Explore incorporating dependency metrics into the dashboard #129
Description
One feature request that came in recently was the ability to review dependency information for each repository, specifically around what licenses those packages are using and dependency health.
One potential tool we've been exploring is Dependency Management Data (DMD). DMD allows you to create a sqlite3 database with information about dependency health.
One potential thing we could do:
- Add a script to add a sqlite3 database to this repository with relevant dependency health metrics. This script would need to:
- fetch SBOMs for each repo in the org
- Use the SBOMs to upload dependency information
- Generate additional DMD reports using the command line tools
- Add a step to the build process to run SQL queries against the database and generate JSON files with relevant data. We could then determine how to present that relevant data in the UI (for example, for each repo, what are the most common licenses in its' dependents, etc.)
This would potentially provide a step-up in health metrics from what we're currently presenting, and also make data available which isn't currently available anywhere else.