Prioritize dependency risk with an open, reproducible snapshot.

Risk Navigator turns vulnerability intelligence and dependency inventory into an interactive decision surface for remediation planning, backpatch candidates, amplifier upgrades, and OpenRewrite-ready upgrade bundles.

Launch the tool Read the docs Review the spec

Vulnerability signals

Dependency inventory

→

Risk Navigator dataset

→

Prioritized fixes

OpenRewrite cart

Inside the tool

From exposure signal to remediation plan.

The hosted demo uses the OSERA sample dataset, so the same views can be explored directly from GitHub Pages.

Risk Navigator library prioritization table with detail pane

Prioritize vulnerable libraries

Start from the ranked library view to compare CVSS, EPSS, KEV, affected projects, upgrade effort, safe versions, and amplifier paths in one place.

Risk Navigator backpatch priority calculator view

Find OSERA patch candidates

Use the backpatch priority calculator to separate routine upgrades from cases where fork, backpatch, or amplifier work can reduce migration risk.

Generate remediation bundles

Add Maven dependencies to the OpenRewrite cart, tune target versions, and generate YAML or impact prompts for repeatable remediation planning.

What it helps answer

Where is the exposure?

Slice vulnerable libraries by CVSS, EPSS, KEV, namespace, project reference, and project group.

What moves first?

Rank patch, minor, major, backpatch, framework, and amplifier remediation options by impact and effort.

Where is OSERA needed?

Surface cases where downstream patch ownership or backpatch work can defer risky migrations.