OWASP Project Health Dashboard Development Plan

The Project Health Dashboard will provide internal visibility into the health and status of OWASP projects, including both new and older projects, with a focus on monitoring key health metrics and automated evaluations. This tool will help identify projects that require attention, such as those with low activity, leadership issues, or non-compliance, and will not be publicly available.

1. Define Health Metrics and Indicators

• Goal: Define key metrics and indicators to assess the health of a project.
• Tasks:
  • Identify key health metrics (e.g., number of contributors, open vs. closed issues, release frequency, etc.).
  • Develop project health indicators, such as:
    • Releases: Number of releases, stability, frequency.
    • Integration with OWASP.org: Regular updates to OWASP site with project content.
    • Project age: Age of the project, with considerations for mature projects.
    • Last release: Last commit, commit hash, and the stars received.
    • Activity metrics: Number of stars, forks, issues, pull requests, issues needing help.
    • Compliance checks: Ensuring projects adhere to OWASP funding policies.
  • Metrics for Project Vitality: Track growth over time in terms of contributors, issues, PRs, and activity.

2. Identify and Flag Projects with Health Issues

• Goal: Automatically identify projects with potential health issues.
• Tasks:
  • Flag old projects with no recent releases or updates.
  • Identify new projects that failed to launch based on lack of activity (e.g., no commits or releases in a set period).
  • Highlight projects with fewer than two leaders or contributors.
  • Track projects with non-compliant funding policies.
  • Perform automated checks to evaluate if a project’s health metrics fall below set thresholds.

3. Create Project Health Evaluation Criteria

• Goal: Develop a system to evaluate the health of projects based on their activity and compliance.
• Tasks:
  • Establish health thresholds for various metrics:
    • Number of releases within a defined timeframe.
    • Integration level with OWASP.org (ensure the project has up-to-date content and documentation).
    • Frequency and stability of releases (e.g., multiple releases in the last year).
    • Number of open issues versus closed issues, and the turnaround time for pull requests.
    • Contributor growth and activity trends.
  • Track project age to differentiate between young and mature projects.
  • Flag projects with issues needing help or long unaddressed open issues.

4. Dashboard Layout & Design

• Goal: Design a user-friendly dashboard to visualize project health data.
• Tasks:
  • Design the overall layout, ensuring that health metrics are easy to read and understand.
  • Include sections for:
    • General health overview for each project (status, issues, PRs, releases).
    • Vitality scores: Graphical representations of health (e.g., pie charts, line charts for activity trends).
    • Compliance checks (funding policy, leadership).
    • Last updates and releases for each project.
  • Make sure the dashboard allows internal users to filter by:
    • Projects with critical health issues.
    • Projects based on their release frequency or issue metrics.
  • Provide clear indicators and visual alerts for projects that need attention.

5. CSV Export Functionality

• Goal: Enable export of project health data for offline analysis or reporting.
• Tasks:
  • Implement functionality to export health data in CSV format for each project or multiple projects.
  • Ensure that CSV export includes essential information such as:
    • Project metadata (name, description, leadership).
    • Health metrics (release frequency, issues, PRs, contributors, etc.).
    • Compliance status (e.g., funding policy).
  • Ensure CSV is structured clearly, with headers matching the dashboard columns.

6. Implement Automated Health Monitoring Scenarios

• Goal: Set up automated monitoring and evaluation of project health.
• Tasks:
  • Implement automated scripts that run on a periodic basis (e.g., weekly) to check project health.
  • Automate the process of:
    • Evaluating release frequency and stability.
    • Checking integration with OWASP.org.
    • Tracking contributions and pull request turnaround time.
    • Evaluating compliance with OWASP funding policies.
  • Automatically flag projects based on defined health thresholds.
  • Send notifications to project maintainers or relevant stakeholders when a project’s health score drops below a threshold.

7. Health Report Generation

• Goal: Generate regular health reports to be shared with internal stakeholders.
• Tasks:
  • Automatically generate health reports for each project, summarizing its status over time.
  • Create monthly or quarterly reports showcasing the overall health of OWASP projects, highlighting those in need of attention.
  • Allow internal users to subscribe to receive health reports for projects they follow or manage.

8. Continuous Improvement & User Feedback

• Goal: Continuously improve the Project Health Dashboard based on internal feedback.
• Tasks:
  • Collect feedback from internal users on the dashboard’s effectiveness and clarity.
  • Regularly review and update the health evaluation metrics based on changes to OWASP’s needs.
  • Add new health indicators as needed (e.g., community engagement, issue resolution time, etc.).
  • Implement a feedback system where internal users can suggest new features or improvements.

9. Final Testing & Deployment

• Goal: Ensure that the Project Health Dashboard works reliably across various scenarios and environments.
• Tasks:
  • Conduct functional testing for automated checks, ensuring metrics are calculated accurately.
  • Test the CSV export functionality to ensure data integrity.
  • Validate the visualizations and dashboard layout for clarity and usability.
  • Deploy the dashboard for internal use on OWASP Nest and promote it among internal stakeholders.