Add Scanner alerts to the dashboard

[abstractj]

Proposal

We currently don't have visibility of scanner alerts within our project. To address this, I suggest we leverage Keycloak dashboards to consolidate and display these alerts. This section allows our team to monitor the security alerts, now that they have permission to see security alerts. The section will show the current status of CVEs on third-party dependencies, container images, plus static code analysis.

Proposed layout:

• Third-party dependencies - will have a link to the open alerts from Snyk and the count of the number of alerts
• Container images - will have a link to the open alerts from Trivy and the count of the number of alerts
• Issues in the codebase - will have a link to the open alerts from CodeQL and the count of the number of alerts

Attached is a prototype and if we agree about that, I can implement.

[abstractj]

@stianst FYI

[stianst]

Makes sense, I'd probably add a new page "Security" rather than add to an existing page. To implement you need to figure out what API to scrape, and do that as part of the update data job, which should be cached in the repo. Try to do it with as few API calls as possible as we can quickly run into API throttling from GH if we do to many invocations.

[abstractj]

Makes sense, I'd probably add a new page "Security" rather than add to an existing page. To implement you need to figure out what API to scrape, and do that as part of the update data job, which should be cached in the repo. Try to do it with as few API calls as possible as we can quickly run into API throttling from GH if we do to many invocations.

Thanks will think about it.