Results

External artifacts

Updated:2024-10-28 MAIA

An external artifact is usually a version of an open source component, not controlled by a version control system.

Content:

  1. External artifacts index page
  2. External artifacts show page
  3. Licenses tab
  4. Deliveries tab
  5. Built artifacts tab
  6. Vulnerabilities tab
  7. SBOM data tab
  8. History tab


External artifacts index page

Updated:2024-10-29 MAIA

The External Artifacts Index page displays all external artifacts ever managed by MAIA, unless they have been actively removed from the system. The list is sorted by inclusion date, with the most recent entries at the top.

If the user performs a search (filter), the table displays the results from the search.

Table description
Header Description
Name Name of the artifact and link to the detailed artifact info , in package url format. About package url (external link).
Status Artifact status described with a set of tags (see below).
Vulnerabilities If vulnerability detected -> text/symbol indicating the most prioritized vulnerability for the artifact (see below).
Licenses Licenses identified for the artifact. Light blue icon= approved, grey= to be analyzed/approved.
Weblink Link to the source of the artifact.


Artifact status

Status tags are generated through data provided by the MAIA Information Services.

Each artifact may have a set of one or more of the following status tags.

  • OK : The artifact is verified to be in its latest** official release version available.
  • Update available : Updates are available for the artifact. Read more.
  • Update check disabled : The check is disabled.
  • No data : Data cannot be automatically extracted from an online service/api.
  • Aging : The latest version of the artifact is more than ~2.5 years old (default setting, may be modified).
  • Old : The latest version of the artifact is more than ~5 years old (default setting, may be modified).
  • Archived : The project providing the artifact has been set to Archived at the source.
  • Manual : Data is manually set, no automatic updates.
  • Unresolved : Data is automatically extracted but may have an ambiguous interpretation. Read more

** an included artifact in a pre-release is set to OK if it's more recent than the latest official release.


Vulnerabilities are indicated with the status of the most prioritized vulnerability. Vulnerability data is provided by the MAIA Information Services.

The row may be expanded to a sub-table making all vulnerabilities visible with: identity, priority, date and analyzed.

Vulnerabilities sub-table description
Header Description
Identifier Identity of the vulnerability and a link to detailed vulnerbility info.
Priority Indicating the priority of the vulnerability.
Added date Date when the vulnerability was added to the artifact.
Analyzed A light blue icon is indicating that at least one analysis exists for the vulnerability.


Filters
Filter by Description
Search Search artifact name(s).
Type Filter by type of artifact: Software, OS/Firmware, Hardware.
Package type Filter by type of package e.g. generic, gem, npm, etc.
License approval Filter on has approved, disapproved, etc.
License Filter on has license/has no license
Vulnerability Filter to show artifacts with vulnerabilities in different categories.
Status tags Filter on a set of status tags.


External artifacts show page

Updated:2024-10-29 MAIA

The External artifact show page contains information and references related to one specific artifact and version.

The page has four main areas:

  1. Identity and version of the artifact.
  2. Top boxes with highlighted data.
  3. Tabs row and unique content for each tab.
    1. Licenses tab.
    2. Deliveries tab.
    3. Built artifacts tab.
    4. Vulnerabilities tab.
    5. SBOM data tab.
    6. History tab.
  4. Information box with Buttons

Top boxes

Color coded status boxes:

Box Description
Status Up-to-date/Update available/No update data
Decision License approval/disapproval/not handled
Vulnerabilities Number of vulnerabilities published for the artifact.

Colors:

  • Light blue : Ok
  • Purple : Update available/Licenses to manage/Vulnerabilities detected
  • Grey : No data


Tabs

Name Description
Licenses License information for this artifact.
Deliveries Deliveries where this artifact is included.
Built artifacts Built artifacts/SBOMs where this artifact is included.
Vulnerabilities List of vulnerabilities identified for this artifact.
SBOM data Shows SBOM header data
History A list of manual changes in MAIA WebApp related to this artifact.


Information box

Parameters

  • Component: Name of the artifact/component and a link to the core component page.
  • Version: Version of the component.
  • Patch level: Patch level for current artifact.
  • Platform: Specification of current execution platform.
  • Arch: Architecture.
  • Alt. link: A manually added link to the component source. This link supersedes the Weblink and will not be overwritten when updating the component.
  • Vcs: link (address) to the component repository.
  • Homepage: Link (address) to the component source.
  • Uuid: Universally unique identifier created for this component.
  • Created at: Date of creation in MAIA.
  • Update available: true/false.
  • Version date: Date of the release of current version.
  • Latest version: The latest version available at the source address for this component.
  • Latest patch level: Patch level of latest version.
  • Latest version date: Date of the release of latest version.
  • Archived: If project is set to archived at the component source.
  • Backend: Backend service for retrieved data.
  • Backend weblink: Link (address) used to retrieve data.
  • Update check manual: True=Automated check of updates is disabled.
  • Last update check: Last time MAIA checked the update status.


Buttons

Button visibility may depend on your current privileges.

Edit button

To edit data for the artifact i.e. for the specific version of the component. About editing data for all versions, read about editing component data.


Delete button

Delete the artifact.


Sync from adapters-button

Synchronize and update the artifact data with MAIA Information services.

Licenses tab

Updated:2024-10-28 MAIA

The Licenses tab contains a list of (proposed) licenses related to this artifact.

License information may be part of an uploaded component, retrieved through a hyperlink, manually edited, etc.

Table heading:

  • Name: License name.
  • Type: License type.
  • Text: Open to show the license text.
  • Created at: Date of creation.
  • Updated at: Date of latest update.
  • Source: License information source (Sbom, Link or Manual).
  • Approval: Approval setting and status (Approve/Disapprove).
  • Ignore: Ignore the license, select box.
  • Edit: Edit button to modify data related to the license.
  • Delete: Delete license (Button visible if delete is possible).
Evaluate a license:

Read about how to evaluate a license

Add a license:

Read about how to add a license


Deliveries tab

Updated:2024-10-28 MAIA

The Deliveries tab is a list of builds that contains this artifact, and also having a delivery report.

Table

Name Description
Title Name of Delivery report including a link to the report.
Published Published date
Built artifact Build identity and link to the build report.
Label Build label.


Built artifacts tab

Updated:2024-10-29 MAIA

The Built artifacts tab lists all builds that include this artifact.

Table

Header Description
Name The artifact build label and a link to the build report.
Component Component name
Version Version of the software.
Track Name of the branch
Build time Date and time.
Delivered An icon is present if the build is included in a Delivery Report.
Tags List of tags related to this build.
Icons


Vulnerabilities tab

Updated:2024-10-29 MAIA

The Vulnerabilities tab contains an index page listing all vulnerabilities detected for this artifact. The information is continuously updated through the MAIA Information Services.

Table

A listing of all vulnerabilities identified for this artifact.

Header Description
Identifier Vulnerability identity and a link to the local Vulnerabilities show page containing detailed information and analysis tools.
Priority The priority of the vulnerability.
Added date Date when CVE was added to MAIA
Analyzed Light blue "check" icon if an analytics report exists for this vulnerability.


Raw SBOM tab

plugin:content-inject

History tab

Updated:2024-10-29 MAIA

The History tab is a list of changes related to the artifact.

Table heading:

  • Change: What has changed.
  • Created at: Date and time.
  • User: Name of user making the change.