OSERA Risk Navigator

About OSERA: Risk Navigator prioritizes software supply-chain remediation work.

The prototype combines open vulnerability intelligence, dependency inventory, and upgrade-path analysis into a static viewer that can be cloned, rebuilt, and served without a backend.

What is included

A static single-file viewer at tool/risk-navigator.html.
A reproducible sample dataset at data/finos-sample-platform.json.
Python pipeline scripts under scripts/.
Validation tests under tests/.
The authoritative build contract in SPEC.md.

Try it on GitHub Pages

The published Docusaurus site includes the interactive viewer and sample dataset:

https://finos-backpatch.github.io/risk-navigator/tool/risk-navigator.html

Use the OSERA demo dataset from the selector to explore the prototype directly in the browser.

Core workflows

Build or load a scope dataset.
Filter by severity, exploitability, project group, namespace, and dependency type.
Review prioritized upgrade, backpatch, amplifier, and framework actions.
Add Maven direct dependencies to the OpenRewrite cart.
Export YAML or generate impact-analysis prompts.

Local start

npm install
python3 -m venv .venv
source .venv/bin/activate
python -m pip install -r requirements-dev.txt
npm run build:all
npm run dev

Open the tool at http://127.0.0.1:5173/tool/risk-navigator.html.

What is included​

Try it on GitHub Pages​

Core workflows​

Local start​

What is included

Try it on GitHub Pages

Core workflows

Local start