File tree Expand file tree Collapse file tree 1 file changed +50
-0
lines changed Expand file tree Collapse file tree 1 file changed +50
-0
lines changed Original file line number Diff line number Diff line change 1+ Security Risk Dashboard
2+
3+ ` *alpha software* `
4+
5+ This is a simple dashboard that shows the security risk of open-source projects. Target audiences include:
6+ - Software Developers -> quickly evaluate the risk of OSS they plan to use in their product
7+ - Security Engineering Teams -> incorporate the rich set of metrics into their risk assessment process
8+ - Engineering Management -> understand ecosystem-wide risk and make informed decisions about OSS usage
9+
10+ The dashboard is customizable and incorporates data from the following sources (more to come):
11+ - OpenSSF Scorecard
12+ - Libraries.io
13+ - git
14+ - GitHub
15+
16+ Usage
17+
18+ ` 1. ` raw data
19+ ```
20+ $ dash generate --repo=github.com/project/repo --output=json
21+
22+ {
23+ "scorecard": { ... },
24+ "libraries_io": { ... },
25+ "git": { ... },
26+ "github": { ... }
27+ }
28+ ```
29+
30+ ` 2. ` dashboard
31+ ```
32+ $ dash generate --repo=github.com/project/repo --output=html --config=dashboard.yaml
33+ ```
34+ sample config file
35+ ```
36+ dashboard:
37+ title: "Security Risk Dashboard"
38+ description: "This is a sample dashboard"
39+ metrics:
40+ - name: "OpenSSF Scorecard"
41+ attributes: # these are pulled from the raw json output; use jq syntax
42+ - path: .score
43+ component: card
44+ - path: .checks[0].{name: name, score: score}
45+ component: donut
46+ - name: "Libraries.io"
47+ attributes:
48+ - path: .checks[0].{value: values}
49+ component: card
50+ ```
You can’t perform that action at this time.
0 commit comments