vrothberg / rpm-cve-count

0 stars 0 forks source link

base image impact #1

Open cgwalters opened 2 months ago

cgwalters commented 2 months ago

Nice tool!

One enhancement I think we could make here is to generalize this to something like: "package impact" - specifically other axes/metrics I think are relevant:

I could imagine tweaking things slightly here such that we help offer a tool which aids folks in gauging the overall "impact" of the presence of a package. Its CVE load is a big one, but not the only one.

vrothberg commented 2 months ago

👍 open to suggestions and PRs for sure :)

I focused on CVE count only since that's what I needed but the feedback suggests the tool may be useful on a bigger scale than I have imagined.