Just thinking out loud, maybe we need to add some more actionable insights here, like "Number of non-low risk deps". So anytime a package dependency is not marked "low risk" (in this config's case - marked as medium or high risk), it would count that. We could assign that card the danger class so it looks scary. In fact, maybe we need to apply the danger class to the "Dependencies Uploaded" card if the percent is <100%.
Just thinking out loud, maybe we need to add some more actionable insights here, like "Number of non-low risk deps". So anytime a package dependency is not marked "low risk" (in this config's case - marked as medium or high risk), it would count that. We could assign that card the
danger
class so it looks scary. In fact, maybe we need to apply thedanger
class to the "Dependencies Uploaded" card if the percent is <100%.Thoughts?
Originally posted by @aclark02-arcus in https://github.com/pharmaR/riskassessment/pull/750#pullrequestreview-2038073834