Results

Built artifacts

Updated:2024-10-07 MAIA

Content:

  1. Built artifacts index page
  2. Built artifacts show page
  3. Comparison tab
  4. Deliveries tab
  5. Tests tab
  6. Composition tab
  7. Vulnerabilities tab
  8. External artifacts tab
  9. Licenses tab
  10. History tab


Summary:

  • A build is the processed content of a specific component, for example, a component that has been compiled.
  • The content of a build is defined in a composition which acts as a recipe for included commits and builds.
  • The output from a build can be stored as deliverables in an artifact repository, a file storage, etc.
  • The result of a build is displayed on the Built Artifacts Show page. A Delivery report can be generated prior to delivering the build to customers, release automation, etc.
  • A build can be processed in a build activity, and can also have test executions and test results registered to it.

Built Artifacts index page

Updated:2024-09-29 MAIA

Is a listing of all built artifacts sorted with newest on top.

The built artifacts table displays all builds the current team has permission to see. If the user performs a search (filter), the table displays the results from the search.

Button

+Upload button: to manually upload an SBOM (Software Bill-of-Materials) in the CycloneDX format.

Table description
Heading Description
Name The name (label) of the build, and a link to the Built artifact show page.
Track The name of the component:track that was built, and a link to the Track show page.
Version The version of the component that was built.
Build time The time the build finished.
Delivered Displays whether the build has a delivery report.
Tags The tags on the build.
Status Build status (and Test status if present) as symbols.
Compare Select button for a comparison.
Filters
Filter by Description
Search Search the Name of an artifact.
component Select component to narrow the search.
track Select track to narrow the search. Track can only be selected after component selection.
state Select state of the build to narrow the search.
deliveries Select whether a the artifact has delivery reports to narrow the search.
tags Select one or more tags to narrow the search.
start date Select a start date to narrow the search.
end date Select a end date to narrow the search.
Compare

Compare two Builds (of the same type) by pushing the compare select buttons in the built artifacts table.

A new windows is opened on top, specifying the builds to be compared. When two builds are selected: push the compare button to open a new Artifact Diff page, showing the differences.


Built Artifacts show page

Updated:2024-10-30 MAIA

The Built artifacts show page contains information and references related to one specific build. If the build is of the Collection component type, information from related components is also aggregated into this page.

The page has the following main areas:

  1. Identity and version of the artifact.
  2. Top boxes with highlighted data.
  3. Tabs row and unique content for each tab.
    1. Comparison tab.
    2. Deliveries tab.
    3. Tests tab.
    4. Composition tab.
    5. Vulnerabilities tab.
    6. External artifacts tab.
    7. Licenses tab.
    8. History tab.
  4. Button row
  5. Information box.

Top box

Color coded status boxes:

Box Description
Build status Build activity Success or Failed.
Test status Ok or Failed with the numbers of Failed tests / Total number of tests.
Since last delivery Time since the Delivery report was created.
Licenses not decided on Number of licenses to evaluate and decide action/Total number of licenses.
Vulnerabilities not decided on Number of vulnerabilities to evaluate and decide action/Total number vulnerabilities.

Colors:

  • Light blue : Status OK
  • Red : Fail/error
  • Purple : Warning
  • Grey : No data

Tabs

Name Description
Comparison Comparing data in this Build with data in an earlier Build and presentation of the differences.
Deliveries Create a delivery report for this build, a listing of existing reports, and a listing of deliverable artifacts.
Tests A list of all tests runs performed on this Build.
Composition The composition of the artifact i.e. all artifacts/versions included in this
Vulnerabilities A list of vulnerabilities detected in this build.
External artifacts A list of artifacts included in/related to this build.
Licenses A list of licenses included in/related to this build.
History A list of manual changes of data in the WebApp related to this build.

Button row

  • Sync external artifacts button: Syncronize all external artifacts regarding vulnerabilities, health, patches, etc.
  • Delete button: Delete the artifact.

Information box

  • Track: Id/Link to the branch from where the component has been built.
  • Version: Version of the component.
  • Environment: Id/Link to the environment description for which this component has been built.
  • Tags: Tags associated with this build.
  • Build time: Time when build has finished.
  • Uuid: Universally unique identifier for this build.
  • Build activity: Id/Link to the build activity.

  • Previous: Id/Link to the previous build of this component (same Track/Environment).
  • Created: Time of creation.

  • Previous with code change: Id/Link to the previous build of this component (same Track/Environment) where the component had a source code change.
  • Created: Time of creation.

  • Previous delivered: Id/Link to the previous build of this component (same Track/Environment) that has a Delivery report.
  • Created: Time of creation.

  • Composition: Id/Link to the Composition page for this build.



Comparison tab

Updated:2024-09-29 MAIA

Comparing data in this Build with data in an earlier Build and presentation of the differences.

Sections in the page:

  • Comparison: Select buttons to make comparisons to standard type builds (Previous, Previous with...etc).
  • Issues: Changes in Issues in comparison to the selected build.
  • Changes in code: Changes in code in comparison to the selected build.
  • Changes in included artifacts: Changes in included artifacts in comparison to the selected build.
  • Changes in compile time artifacts: Changes in compile time artifacts in comparison to the selected build.

Comparison selection

Previous build buttons to select one of three standard types of Builds to compare with:

  • Previous (default): Select to show differences to the previous build of this component (same Track/Environment).
  • Previous with code change: Select to show differences to the previous build of this component (same Track/Environment) where the component had a source code change.
  • Previously delivered: Select to show differences to the previous build of this component (same Track/Environment) that has a Delivery report.

Dependency buttons to select the amount of dependencies to visualize.:

  • Show all dependencies (default for a collection component): Show changes for all components included in the build.
  • Show closest dependencies (default for a single component): Show changes related to this component.

Advanced diff button to open a new page to compare this build with any other build, Artifact diff.

Issues

The Issues section shows changes in Issues and their status in comparison to the selected previous build.

Header Description
Identity Status icon and identity of the Issue and a link to the Issue show page for more information.
Kind Kind of Issue.
Slogan Slogan describing the Issue.
Components Component(s) affected by this Issue, and link(s) to comprehensive component data.

Changes in code

The Changes in code section shows what components and code have changed in comparison to the selected previous build.

Header Description
Component Component icon and identity of the component and a link to the component pages for more information.
Track Branch that have been built.
Code revisions Version changes, from -> to.
Changes Changes icon and a number specifying how many changes, including a link that opens an inline table with detailed information.

The inline table specifying all changes:

Header Description
Created Date & time when commit data was created in MAIA.
Comment The commit comment, including a link to open the show page for the commit.
User The user, and a link to user show page.
Issue status on commit Issue identity and status of Issue. If it's the latest commit with reference to this Issue (per component:track) the status can change to Done. Also a link to the Issue show page.

Changes in included artifacts

Header Description
Component Icon and identity of the component, and a link to component pages in MAIA. External components are described in the package url format. About package url (external link).
From Version before this build. Link to 1) a component build report with this version, or 2) a external component show page.
To Version after this build, and links.
Changes Tags describing the changes. Rebuilt (grey): no changes in source code, rebuilt with the same code. Source Code (green): Built with a source code change. Version (blue): Built with version change. Component removed (orange): Built and the component is not included anymore. Component added (orange): Built with this new component included.

Changes in compile time artifacts

Same as the previous section for components that are used in compile time.



Deliveries tab

Updated:2024-09-29 MAIA

Necessary permissions to create a delivery report: Create/Update delivery reports and Update issues.

When a software build has a delivery report generated by the web app, it's regarded as Delivered by MAIA.

Sections in the tab:

  • Create report button
  • Delivery reports table
  • Deliverables table

Create report

When pushing the Create report button a pop-up window is opened, as a reminder to synchronize all Issues before creating the report. Only Issues considered Done will be included in the report.

Other warnings may also appear, for instance:

  • to update version number for modified software.

Continue to open a form for report editing.

  • Label: A free-text field, labelling the delivery report.
  • Project: Select or create a project name for the delivery or select an existing project.
  • Notify on cve: Select if alterations in cve status for artifacts included in the delivery shall generate a notification.
  • Reason for delivery: Delivery notes.
  • Contact info: Name/email/phone to contact.
  • Included changes: If an existing project is selected above, a select dropdown is opened (not present in the image below). The dropdown includes all previously made delivery reports created in this project. Make the selection to include all changes from the selected report up until now.
  • Show commit diff: Includes all code changes into the report.
Delivery reports

The table lists all reports created for this build. Heading:

  • Title: The label of the report including a link to the report.
  • Published: Date and time.
  • Build label: The label of the build related to the delivery report.
  • Project: Delivery project.
  • Outdated: If outdated, data related to the build has changed e.g. Issues has been set to Done in MAIA after the report was created. Create a new version to include the new data.
  • Notify on CVE: If set, the number defines the minimum CVSS score to send a notification on CVE status changes.

Open the report page by clicking the label. The page has three sections:

  • Reason for delivery.
  • Revisions.
  • Information box, with an edit button.

Revisions

Table containing all versions of the delivery report. Heading:

  • Revision: Version number, including a link to the report.
  • Published: Date and time.
  • Change: Change comment.
  • User: created/updated by User.

Edit and update the report by pushing the edit button.

A modified report form is opened with two new sections.

  • Cancelled: to cancel the report.
  • Notify on CVE: activate notifications regarding CVE status changes, and the minimum CVSS level.
  • Change comment: comment the reason for update.

The full delivery report:

Deliverables table

Contains a list of deliverables including links to each deliverable.



Tests tab

Updated:2024-09-29 MAIA

The tab is a variant of the standard test executions index page but filtered to only show test executions made on this build.

To learn about the test execution pages see Test executions.



Composition tab

Updated:2024-09-29 MAIA

The Composition tab contains a list of commits and artifacts that constitutes the composition.

Commit

The commit table shows the latest commit in the current composition.

The table headings are:

  • Identity: Commit identity and a link to the commit show page.
  • Comment: Commit comment.
  • Created: Date and time.
  • User: Commit by user.
  • Track: Track (branch).
Child commits

The table lists child commits.

The table lists child commits.Child artifacts

The table lists child artifacts:

  • Name: The name of the artifact and link to the artifact show page.
  • Usage: How the artifact is used (Compile time, Deliverable, Test, etc)
Child compositions

The table contains the child compositions.

  • Name: The name of the composition and link to the composition show page.
  • Created at: Date and time.



Vulnerabilities tab

Updated:2024-09-29 MAIA

The Vulnerabilities tab contains an index page listing all vulnerabilities detected for this build. The information is continuously updated through the Information Services.

Sections in the page:

  • Filter row
  • Filter buttons
  • Summary
  • Vulnerabilities table

Filter row

Filter by Description
Search Search the Name of an artifact or CVE-id.
Backend Filter by backend data provider: NVD or OSV.
Decided Filter on: have a decision/no decision
Action Filter on decided action: Must be fixed/Has been fixed/Will not be fixed
Due date Filter on due dates: 1Month/2 Months/3 Months

Filter buttons

  • Only vulnerable (default): Show all Vulnerabilities with a priority. A vulnerability analysis and decision resulting in "Not vulnerable", "Fixed", etc. should be set to Priority = "None".
  • All: Show all vulnerabilities regardless of priority.

Summary

Shows the number of Vulnerabilities for each Priority.

  • Grey = None
  • Light blue = Low
  • Green = Medium
  • Orange = High
  • Red = Critical

Vulnerabilities table

A listing of all vulnerabilities identified in this build.

Header Description
Identifier Vulnerability identity, CVE-id or other, and a link to the local vulnerability show page containing detailed information and analysis tools.
Priority Priority set by a manual decision or by an automated rule.
Added date Date when the vulnerability was added to the WebApp.
Decision The result of a decision.
Due date The due date (if any)
Artifact Name of the artifact and link to the detailed artifact info , in package url format. About package url (external link).
Artifact status Health status for the artifact.



External artifacts tab

Updated:2024-09-29 MAIA

Lists all external artifacts included in this build.

Filter

Filter by Description
Search Search artifact name(s).
Type Filter by type of artifact e.g. generic, gem, npm, etc.
License approval Filter on has approved, disapproved, etc.
License Filter on has license/has no license
Vulnerabilities Filter to show vulnerable artifacts within priority categories.
Usage Filter on usage Deliverable/Compile time/Real time/Test.
Status tags Filter on a set of status tags.

Buttons

  • Deep (dependencies) Show all dependency artifacts related to the build.
  • Shallow (dependencies) Show the direct dependencies for current component.

Table description

Header Description
Name Name and version of the artifact and link to detailed artifact info, in package url format. About package url (external link).
Status Artifact status described with a set of tags (see below).
Vulnerabilities A colored text indicating the highest priority on an existing vulnerability detected for the artifact. Link to open an inline table with a list of vulnerabilities.
Licenses Licenses identified for the artifact. Light blue icon= approved, Grey=to be analyzed, Red=not approved
Used in Deliverable/Compile time/Real time/Test
By artifact Used by artifact.
Vulnerability inline table
Header Description
Identifier Vulnerability identity, CVE-id or other, and a link to the local vulnerability show page containing detailed information and analysis tools.
Priority Priority set by a manual decision or by an automated rule.
Added date Date when the vulnerability was added to the WebApp.
Decision The result of a decision.
Due date The due date (if any)

plugin:content-inject



Licenses tab

Updated:2024-09-29 MAIA

The Licenses tab contains a list of all artifacts sorted on license type.

Filter Buttons groups

  • Type of Artifact buttons: filter on Deliverable / Compile time type of artifacts.
  • License type buttons: one filter button for each license type present in the build.
  • Usage button: filter on usage
  • Approval status button: filter on approved/disapproved/undecided status.

License table

One table for each license type

Header Description
Artifact Name of the artifact and link to the detailed artifact info , in package url format. About package url (external link).
Approval Approval status: Approved/Disapproved/undecided with icons.
Source License source: SBOM/Link/Manual ... from an SBOM/downloaded through a link/manually created
Present in Deliverable / Compile time



History tab

Updated:2024-09-29 MAIA

The History tab is a list of changes performed in the MAIA web app UI.