GitHub Metric
Engineering
Security Vulnerability Trends tracks the number, severity, and type of security vulnerabilities discovered across repositories over time. It encompasses Dependabot alerts, code scanning findings, and secret scanning detections. Improving trends indicate maturing security practices and proactive dependency management.
GitHubEngineeringSecurity Vulnerability Trends
Security Vulnerability Trends tracks the number, severity, and type of security vulnerabilities discovered across repositories over time. It encompasses Dependabot alerts, code scanning findings, and secret scanning detections. Improving trends indicate maturing security practices and proactive dependency management.
Why security vulnerability trends matters for GitHub users
A single snapshot of open vulnerabilities is less informative than the trend. Are new vulnerabilities being introduced faster than they are resolved? Is the severity mix shifting towards more critical findings? These trends reveal whether security investments are working.
For GitHub teams, correlating vulnerability trends with dependency update frequency and security alert resolution time creates a complete security posture picture. It also enables evidence-based decisions about when to prioritise security sprints.
Understand and act on security vulnerability trends with KPI Tree
Aggregate security alert data from GitHub into your warehouse and visualise trends by severity and type in KPI Tree. Link vulnerability trends to security alert resolution time and repository health in your metric tree.
Assign RACI ownership to the security or platform team and configure trend-based alerts when the open-vulnerability count increases over a rolling period.
Get started with your GitHub data
MCPPull metrics from GitHub directly through the Model Context Protocol.
Connect your existing warehouse where GitHub data already lands.
Our professional services team can build you turn-key AI foundations in a matter of weeks. Data warehouse on Snowflake/BigQuery, ELT with Fivetran, all modelled in dbt with a semantic layer.
Related GitHub metrics
Security Alert Resolution Time
EngineeringMetric Definition
Resolution Time = Alert Resolved Timestamp − Alert Created Timestamp
Security Alert Resolution Time measures the elapsed time from when a security alert (Dependabot, code scanning, or secret scanning) is opened to when it is resolved or dismissed in GitHub. It quantifies the organisation's responsiveness to known vulnerabilities and the effectiveness of its security remediation process.
Repository Health Score
EngineeringMetric Definition
Repository Health Score is a composite metric that evaluates key health indicators for a GitHub repository, including documentation completeness, test coverage, CI configuration, dependency freshness, branch protection rules, and recent maintenance activity. It provides a single number for comparing repository maturity across an organisation.
Technical Debt Accumulation
EngineeringMetric Definition
Technical Debt Accumulation measures the rate at which technical debt grows across a codebase, using proxies such as TODO/FIXME comment count, aged open issues labelled as tech-debt, increasing cyclomatic complexity, and dependency staleness. Rising accumulation signals that short-term trade-offs are compounding into long-term burden.
Code Quality Trend Analysis
EngineeringMetric Definition
Code Quality Trend Analysis aggregates signals such as linting violations, cyclomatic complexity, code duplication, and static-analysis findings over time. It provides a longitudinal view of code health across repositories. Consistent improvement indicates maturing engineering practices.
All GitHub metrics
Branch Lifecycle AnalysisBug Fix RateCode Churn RateCode Coverage TrendCode Quality Trend AnalysisCode Review Quality ScoreCode Review VelocityCommit FrequencyDeployment FrequencyDeveloper Contribution PatternsDeveloper Productivity ScoreDevOps Pipeline EfficiencyDiscussion Engagement RateFeature Development Cycle TimeIssue Resolution TimeLead Time for ChangesOpen Source Contribution AnalysisPull Request Approval RatePull Request Bottleneck AnalysisRelease VelocityRepository Health ScoreSecurity Alert Resolution TimeSprint Velocity TrackingTeam Collaboration IndexTechnical Debt AccumulationEmpower your team to understand and act on GitHub data
Map what drives your metrics, measure progress at any grain, prove what works statistically, and deliver personalised action plans to every team member.
