This panel focuses on advisory to package relationship visualization and help identify gaps in that aspect.
Kindly leave your thoughts and recommend other charts you may have in mind in the comments.
Draft List:
-
Ecosystem Distribution Donut: Package count by ecosystem type from PackageV2.type
- Shows overall ecosystem coverage in the database.
-
Namespace Distribution Donut with Ecosystem Filter: Top 10 namespaces by package count for a selected ecosystem from PackageV2.namespace
-
Affected vs Fixed Packages Grouped Bar Chart with Ecosystem Filter
- Compares affected packages vs packages with known fixes per ecosystem.
-
Severity Distribution Scatter Plot
- Shows advisory severity distribution.
Ref: https://www.cvedetails.com/cvss-score-charts.php
-
Total Advisories vs Advisories without an Affected Package
- Show absence of purl and vers mappings and possible need of Improvers
-
Ghost Packages per Importer/Advisory
-- (this one needs a little refinement, if you have any chart in mind to better visualize Ghost Package kindly leave your thoughts)
I have attached a sample metabase PoC below.
This panel focuses on advisory to package relationship visualization and help identify gaps in that aspect.
Kindly leave your thoughts and recommend other charts you may have in mind in the comments.
Draft List:
Ecosystem Distribution Donut: Package count by ecosystem type fromPackageV2.typeNamespace Distribution Donut with Ecosystem Filter: Top 10 namespaces by package count for a selected ecosystem fromPackageV2.namespaceAffected vs Fixed Packages Grouped Bar Chart with Ecosystem FilterSeverity Distribution Scatter PlotRef: https://www.cvedetails.com/cvss-score-charts.php
Total Advisories vs Advisories without an Affected PackageGhost Packages per Importer/Advisory-- (this one needs a little refinement, if you have any chart in mind to better visualize Ghost Package kindly leave your thoughts)
I have attached a sample metabase PoC below.