Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Explore incorporating dependency metrics into the dashboard #129

Open
ipc103 opened this issue Mar 28, 2024 · 0 comments
Open

Explore incorporating dependency metrics into the dashboard #129

ipc103 opened this issue Mar 28, 2024 · 0 comments

Comments

@ipc103
Copy link
Collaborator

ipc103 commented Mar 28, 2024

One feature request that came in recently was the ability to review dependency information for each repository, specifically around what licenses those packages are using and dependency health.

One potential tool we've been exploring is Dependency Management Data (DMD). DMD allows you to create a sqlite3 database with information about dependency health.

One potential thing we could do:

  • Add a script to add a sqlite3 database to this repository with relevant dependency health metrics. This script would need to:
    • fetch SBOMs for each repo in the org
    • Use the SBOMs to upload dependency information
    • Generate additional DMD reports using the command line tools
  • Add a step to the build process to run SQL queries against the database and generate JSON files with relevant data. We could then determine how to present that relevant data in the UI (for example, for each repo, what are the most common licenses in its' dependents, etc.)

This would potentially provide a step-up in health metrics from what we're currently presenting, and also make data available which isn't currently available anywhere else.

@ipc103 ipc103 changed the title Explore incorporating dependency metrics into the dashboard dashboard Explore incorporating dependency metrics into the dashboard Apr 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant