Overview
A first step in the vulnerability management initiative of the SecTeam is to get an overview of existing vulnerabilities across our projects. To that end, a dashboard should be developed, providing statistical insights on those vulnerabilities. A low-hanging fruit, would be to prototype a visualization product featuring vulnerabilities documented in Phabricator.
Design & development plan
- Review Phabricator API (Conduit) documentation
- Test Conduit endpoints and pull tickets marked with vuln-* tags
- Choose the technical stack — Python, SQLite, JavaScript, HTML5, and hosted on WMCS
- Prototype a minimalist UI, preferably a table, pulling data from Conduit
- Choose and design a UI layout for the dashboard
- Populate layout with data collected from Conduit
- Test and present prototype
Code repository: https://github.com/samuelguebo/vm-dashboard (to be imported in Gerrit later)