Review and approve packages

When working with packages in a vault, you can review package contents, inspect security vulnerabilities, and approve or reject published packages. Approved packages can be consumed by build and deployment processes.

Review package contents

You can view the contents of a package, inspect security issues, rename the package, and send comments to team members.

Note: You can enable continuous vulnerability detection for vault packages. This way, PulseUno regularly checks for new security issues that may be discovered, and report them in the Dependency Vulnerabilities tab of the related package version. By default, the regular check for dependency vulnerabilities is enabled for remote vaults. For details, see Detect dependency vulnerabilities.

To review package contents:

  1. From the spaces list at the top right, select a space.

  2. In the sidebar, select Vaults.

  3. On the Vaults page, open the vault containing the package you want to review.

    Tip: By default, packages are displayed as a list. To display vault contents as a hierarchical tree, switch to the Tree View .

  4. Open the package and then the relevant package version.

  5. To view and edit information about the package version, navigate between the tabs:

    Tab Description
    Conversation
    • Edit the description to change the package's automatically generated name.
    • View the recent activity for the package, such as who deployed the package or changed the approval state.
    • Send comments and questions to other members of your team. Replies from the team are displayed in this tab.
    • View the package details, such as the size of the package version, the user who deployed the package, and the time the package was deployed.
    • Open the chain run that delivered the package.
    • Add or remove approvers.
    Content
    • View a tree of files included in the package.
    • Click a file to view its details.
    • Download individual files. For details, see Download files and packages.
    • Maven vaults: For Maven snapshot versions, view a tree of files grouped into deliveries by date. Delete deliveries, as needed. You can delete any snapshot delivery except the latest one.
    How to use

    View command and code hints on how to use the package in your project.

    For example, for npm, find commands for installing the package to your npm project or adding the package to a dependency file.
    Licenses

    View licenses for the package.

    PulseUno detects the licenses when a package is uploaded.

    Dependency Vulnerabilities

    View dependency vulnerabilities detected by PulseUno, including the source, Common Weakness Enumeration (CWE, software weakness types), and description.

    Issues are color-coded to indicate severity.

    For details on how to enable regular vulnerability checks, see Edit vault settings.

    Note: You can override the default vault retention policy for the package version. To keep the package, click Keep Forever. For details about retention policies, see Create retention policies.

Back to top

Approve vault packages

After a package is published, it needs to be approved or rejected. For details on how to enable automated approvals, see Specify vault approval rules.

As an assigned approver, you can approve the package so that development teams can use it in their build and deployment processes.

Reject the package if it violates your organization's standards such as licensing, performance, or security. A rejected package cannot be used. The developer who added the package must fix the issue.

For details on how to assign approvers, see Publish packages.

To approve or reject one or more packages:

  1. In PulseUno, click the company logo at the top left to open My Work.

  2. In the sidebar, select Package Approvals. A list of packages pending your approval is displayed.

    Sort the list as required, for example, by package version or the users who deployed the packages.

  3. Select one or more packages to approve or reject.

    To select all the packages, click Toggle visible selection .

  4. To approve the packages, select Change Approval > Approve. In the Confirm Approval dialog box, optionally enter the reason for approving the packages.

    To reject the packages, select Change Approval > Reject. In the Confirm Rejection dialog box, enter the reason for rejecting the packages.

  5. (Optional) If the vault uses an approval check list, select which check list items you have reviewed.

    For details about check lists, see Use vault approval check lists.

  6. Click Approve or Reject to confirm your action.

Back to top

Bypass the package approval process

As an administrator or vault owner, you can bypass the standard approval process and instantly approve or reject packages that are pending approval.

To approve or reject a package as an administrator:

  1. From the spaces list at the top right, select a space.

  2. In the sidebar, select Vaults. The Vaults page opens.

  3. Drill down to the relevant vault, package, and package version.

  4. To approve the package, click Actions at the top right, and select Mark as Approved. In the Confirm Approval dialog box, optionally enter the reason for approving the package.

    To reject the package, click Actions and select Mark as Rejected. In the Confirm Rejection dialog box, enter the reason for rejecting the package.

  5. Click Approve or Reject to confirm your action.

Back to top

See also: