Review and approve vault packages
When working with packages in a vault, you can review package contents, inspect vulnerabilities, and approve or reject published packages. Approved packages can be consumed by build and deployment processes.
You can view the contents of a package, inspect security issues, review package details, rename the package, and send comments to team members.
Note: When a package is uploaded, PulseUno detects the licenses used by the package, and the vulnerabilities the package has. Additionally, you can enable continuous vulnerability detection for vault packages. This way, PulseUno will regularly check for new security issues that may be discovered, and report them in the Vulnerabilities tab of the related package version. By default, the regular vulnerability check is enabled for remote vaults. For details, see Vulnerability detection.
To review package contents:
- In PulseUno, navigate to Spaces and select a space.
- In the sidebar, select Vaults.
On the Vaults page, open the vault containing the package you want to review.
Tip: By default, packages are displayed as a list. To display vault contents as a hierarchical tree, switch to the Tree View .
- Open the package and then the relevant package version.
To view and edit information about the package version, navigate between the tabs:
Tab Description Conversation
- Edit the description to change the package's automatically generated name.
- View the recent activity for the package, such as who deployed the package or changed the approval state.
- Send comments and questions to other members of your team. Replies from the team are displayed in this tab.
- View the package details, such as the size of the package version, the user who deployed the package, and the time the package was deployed.
- Open the chain run that delivered the package.
- Add or remove approvers.
- View a tree of files included in the package.
- Click a file to view its details.
- Download individual files. For details, see Download files and packages.
- Maven vaults: For Maven snapshot versions, view a tree of files grouped into deliveries by date. Delete deliveries, as needed. You can delete any snapshot delivery except the latest one.
How to use
View command and code hints on how to use the package in your project.
For example, for npm, find commands for installing the package to your npm project or adding the package to a dependency file.
Licenses View licenses for the package. Vulnerabilities
View vulnerabilities detected by PulseUno, including the source, Common Weakness Enumeration (CWE, software weakness types), and description.
Issues are color-coded to indicate severity.
For details on how to enable regular vulnerability checks, see Edit vault settings.
Note: You can override the default vault retention policy for the package version. To keep the package, click Keep Forever. For details about retention policies, see Create retention policies.
After a package is published, it needs to be approved or rejected. For details on how to enable automated approvals, see Specify vault approval rules.
As an assigned approver, you can approve the package so that development teams can use it in their build and deployment processes.
Reject the package if it violates your organization's standards such as licensing, performance, or security. A rejected package cannot be used. The developer who added the package must fix the issue.
For details on how to assign approvers, see Publish packages to a vault.
To approve or reject one or more packages:
- In PulseUno, open My Work.
In the sidebar, select Package approvals. A list of packages pending your approval is displayed.
Sort the list as required, for example, by package version or the users who deployed the packages.
Select one or more packages to approve or reject.
To select all the packages, click Toggle Visible Selection .
To approve the packages, select Change Approval > Approve. In the Confirm Approval dialog box, optionally enter the reason for approving the packages.
To reject the packages, select Change Approval > Reject. In the Confirm Rejection dialog box, enter the reason for rejecting the packages.
(Optional) If the vault uses an approval check list, select which check list items you have reviewed.
For details about check lists, see Use vault approval check lists.
- Click Approve or Reject to confirm your action.
Bypass the package approval process
As an administrator or vault owner, you can bypass the standard approval process and instantly approve or reject packages that are pending approval.
To approve or reject a package as an administrator:
In PulseUno, navigate to Spaces and select a space.
In the sidebar, select Vaults. The Vaults page opens.
Drill down to the relevant vault, package, and package version.
To approve the package, click Actions at the top right, and select Mark as Approved. In the Confirm Approval dialog box, optionally enter the reason for approving the package.
To reject the package, click Actions and select Mark as Rejected. In the Confirm Rejection dialog box, enter the reason for rejecting the package.
Click Approve or Reject to confirm your action.