Skip to content

Quickstart

Setup Guide

Follow this guide to set up users, roles, policies, teams, and everything else. Applies to Metaport CE and Metaport SaaS.

The guide assumes you have access to a working Metaport server. You can find out about that in the install docs and also the development docs. You may also find you need to refer to the troubleshooting guide from time to time.

Tip

Whenever a Superuser (Admin role) or Owner role creates a user, a limited expiry invitation is sent out automatically via email. This process is a fairly standard and helps keep track of users. Should an invite expire before it's confirmed, a new one can be re-issued.

Tip

See the summary table here to familiarise yourself with Metaport's user roles.

Metaport Hierarchy

  • An Organisation has many Customers
  • An Organisation has many Teams
  • Each Team has many Applications
  • Each Team has many Policies
  • Each Team has many Users
  • Only Superusers and Owners can manage Organisations
  • Only Superusers can Owners can create (additional) Owner users
  • Owners can manage all Teams in an Organisation
  • Managers can only manage their own Teams
  • Users can do enough within their own Teams for their day-to-day work

Superusers

Superusers have access to an entire Metaport server (Metaport CE only). They are the only role with the ability to create Organisations and other Owner users.

Superusers can create additional superusers (sometimes known as "Admins" - Metaport CE only).

Warning

Superusers have godlike capabilities over the entire server, irrespective of organisations and teams.

Tip

By default, Metaport CE auto-installs one superuser account the credentials for which are managed as environment variables. See the .env.example file.

  1. Login to Metaport with the default Superuser account.
  2. Navigate to the "Users" section.
  3. Select the "Add User" button.
  4. Type the name and email fields.
  5. Select the "Administrators" role from the "Roles" field.
  6. Select the "Invite" button.

Adding Standard Users

Tip

There are 5 user-roles to be aware of, but only 3 can be conferred to users. See the security docs for a comparison table.

  1. Login to Metaport with a Superuser or "Owner" account.
  2. Navigate to the "Users" section.
  3. Select the "Invite User" button.
  4. Input the information as required.
  5. Select a group from the "Groups" field.
  6. Select a team from the "Teams" field.
  7. Select the "Invite" button.

Tip

Be sure to select from the "Identity Provider" menu if the user to be invited is managed by a 3rd party provider like Entra, Github, or Keycloak.

Add/Remove User to/from a Team

  1. Login to Metaport with a Superuser or "Owner" account.
  2. Navigate to the "Users" section.
  3. Locate the desired user.
  4. Add or remove from the "Teams" field as applicable.
  5. Select the "Save" button.

Adding an Organisation

  1. Login to Metaport with a Superuser or "Owner" account.
  2. Navigate to the "Organisations" section.
  3. Select the "Add Organisation" button.
  4. Enter a name.
  5. Select the "Create" button.
  6. Create at least one team within the organisation.
  7. Invite a new user to that team.

Adding a Team

Note

Dependency Manager configuration is managed at the application level, as-is the EOL manager.

  1. Login to Metaport with a Superuser or "Owner" account.
  2. Navigate to the "My Teams" section.
  3. Select the "Add Team" button.
  4. Select the "Settings" tab (if not already highlighted).
  5. Fill in the relevant fields.
  6. Select the "Create" button.
  7. (Optional) If you know the connection details for your dependency management software, enter these in the "Dependency Manager Settings" accordion. Leave blank if relying on agents to submit this data.
  8. (Optional) If your team's apps will be sending data to Metaport using email, enter the IMAP mailbox connection details in the "Mailbox Settings" accordion.

Note

If the team is showing the "PRELIMINARY" badge, it was created automatically during on-boarding a user. Be sure to update before using it.

Adding an Application

Note

A Metaport Application needs to be setup in Metaport itself before Metaport will accept incoming requests from an agent or EOL ingest system.

  1. Login to Metaport with a Superuser, "Manager" or "Owner" account.
  2. Navigate to the "My Teams" section and select a team.
  3. Select the "Applications" tab.
  4. Select the "Add Application" button.
  5. Fill in the relevant fields under the "Settings" tab. 5.1 For agent-driven applications: "Transport Mode": Select HTTP or Email as the transport apps will use to report-in to this app. 5.2 For non-agent-driven applications: Be sure to select a Dependency Manager and EOL Manager from the "Settings" tab.
  6. Select the "Create" button. 6.1. "App Group": Once the app has been created, an "App Group" field will be shown. These simply group apps together by environment and/or technology.
  7. Select the "Get Developer Export" button and send the information securely to your developers.

Creating a New Policy

Note

A Policy is unique to a team. Policies allow teams to determine which application data they're most interested in being notified about.

Note

Metaport automatically creates several useful default policies for you, each time a team is created.

Bug

The "Run & Download" button does not correctly reflect the current user's permissions to execute this action.

  1. Login to Metaport with a Superuser, "Owner" or "Manager" account.
  2. Navigate to the "My Teams" section and select the desired team.
  3. Select the "Policies" tab and select the "Add Policy" button.
  4. Provide a name and select an optional download format (default is .csv).
  5. Select from the "Schedule" dropdown (selecting anything other than "None" prompts for subject, recipient and message).
  6. Select the "Save" button and then the "Rules" tab.
  7. Select the "Add Rule" button.
  8. Add a name for this rule.
  9. Select from the available "Rulesets" (See tips below).
  10. Select from the available "Component Fields".
  11. Select the "Create" button.
Using pre-defined variables in the notification body

When selecting schedules with notifications, placeholders or "variables" can be inserted into the email body which automatically populates it with data:

%AppCount The number of production apps managed by your team.
%Apps A list of the production apps managed by your team.
%TeamName The name of your team.
%PolicyName The name of this policy.
%PolicyData Tabulated version of this policy run.

Using Rulesets

Rulesets are collections of custom rules which represent properties of your teams' applications, each of which is executed on a schedule against the Metaport database (see step 5).

General rulesets represent "direct" queries on application properties e.g. Release Date or SSL Expiry.
Component rulesets represent "indirect" queries on aspects of teams' application components such as Framework or Operating System.
Dependency rulesets also represent "indirect" queries, but operate on aspects of teams' applications' dependencies e.g. the name, version or CVE of an included library or plugin.

Tip

A policy run is the result of a policy having been executed. They can be found by navigating to "Teams" or "My Teams" > "Policy" tab > Policy > "Runs" tab.

Accessing the Maintenance Calendar and Chart

Tip

The maintenance calendar is available from all your teams' applications.

  1. Login to Metaport with any user role.
  2. Navigate to the team to which your application is related.
  3. Select the "Applications" tab.
  4. Select the appropriate table row.
  5. Select the calendar icon from the bottom of the screen.

The chart is visible after selecting the tabbed navigation associated with your app's "App Group".

Setup Application Components

EOL and component management is done on the application level. Navigate to the desired application, then select the "Settings" tab and expand the appropriate accordion.

Warning

Assumes that the system-wide crontab is working as per the installation instructions.

Info

Metaport relies on third-party APIs for its knowledge of frameworks, operating systems, webservers, databases, and language runtimes. These APIs are used to report end-of-life and end-of-support to teams.

Export App Credentials for Developers

Info

This is the process for exporting the "Developer Export" to get developers up and running quickly with the Metaport agent and EOL ingest system.

Warning

The exported file contains unencrypted credentials. Use secure channels and password vaults to transfer this information securely.

  1. Login to Metaport with any user role.
  2. Navigate to the team to which your application is related.
  3. Select the "Applications" tab.
  4. Select the appropriate table row.
  5. Select the Get Developer Export icon.

Anatomy of the Developer Export