[SCA] Package health
Problem to solve
We have the information and logic required to display what is known as the health of each package, and yet we have not done it on the surface.
Intended users
integrates users
Permissions and Security
Proposal
Test plan
Steps
-
Complete the packages database with the relevant information for the package health For the Latest version: -
Popularity / # Downloads -
Authors -
Download URL -
Repo URL -
State (Yanked?) -
Digest -
Licenses -
Dependencies, requirers [ name, version dist] -
For each release: -
Release date -
License -
Dependencies, requirers [ name, version dist] -
state (Yanked?) -
Digest -
Download URL
-
-
-
Registrys: -
NPM -
Pypi -
Maven -
Composer -
NuGet -
Go -
RubyGems -
Cargo -
Conan -
Swift -
Hex / Erlang -
Docker Images -
Pub
-
-
export it to sbom_fluid -
process this in integrates -
display it on the front end.
What does success look like, and how can we measure that?
Links / references
Edited by Jhon Romero