AKharytonchyk
diff --git a/‎README.md‎
Lines changed: 24 additions & 3 deletions b/‎README.md‎
Lines changed: 24 additions & 3 deletions
diff --git a/‎RELEASE_NOTES.md‎
Lines changed: 143 additions & 0 deletions b/‎RELEASE_NOTES.md‎
Lines changed: 143 additions & 0 deletions
diff --git a/‎docs/CSP_SIMPLEICONS_UPDATE.md‎
Lines changed: 101 additions & 0 deletions b/‎docs/CSP_SIMPLEICONS_UPDATE.md‎
Lines changed: 101 additions & 0 deletions
@@ -11,13 +11,24 @@ The GitHub PR Dashboard is a comprehensive tool designed to streamline the monit
 - 📖 [Deployment Guide](docs/DEPLOYMENT.md) - Production deployment and CSP configuration
 - 🔒 [Security Guidelines](docs/SECURITY.md) - Token management and security best practices  
 - ⚡ [Performance Guidelines](docs/PERFORMANCE.md) - Optimization and caching strategies
+- 🛡️ [Dependabot Integration](docs/DEPENDABOT_INTEGRATION.md) - Security vulnerability monitoring setup and usage
 
 ## Features
 
 - **Secure GitHub Integration**: Securely connect using GitHub Personal Access Tokens (PAT) with enhanced token management and automatic expiration.
+- **Comprehensive Repository Access**: Access all repositories you have permissions for, including:
+  - Public and private repositories you own
+  - Private repositories you collaborate on
+  - Organization repositories (both public and private)
+  - Repositories you have access to through team memberships
 - **Organization and Repository Selection**: Choose which organizations and repositories you want to monitor within the dashboard.
 - **Pull Request Overview**: Get a consolidated view of all pull requests across your selected repositories.
 - **Issue Overview**: Get a consolidated view of all issues across your selected repositories and organizations.
+- **Security Vulnerability Monitoring**: Monitor Dependabot security alerts across repositories with:
+  - Real-time vulnerability counts by severity (Critical, High, Medium, Low)
+  - Direct links to GitHub security pages for remediation
+  - Support for both GitHub.com and GitHub Enterprise instances
+  - Lazy loading and caching for optimal performance
 - **Dark Mode**: Toggle between light and dark themes with persistent user preferences.
 - **Settings Management**: Easily manage your settings within the app. Setting sharing is now available via raw setting toggle.
 - **Repository Focus View**: Access repository view and navigate to see PRs and Issues for this particular repository.
@@ -46,9 +57,17 @@ The GitHub PR Dashboard is a comprehensive tool designed to streamline the monit
 
 ### Repository Dashboard
 
-![Repository](docs/images/repo.png)
-![Repository](docs/images/repo-pr.png)
-![Repository](docs/images/repo-issues.png)
+![Repository Overview](docs/images/RepoView.png)
+![Repository PRs](docs/images/repo-pr.png)
+![Repository Issues](docs/images/repo-issues.png)
+
+### Security Vulnerability Monitoring
+
+<!-- Placeholder: Add screenshot of repository cards showing vulnerability indicators -->
+*Please add screenshot showing repository cards with vulnerability indicators (Critical/High/Medium/Low chips)*
+
+<!-- Placeholder: Add screenshot of expanded vulnerability details -->
+*Please add screenshot showing expanded vulnerability details with clickable severity chips*
 
 ## Getting Started
 
@@ -103,6 +122,7 @@ This application implements enterprise-grade security and performance optimizati
 - 🔒 **[Security Guidelines](docs/SECURITY.md)** - Token security, CSP configuration, and best practices
 - ⚡ **[Performance Guidelines](docs/PERFORMANCE.md)** - Caching strategies, optimization techniques, and monitoring
 - 🚀 **[Deployment Guide](docs/DEPLOYMENT.md)** - Production deployment with dynamic CSP and environment configuration
+- 🛡️ **[Dependabot Integration](docs/DEPENDABOT_INTEGRATION.md)** - Complete guide to security vulnerability monitoring
 
 ## Environment Configuration
 
@@ -207,6 +227,7 @@ VITE_MAX_REQUESTS_PER_MINUTE=500
 - 📖 [Deployment Guide](docs/DEPLOYMENT.md) for production setup
 - 🔒 [Security Guidelines](docs/SECURITY.md) for token and security issues
 - ⚡ [Performance Guidelines](docs/PERFORMANCE.md) for performance optimization
+- 🛡️ [Dependabot Integration](docs/DEPENDABOT_INTEGRATION.md) for vulnerability monitoring setup
 
 ## Contributing
 
 
@@ -0,0 +1,143 @@
+# 🛡️ Security Vulnerability Monitoring Release
+
+## 🎉 Major New Feature: Dependabot Integration
+
+We're excited to announce a major new feature that brings security vulnerability monitoring directly to your GitHub PR Dashboard! This release introduces comprehensive Dependabot alert integration with enterprise-grade support for both GitHub.com and GitHub Enterprise instances.
+
+## ✨ What's New
+
+### 🛡️ Security Vulnerability Monitoring
+- **Real-time vulnerability tracking** across all your repositories
+- **Severity-based indicators** showing Critical, High, Medium, and Low vulnerabilities  
+- **Direct links** to GitHub security pages for immediate remediation
+- **Lazy loading and caching** for optimal performance
+- **Compact and expanded views** for flexible information display
+
+### 🏢 Enterprise Support
+- **GitHub Enterprise Server (GHE) compatibility** with dynamic URL generation
+- **Automatic avatar fallbacks** for GHE authentication issues  
+- **Dynamic Content Security Policy** adapting to your GitHub environment
+- **Enhanced repository access** including private repos and organization memberships
+
+### 🎨 UI/UX Improvements
+- **Consistent vulnerability indicators** across all repository cards
+- **Expandable detail views** showing vulnerability breakdowns by severity
+- **Clickable severity chips** linking directly to filtered security pages
+- **Clean, professional interface** with proper loading states and error handling
+
+## 📸 Screenshots
+
+### Repository Overview with Vulnerability Indicators
+![Repository Overview](docs/images/RepoView.png)
+
+### Vulnerability Monitoring in Action
+<!-- Placeholder: Add screenshot of repository cards showing vulnerability indicators -->
+*Please add screenshot showing:*
+- *Repository cards with different vulnerability states (Secure, Critical, High, etc.)*
+- *Expand buttons on repositories with vulnerabilities*
+- *Mix of secure and vulnerable repositories*
+
+### Expanded Vulnerability Details  
+<!-- Placeholder: Add screenshot of expanded vulnerability details -->
+*Please add screenshot showing:*
+- *Expanded view with individual severity chips (Critical, High, Medium, Low)*
+- *Clickable chips with hover states*
+- *Clean layout showing vulnerability breakdown*
+
+### GitHub Enterprise Support
+<!-- Placeholder: Add screenshot showing GHE compatibility -->
+*Please add screenshot showing:*
+- *Dashboard working with GitHub Enterprise Server*
+- *Different avatar sources and URLs*
+- *Enterprise-specific security page links*
+
+## 🚀 Technical Highlights
+
+### New Components
+- **VulnerabilityIndicator**: Sophisticated React component with lazy loading and caching
+- **Avatar fallback utilities**: Handles GHE authentication seamlessly  
+- **Dynamic CSP generation**: Adapts security policies to your GitHub environment
+
+### Enhanced Services
+- **Extended GitService**: New methods for Dependabot alert fetching and summarization
+- **Improved repository access**: Now includes private repos you collaborate on
+- **Error handling**: Graceful handling of permissions and API errors
+
+### Performance & Security
+- **React Query integration**: Efficient caching and background updates
+- **Intersection Observer**: Only loads vulnerability data when visible
+- **Rate limiting**: Respectful API usage with intelligent retry logic
+- **CSP improvements**: Removed unsupported directives, enhanced compatibility
+
+## 🔧 Configuration
+
+### Required Permissions
+For vulnerability monitoring, ensure your GitHub Personal Access Token includes:
+- `security_events` scope for accessing Dependabot alerts
+- `repo` scope for repository access
+- `read:org` scope for organization repositories
+
+### Environment Variables
+New optional environment variables for customization:
+```bash
+# GitHub Enterprise Server support
+VITE_GITHUB_API_URL=https://ghe.your-company.com/api/v3
+VITE_GITHUB_AVATAR_URL=https://avatars.ghe.your-company.com  # Optional - auto-detected
+VITE_GITHUB_BASE_URL=https://ghe.your-company.com            # Optional - auto-detected
+```
+
+## 📚 Documentation
+
+We've added comprehensive documentation for the new features:
+
+- 🛡️ **[Dependabot Integration Guide](docs/DEPENDABOT_INTEGRATION.md)** - Complete setup and usage guide
+- 🔒 **[Security Guidelines](docs/SECURITY.md)** - Updated with vulnerability monitoring best practices
+- 🚀 **[Deployment Guide](docs/DEPLOYMENT.md)** - Enhanced CSP configuration for enterprise environments
+
+## 🐛 Bug Fixes & Improvements
+
+### UI Consistency
+- Fixed vulnerability indicator styling inconsistencies
+- Standardized chip sizing and alignment across repository cards
+- Improved expand button behavior and positioning
+
+### Repository Access  
+- Enhanced repository fetching to include all accessible repositories
+- Added support for private repositories through team memberships
+- Better handling of organization repositories
+
+### Security & Performance
+- Removed unsupported CSP directives (frame-ancestors, X-Frame-Options in meta tags)
+- Improved avatar loading with automatic GitHub.com fallbacks
+- Enhanced error handling with user-friendly messages
+
+## 🔄 Migration Notes
+
+### Existing Users
+- No breaking changes for existing functionality
+- Vulnerability monitoring is automatically enabled for repositories with appropriate permissions
+- New documentation links are available in the application
+
+### New Permissions
+If you want to use vulnerability monitoring:
+1. Update your GitHub Personal Access Token to include `security_events` scope
+2. Re-authenticate in the application
+3. Vulnerability indicators will automatically appear on repository cards
+
+## 🎯 What's Next
+
+This release sets the foundation for advanced security monitoring features. Future releases may include:
+- Custom vulnerability filtering and alerts
+- Security trend analytics and reporting  
+- Integration with security scanning tools
+- Automated vulnerability remediation workflows
+
+## 🙏 Acknowledgments
+
+Special thanks to the community for feedback and testing that made this comprehensive security feature possible. Your input helped us create a robust, enterprise-ready solution that works seamlessly across different GitHub environments.
+
+---
+
+**Full Changelog**: [Compare changes](https://github.com/AKharytonchyk/git-pull-request-dashboard/compare/previous-version...current-version)
+
+**Download**: Get the latest release from the [Releases page](https://github.com/AKharytonchyk/git-pull-request-dashboard/releases)
@@ -0,0 +1,101 @@
+# Content Security Policy (CSP) Update for SimpleIcons
+
+## Overview
+The GitHub PR Dashboard uses SimpleIcons (via @iconify/react) to display technology icons for repository languages. This requires updating the Content Security Policy to allow connections to `api.simplesvg.com`.
+
+## Changes Made
+
+### 1. Dynamic CSP Configuration
+
+Updated `src/utils/dynamicCSP.ts` to include SimpleIcons API:
+
+```typescript
+// Before
+connect-src 'self' ${apiUrl} https://${apiHost}
+img-src 'self' data: ${avatarUrl} https://${avatarHost}
+
+// After  
+connect-src 'self' ${apiUrl} https://${apiHost} https://api.simplesvg.com
+img-src 'self' data: ${avatarUrl} https://${avatarHost} https://api.simplesvg.com
+```
+
+### 2. Environment Configuration
+
+Updated `src/utils/environmentConfig.ts` to include SimpleIcons API:
+
+```typescript
+// Before
+connect-src 'self' ${githubApiUrl} https://${apiHost}
+img-src 'self' data: ${githubAvatarUrl} https://${avatarHost}
+
+// After
+connect-src 'self' ${githubApiUrl} https://${apiHost} https://api.simplesvg.com
+img-src 'self' data: ${githubAvatarUrl} https://${avatarHost} https://api.simplesvg.com
+```
+
+### 3. Documentation Updates
+
+Updated all CSP examples in:
+- `docs/SECURITY.md`
+- `docs/DEPLOYMENT.md`
+- `index-enhanced.html`
+
+## Final CSP Configuration
+
+### GitHub.com
+```
+default-src 'self'; 
+script-src 'self' 'unsafe-inline'; 
+style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 
+font-src 'self' https://fonts.gstatic.com; 
+connect-src 'self' https://api.github.com https://api.simplesvg.com; 
+img-src 'self' data: https://avatars.githubusercontent.com https://api.simplesvg.com; 
+frame-ancestors 'none'; 
+base-uri 'self'
+```
+
+### GitHub Enterprise
+```
+default-src 'self'; 
+script-src 'self' 'unsafe-inline'; 
+style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 
+font-src 'self' https://fonts.gstatic.com; 
+connect-src 'self' https://ghe.acme.com/api/v3 https://ghe.acme.com https://api.simplesvg.com; 
+img-src 'self' data: https://avatars.ghe.acme.com https://api.simplesvg.com; 
+frame-ancestors 'none'; 
+base-uri 'self'
+```
+
+## Why SimpleIcons?
+
+- **Rich Icon Set**: Provides 2000+ high-quality SVG icons for technologies
+- **Consistent Styling**: All icons follow the same design principles
+- **Performance**: SVG icons are lightweight and scalable
+- **Up-to-date**: Regularly updated with new technologies
+- **Free**: Open source and free to use
+
+## Security Considerations
+
+- **Limited Scope**: Only allows connections to `api.simplesvg.com`
+- **CDN Trust**: SimpleIcons API is operated by the same team that maintains the icon set
+- **No Execution**: Only fetches icon data, no script execution
+- **Fallback**: Application gracefully handles icon loading failures
+
+## Testing
+
+The CSP changes have been tested and verified:
+- ✅ Type checking passes
+- ✅ Build succeeds
+- ✅ Icons load correctly
+- ✅ No CSP violations in development
+- ✅ Fallback handling works
+
+## Alternative Approaches
+
+If you prefer not to use external APIs, you can:
+
+1. **Bundle icons locally**: Download icon sets and serve them from your domain
+2. **Use fewer icons**: Only include essential icons in your build
+3. **Disable icons**: Remove icon functionality entirely
+
+The current approach balances functionality, performance, and security.