Description:
The dashboard currently shows audit results, findings, and policies, but there's nothing that makes ongoing security practice feel engaging or rewarding — users have no visibility into how they're performing relative to their repos or each other, making the tool feel purely reactive rather than motivating consistent improvement. I'd like to propose adding two leaderboards using data already generated by the existing PR-scanning/webhook logic (no new scanning needed): a Repo Security Leaderboard ranking connected repos by a calculated Security Score (open vs. resolved vulnerabilities, PR scan pass rate, days since last critical finding) with badges like 🛡️ "Zero Vulnerabilities" or 🔥 "30-Day Clean Streak", and a Contributor Leaderboard ranking developers by security performance in their PRs (fewest vulnerabilities introduced, or most fixes merged), using avatars already available from GitHub OAuth. Both would live under a new /dashboard/leaderboard page, reusing existing Prisma models for findings/audit data — happy to take this up if approved.
Description:
The dashboard currently shows audit results, findings, and policies, but there's nothing that makes ongoing security practice feel engaging or rewarding — users have no visibility into how they're performing relative to their repos or each other, making the tool feel purely reactive rather than motivating consistent improvement. I'd like to propose adding two leaderboards using data already generated by the existing PR-scanning/webhook logic (no new scanning needed): a Repo Security Leaderboard ranking connected repos by a calculated Security Score (open vs. resolved vulnerabilities, PR scan pass rate, days since last critical finding) with badges like 🛡️ "Zero Vulnerabilities" or 🔥 "30-Day Clean Streak", and a Contributor Leaderboard ranking developers by security performance in their PRs (fewest vulnerabilities introduced, or most fixes merged), using avatars already available from GitHub OAuth. Both would live under a new /dashboard/leaderboard page, reusing existing Prisma models for findings/audit data — happy to take this up if approved.