External artifacts

Updated:2022-11-16

Content:

  1. External artifacts index page
  2. External artifacts show page
  3. Licenses tab
  4. Deliveries tab
  5. Built artifacts tab
  6. CVEs tab
  7. History tab


The External artifacts pages in MAIA web app have the following structure :

Updated:2022-11-29

The External artifacts index page lists all external artifacts and their versions ever handled by MAIA Software. The list is sorted on the date of inclusion with the newest on top.

If the user performs a search (filter), the table displays the results from the search.

Table description
Header Description
Name Name of the artifact and link to the detailed artifact info , in package url format. About package url (external link).
Status Artifact status described with a set of tags (see below).
CVEs A bug symbol indicates one or more CVEs detected for the artifact.
Licenses Licenses identified for the artifact. Light blue icon= approved, Black= to be analyzed/approved.
Weblink Link to the source of the artifact.


Filters
Filter by Description
Search Search artifact name(s).
Type Filter by type of artifact e.g. generic, gem, npm, etc.
License approval Filter on has approved, disapproved, etc.
License Filter on has license/has no license
CVEs Filter to show artifact with CVEs in severity categories.
Usage Filter on usage Deliverable/Compile time/Real time/Test.
Status tags Filter on a set of status tags.


plugin:content-inject



Updated:2022-11-16

The External artifact show page contains information and references related to one specific artifact/component and version.

The page has four main areas:

  1. Identity and version of the artifact.
  2. Top box with highlighted data.
  3. Tabs row and unique content for each tab.
    1. Licenses tab.
    2. Deliveries tab.
    3. Built artifacts tab.
    4. CVEs tab.
    5. History tab.
  4. Information box.

Top box

Color coded status box:

Box Description
Status Up-to-date/Update available/No update data
Decision License approval/disapproval/not handled

Colors:

  • Light blue : Ok
  • Lilac : Update available/Licenses to manage
  • Grey : No data

Tabs

Name Description
Licenses License information for this artifact.
Deliveries Deliveries where this artifact is included.
Built artifacts Built artifacts where this artifact is included.
CVEs List of CVEs identified for this artifact.
History A list of manual changes in MAIA WebApp related to this artifact.

Information box

Parameters

  • Component: Name of the artifact/component and a link to the core component page.
  • Version: Version of the component.
  • Version date: Date of the release of this version.
  • Patch level: .
  • Platform: .
  • Alt. link: A manually added link to the component source. This link supersedes the Weblink and will not be overwritten when updating the component.
  • Vcs: link (address) to the component repository.
  • Homepage: Link (address) to the component source.
  • Uuid: Universally unique identifier created for this component.

  • Update available: true/false.
  • Latest version: The latest version available at the source address for this component.
  • Latest version date: Date of the release of that version.
  • Archived: The project is set to archived at the component source.
  • Update check manual: True=Automated check of updates is disabled.
  • Last update check: Last time MAIA checked the update status.

Edit button

To edit data for the artifact i.e. for the specific version of the component. Read this about editing component data.



Updated:2022-11-16

The Licenses tab contains a list of (proposed) licenses related to this artifact.

Table heading:

  • Name: License name.
  • Type: License type.
  • Text: Open to show the license text.
  • Updated at: Date of latest update.
  • Source: License information source (Sbom, Link or Manual).
  • Approval: Approval setting and status (Approve/Disapprove).
  • Ignore: Ignore the license, select box.
  • Edit: Edit button to modify data related to the license.
  • Delete: Delete license (Button visible if delete is possible).

Evaluate a license:

plugin:content-inject

Add a license:

plugin:content-inject



Updated:2022-11-16

The Deliveries tab is a list of builds that contains this artifact, and also having a delivery report.

Table

Name Description
Title Name of Delivery report including a link to the report.
Published Published date
Build label Label of the build related to the delivery report
Project Project name
Outdated If outdated, data related to the delivery has changed e.g. Issues has been set to Done in MAIA after the report was created. Create a new version to include the updated data.
Notify on CVE If set, the number defines the minimum score to send a notification if changes in CVE status is detected.



Updated:2022-11-16

The Built artifacts tab is a list of builds containing this artifact.

Table

Header Description
Name The build label and a link to the build report.
Track Branch
Version Version of the software.
Build time Date and time.
Delivered An icon is present if the build is included in a Delivery.
Tags List of tags related to this build.
Icons



Updated:2022-11-16

The CVE tab contains an index page listing all vulnerabilities detected for this artifact. The information is continuously updated through the CVE Management Service.

Table

A listing of all CVEs identified in this build. The MAIA CVE Management services are continuously updating the listing.

Header Description
CVE CVE identity and a link to the local CVE show page containing detailed information and analysis tools.
CVSS Score The CVSS Base metrics.
CWE Weakness type indicated with colored thermometer.
Exploits Shows a icon if exploits are detected for a CVE.
Added date Date when CVE was added to MAIA
Artifact List of artifact versions and link to the detailed artifact info for each , in package url format. About package url (external link).
Components Components where this artifact belongs.
Last update Date for last update of CVE info at the information source (NVD)
Decided on Light blue "check" icon if a decision exists for this CVE.



The History tab is a list of changes performed in the MAIA WebApp UI.

Table heading:

  • Change: What has changed.
  • Created at: Date and time.
  • User: Name of user making the change.