iqtlabs / auraborealisapp Goto Github PK

Create a filtering mechanism so that by default the warnings associated with test files are filtered out.

@kdobolyi, can you please add tags on the homepage? At least add:

• PyPI
• Security
• Malware
• Python
• SAST
• Static analysis
• Audit

Or something along these lines.

Please pin versions.

Bob G. requested a capability to store snapshots (or "cards") as a user navigated through the app. This would help a user store relevant screens for further review without constantly clicking through the app to get to what he or she wanted.

To help an AuraBorealis user understand to which package version the scan results pertain, add a means within the GUI to understand the package version for each package name displayed.

elasticsearch.exceptions.ConnectionError: ConnectionError((<urllib3.connection.HTTPConnection object at 0x133ded4c0>, 'Connection to vpc-auradata2-2b3s6lmtpt2wcb6ytkjd2y5yau.us-east-1.es.amazonaws.com timed out. (connect timeout=10)')) caused by: ConnectTimeoutError((<urllib3.connection.HTTPConnection object at 0x133ded4c0>, 'Connection to vpc-auradata2-2b3s6lmtpt2wcb6ytkjd2y5yau.us-east-1.es.amazonaws.com timed out. (connect timeout=10)'))

Kill this line, please.

Potentially include a visualization

Use one of the logo's here: https://github.com/SourceCode-AI/aura/tree/dev/files/logo

@kdobolyi, can you please add an "About" description on the homepage? Perhaps "a visual interface for understanding Python Package Index security audit data"?

As requested by Bob G, add a recommender capability to provide similar packages to a user. There is a lot to be determined about such a feature, but this could certainly be explored in a follow-on (post June 2021) project.

@kdobolyi, can you please add a screenshot or two to the README for those readers that are visually inclined?

To avoid legal risk and user confusion, carefully explain the severity score methodology and caveat usage. This could either be a tool-tip that expands when a user hovers their mouse over the severity score column name text or it could could be that the user clicks the security score column name which is a hyperlink to a page with a thorough description. I prefer the latter.

@kdobolyi, can you please comment the HTML files? Please provide at least a description comment at the top of the file that explains the overall purpose and structure. If you are able and have time to do at least some inline commenting, that would be helpful too.

@kdobolyi, can you please add a thorough README? Sections should include:

• Brief description of project
• Explanation of how to use it
• Feature roadmap
• Contact information for our group (use [email protected])
• Links to relevant work, including past IQT Labs blog posts
• Anything else you think would be useful

Do are there different chunks of code that do autocomplete; each chunk does their own version. It would be better if there was one and only one chunk of code that did autocomplete and it was reused throughout the code base.