Skip to content

camaleon2016/security-metrics-dashboard

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

Security Risk Dashboard

*alpha software*

This is a simple dashboard that shows the security risk of open-source projects. Target audiences include:

  • Software Developers -> quickly evaluate the risk of OSS they already use or plan to use in their product
  • Security Engineering Teams -> incorporate the rich set of metrics into their risk assessment process
  • Engineering Management -> understand ecosystem-wide risk and make informed decisions about OSS usage

The dashboard is customizable and incorporates data from the following sources (more to come):

  • OpenSSF Scorecard
  • Libraries.io
  • git
  • GitHub

Usage

1. raw data

$ dash generate --repo=github.com/project/repo --output=json

{
    "scorecard": { ... },
    "libraries_io": { ... },
    "git": { ... },
    "github": { ... }
}

2. dashboard

$ dash generate --repo=github.com/project/repo --output=html --config=dashboard.yaml

sample config file

dashboard:
  title: "Security Risk Dashboard"
  description: "This is a sample dashboard"
  metrics:
    - name: "OpenSSF Scorecard"
      attributes: # these are pulled from the raw json output; use jq syntax
        - path: .score
          component: card
        - path: .checks[0].{name: name, score: score}
          component: donut
    - name: "Libraries.io"
      attributes:
        - path: .checks[0].{value: values}
          component: card

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published