Skip to content

Roadmap

Brian Dussault edited this page Nov 1, 2023 · 9 revisions

Overview

Our roadmap is where you can learn about what features we're working on, what stage they're in, and when we expect to bring them to you. Have any questions or comments about items on the roadmap? Share your feedback via GitHub public feedback discussions.

Last updated: October 31, 2023

- 🚀

In Progress 🚀

  • New scoring dimension: Security: Introduce a new scoring dimension that incorporates factors such as SLSA provenance and package behavior.
  • Add more features to repo and author Activity score: Bolster depth of Activity score by adding more features, e.g. information on package maintainers.
  • Improve package to repo link verification: Add statistical verification, e.g. of release timestamps, to improve the confidence of the mapping from a repo to a package.
  • Show additional context on each score component for each package: Provide key indicators to explain why a package received a particular score, based on the underlying features of the score.
  • Provenance for Python and Rust packages: Enable provenance data from Sigstore for Python and Rust packages, based on Sigstore community efforts.

Planned 📆

  • Include additional metadata on packages: Provide more information on packages including known vulnerabilities from OSV, license information, and additional information from Sigstore.
  • New scoring dimension: Transitive dependencies: Introduce a new scoring dimension that incorporates factors such as the quality of a package’s dependencies and which other packages use the package as a dependency.
  • New scoring dimension: Risk flags: Introduce a new scoring dimension that incorporates factors such as the depth of the package description and the frequency of releases.
  • Show dependencies and dependents of package: List the dependencies included in a package, and which other packages use the package as a dependency (with links to Trusty detailed pages).
  • Show trend graph of scores over time: Enable users to understand how a package’s score has changed over time.
  • Expand support to additional languages: Add additional packages based on an expanded set of languages (e.g., Java, Go, Homebrew).
  • Show Minder badge in UI: Show a package’s Minder 'badge/certification' that shows what practices the project followed.
Clone this wiki locally