What this project is trying to achieve.

OSS Risk Radar is a thesis-led prototype for understanding maintenance fragility in open source dependencies without collapsing the evidence into a black-box verdict.

Inactivity risk

A triage-oriented estimate of maintenance fragility based on public repository activity, release rhythm, contributor depth, and backlog signals.

Provenance

Every analysis keeps the source of its signals visible so reviewers can trace what came from GitHub, Scorecard, uploads, or demo data.

Confidence

Confidence measures signal coverage, not certainty about the real world. Missing or stale data lowers it.

Training base

Completed analyses are converted into dependency snapshots so the ML pipeline can grow as more repositories are analyzed.

Decision support, not a trust score.

Public signals, not hidden judgments.

Research traceability, not vague claims.

Operational triage, not scanner-style noise.

Next click

Need the exact signals? Open Methodology. Need the model figures? Open ML Results. Need the live repository picture? Open Overview.