GitHub Feature: Dashboard Now Flags Inherited Security Risks from Transitive Dependencies

A new feature for a software dependency dashboard has been implemented to automatically surface hidden security vulnerabilities inherited through transitive dependencies. This change directly addresses a critical blind spot in software supply chain security, where risks from indirect, nested packages are often buried deep within dependency trees and require manual, tedious inspection to uncover. The system now proactively computes and displays these inherited vulnerabilities, shifting the burden from user investigation to automated, prominent alerting.

The feature, developed using the Cursor AI tool, works by having a `DashboardDataTransformer` walk each dependency tree to count CVEs by severity and track which direct packages are the source of the inherited risk. The user interface renders a top-level alert banner with severity indicators and buttons linking to affected packages. Critical and High severity metric cards now include sub-indicators for transitive vulnerabilities, and a dedicated filter toggle has been added to the table toolbar, integrated into the application's `FilterManager` for state persistence. An added navigation action allows users to click and be automatically scrolled to a problematic package's row with its transitive details tab opened.

This enhancement represents a significant step in operational security intelligence for developers and security teams. By aggregating and highlighting these inherited risks, the dashboard reduces the chance of critical vulnerabilities being overlooked in complex software projects. It applies pressure on development teams to scrutinize not just their direct dependencies but the entire software bill of materials, potentially prompting earlier remediation actions and influencing dependency management practices across the software development lifecycle.