The project health dashboard

Each project has a project health score (beta) and a corresponding dashboard to help your team focus on the most impactful work.

Project health score

The project health score box is a quick summary of your project health, which is a weighted average of the subscores for the standards enabled for a project. How this score is calculated can be found in this article. In the example on this page, this project has a relatively good score, but a lot of older releases. This score should be used to compare projects to determine which projects to focus on first, and help you quickly determine what may be the cause of the lower score.

Project issues

Project issues highlights the top five drags on your project score per standard. If your organization does not have all standards enabled, there will be no issues related to that standard. The lower the subscore, the more the release is dragging down your health score. This section is intended to help you prioritize the work your team does to improve your project health score.

Unreviewed security issues

The 'Unreviewed security issues' section highlights the security issues that have not been reviewed by a catalog administrator. This section helps catalog administrators focus on which tasks to address first. Addressing open tasks allows the project team to have clear guidance on how to remediate an issue, saving the team time. Catalog decisions also help focus the team on working on issues that matter most. It's possible that while there are many high security issues, your team does not use the vulnerable releases standard in that way, so it is not a priority to address. Closing the related tasks will allow your team to focus on things that are priorities.

Project recommendations

Project recommendations is a report that rolls up all issues on transitive dependencies to the top level dependency. The report is generated only upon request for the latest information.

Below is an example line in the report, information truncated for this article. This project is directly calling cli-plugin-babel 4.2.3. This package is bringing in dependencies that violate all standards, such as http-signature 1.2.0, which is violating the releases are up to date standard, and the json-schema 0.2.3, which is violating the licensing standard and has a security vulnerability. The last column helps you determine how far behind the latest version your direct package is, which may help you decide whether to prioritize upgrading the direct package version to try to resolve some of the underlying issues.

This report may have many lines; it's recommended that you pick a few lines of this report and create tasks for your team to address in an issue tracker. In the report generated by this project, there were 664 records, most of them highlighting out-of-date violations. While you can just upload the entire report into an issue tracker, this is not recommended as it provides no priority level and in fact includes many items you may consider very low priority.