Just thinking out loud, maybe we need to add some more actionable insights here, like "Number of non-low risk deps". So anytime a package dependency is not marked "low risk" (in this config's case - marked as medium or high risk), it would count that. We could assign that card the danger class so it looks scary. In fact, maybe we need to apply the danger class to the "Dependencies Uploaded" card if the percent is <100%.
aclark02-arcus
commented
3 months ago
Just thinking out loud, maybe we need to add some more actionable insights here, like "Number of non-low risk deps". So anytime a package dependency is not marked "low risk" (in this config's case - marked as medium or high risk), it would count that. We could assign that card the
dangerclass so it looks scary. In fact, maybe we need to apply thedangerclass to the "Dependencies Uploaded" card if the percent is <100%.Thoughts?
Originally posted by @aclark02-arcus in https://github.com/pharmaR/riskassessment/pull/750#pullrequestreview-2038073834