you can do with the selected software package
Above the table, you can see the name of the currently selected project and how many packages it contains.
You can create packages either from the sidebar or by clicking the Create Package button above the Packages table.
An organization can have up to 10,000 packages in total across all projects.
All packages in the Packages table can be sorted by the following column header values:
- the package name (Package)
- the number of versions they contain (# Versions)
- the time of the last scan (Last Scan)
View versions in a packageโ
Selecting a package opens the list of all versions inside the package. In the Portal interface, package versions are also referred to as "releases" and are considered as collections of artifacts.
All uploaded software package versions are displayed in the Releases table containing the following fields:
- Info - a dropdown menu containing a package version summary
- Status - indicates the overall CI status (pass or fail) of the package version
- Version - indicates the number or other unique identifier of the package version. You can set this only when uploading the package version, and it cannot be modified later. If a package version was derived from another version, this information is displayed below the version identifier. You can specify if a package version is derived when uploading it to the Portal. Selecting the version identifier opens the SAFE report in a new Portal tab
- Upload Next Version - the cloud-shaped upload button that serves as a shortcut for uploading another package version. When uploading a new package and choosing a version it is derived from, a version diff will be automatically generated and included in the SAFE report
- Usage - indicates the total file size and how much of your group capacity was used when the version was added to your package
- Components - indicates the total number of components in the SBOM and how many of them are verified
- SAFE Assessment/Issues - the only column with an interchangeable heading and related information. When SAFE Assessment is selected, it shows whether any issues with Compliance or Security were found, or if any Threats were detected. Any of these can be disabled for each user. In that case, they will not affect the overall CI status. When Issues is selected, the column displays the total number of detected issues of high, medium or low severity. This column also shows when the package version was uploaded to the Portal
- Released - indicates the release date of a package version
- Approval - indicates if the package version was approved or rejected for use in your organization, if its approval was revoked, or if it's still awaiting approval
- Actions - the menu containing everything you can do with the selected software package version
This table cannot be sorted or filtered in any way.
Above the table, you can see the name of the currently selected package and how many versions it contains. Next to this, on the far right, you can check the time of the last scan. This timestamp changes whenever a version is reanalyzed.
You can upload package versions by clicking the Upload Version button above the Releases table.
You can also move the existing software package versions from the File Stream page into a project and package of your choice.
A package can contain 12 versions, which are automatically ordered by the time of their uploads.
This section also contains the CI/CD graphic and the summary for the latest released version with the following information:
- whether any issues with Compliance or Security were found, or if any Threats were detected. Any of these can be disabled for each user. In that case, they will not affect the overall CI status
- the total number of detected issues of high, medium or low severity
- details on the version, such as version number, release date, product name, and approval status
If no released versions exist for your package, this summary is not available.
Next stepsโ
To learn how to work with projects, packages, and versions and other artifacts, go to the Projects workflows page.