OWASP · arkid15r · Jun 18, 2025 · Jun 10, 2025 · Jun 10, 2025 · Jun 10, 2025
@@ -9,7 +9,9 @@
 from apps.github.graphql.nodes.release import ReleaseNode
 from apps.github.graphql.nodes.repository import RepositoryNode
 from apps.owasp.graphql.nodes.common import GenericEntityNode
+from apps.owasp.graphql.nodes.project_health_metrics import ProjectHealthMetricsNode
 from apps.owasp.models.project import Project
+from apps.owasp.models.project_health_metrics import ProjectHealthMetrics
 
 RECENT_ISSUES_LIMIT = 5
 RECENT_RELEASES_LIMIT = 5
@@ -34,6 +36,11 @@
 class ProjectNode(GenericEntityNode):
     """Project node."""
 
+    @strawberry.field
+    def health(self) -> list[ProjectHealthMetricsNode]:
+        """Resolve project health metrics."""
+        return ProjectHealthMetrics.objects.filter(project=self).order_by("-nest_created_at")
+
     @strawberry.field
     def issues_count(self) -> int:
         """Resolve issues count."""

@@ -0,0 +1,55 @@
+"""OWASP Project Health Metrics Node."""
+
+import strawberry
+import strawberry_django
+
+from apps.owasp.models.project_health_metrics import ProjectHealthMetrics
+
+
+@strawberry_django.type(
+    ProjectHealthMetrics,
+    fields=[
+        "contributors_count",
+        "forks_count",
+        "is_funding_requirements_compliant",
+        "is_leader_requirements_compliant",
+        "open_issues_count",
+        "recent_releases_count",
+        "score",
+        "stars_count",
+        "unanswered_issues_count",
+        "unassigned_issues_count",
+    ],
+)
+class ProjectHealthMetricsNode:
+    """Project health metrics node."""
+
+    @strawberry.field
+    def age_days(self) -> int:
+        """Resolve project age in days."""
+        return self.age_days
+
+    @strawberry.field
+    def last_commit_days(self) -> int:
+        """Resolve last commit age in days."""
+        return self.last_commit_days
+
+    @strawberry.field
+    def last_pull_request_days(self) -> int:
+        """Resolve last pull request age in days."""
+        return self.last_pull_request_days
+
+    @strawberry.field
+    def last_release_days(self) -> int:
+        """Resolve last release age in days."""
+        return self.last_release_days
+
+    @strawberry.field
+    def owasp_page_last_update_days(self) -> int:
+        """Resolve OWASP page last update age in days."""
+        return self.owasp_page_last_update_days
+
+    @strawberry.field
+    def project_name(self) -> str:
+        """Resolve project node."""
+        return self.project.name
-    @strawberry.field
-    def owasp_page_last_update_days(self) -> int:
-        """Resolve OWASP page last update age in days."""
-        return self.owasp_page_last_update_days
-
-    @strawberry.field
-    def project_name(self) -> str:
-        """Resolve project node."""
-        return self.project.name
+    @strawberry.field
+    def owasp_page_last_update_days(self) -> int:
+        """Resolve OWASP page last update age in days."""
+        return self.owasp_page_last_update_days
+
+    @strawberry.field
+    def project_name(self) -> str:
+        """Resolve project name."""
+        return self._root.project.name
-    @strawberry.field
-    def owasp_page_last_update_days(self) -> int:
-        """Resolve OWASP page last update age in days."""
-        return self.owasp_page_last_update_days
-
-    @strawberry.field
-    def project_name(self) -> str:
-        """Resolve project node."""
-        return self.project.name
+    @strawberry.field
+    def owasp_page_last_update_days(self) -> int:
+        """Resolve OWASP page last update age in days."""
+        return self.owasp_page_last_update_days
+
+    @strawberry.field
+    def project_name(self) -> str:
+        """Resolve project name."""
+        return self._root.project.name
diff --git a/backend/apps/owasp/graphql/queries/__init__.py b/backend/apps/owasp/graphql/queries/__init__.py
@@ -5,6 +5,7 @@
 from .event import EventQuery
 from .post import PostQuery
 from .project import ProjectQuery
+from .project_health_metrics import ProjectHealthMetricsQuery
 from .snapshot import SnapshotQuery
 from .sponsor import SponsorQuery
 from .stats import StatsQuery
@@ -16,6 +17,7 @@ class OwaspQuery(
     EventQuery,
     PostQuery,
     ProjectQuery,
+    ProjectHealthMetricsQuery,
     SnapshotQuery,
     SponsorQuery,
     StatsQuery,

diff --git a/backend/apps/owasp/graphql/queries/project_health_metrics.py b/backend/apps/owasp/graphql/queries/project_health_metrics.py
@@ -0,0 +1,82 @@
+"""OWASP Project Health Metrics Queries."""
+
+import strawberry
+
+from apps.owasp.graphql.nodes.project_health_metrics import ProjectHealthMetricsNode
+from apps.owasp.models.project_health_metrics import ProjectHealthMetrics
+
+# It is stated in issue #711
+CONTRIBUTORS_COUNT_REQUIREMENT = 2
+
+
+@strawberry.type
+class ProjectHealthMetricsQuery:
+    """Project health metrics queries."""
+
+    @strawberry.field
+    def unhealthy_projects(
+        self,
+        *,
+        is_contributors_requirement_compliant: bool | None = None,
+        is_funding_requirements_compliant: bool | None = None,
+        has_no_recent_commits: bool | None = None,
+        has_recent_releases: bool | None = None,
+        is_leader_requirements_compliant: bool | None = None,
+        limit: int = 20,
+        has_long_open_issues: bool | None = None,
+        has_long_unanswered_issues: bool | None = None,
+        has_long_unassigned_issues: bool | None = None,
+        # Because the default behavior is to return unhealthy projects with low scores,
+        # we set `low_score` to True by default.
+        # We may return projects with high scores to indicate issues that need attention,
+        # like a lack of contributors, recent commits, or otherwise.
+        # We set the default of other parameters to None,
+        # to allow retrieving all unhealthy projects without any filters.
+        has_low_score: bool = True,
+    ) -> list[ProjectHealthMetricsNode]:
+        """Resolve unhealthy projects."""
+        filters = {}
+
+        if has_recent_releases is not None:
+            if has_recent_releases:
+                filters["recent_releases_count__gt"] = 0
+            else:
+                filters["recent_releases_count"] = 0
+
+        if is_contributors_requirement_compliant is not None:
+            suffix = "__gte" if is_contributors_requirement_compliant else "__lt"
+            filters[f"contributors_count{suffix}"] = CONTRIBUTORS_COUNT_REQUIREMENT
+
+        if has_no_recent_commits is not None:
+            filters["has_no_recent_commits"] = has_no_recent_commits
+
+        if has_long_open_issues is not None:
+            filters["has_long_open_issues"] = has_long_open_issues
+
+        if has_long_unanswered_issues is not None:
+            filters["has_long_unanswered_issues"] = has_long_unanswered_issues
+
+        if has_long_unassigned_issues is not None:
+            filters["has_long_unassigned_issues"] = has_long_unassigned_issues
+
+        if is_leader_requirements_compliant is not None:
+            filters["is_leader_requirements_compliant"] = is_leader_requirements_compliant
+
+        if is_funding_requirements_compliant is not None:
+            filters["is_funding_requirements_compliant"] = is_funding_requirements_compliant
+
+        if has_low_score:
+            filters["score__lt"] = 50
+
+        # Get the last created metrics (one for each project)
+        queryset = (
+            ProjectHealthMetrics.objects.select_related("project")
+            .order_by("project__key", "-nest_created_at")
+            .distinct("project__key")
+        )
+
+        # Apply filters
+        if filters:
+            queryset = queryset.filter(**filters)
+
+        return queryset.select_related("project")[:limit]
diff --git a/backend/apps/owasp/management/commands/owasp_update_project_health_metrics.py b/backend/apps/owasp/management/commands/owasp_update_project_health_metrics.py
@@ -14,6 +14,7 @@ def handle(self, *args, **options):
             "contributors_count": "contributors_count",
             "created_at": "created_at",
             "forks_count": "forks_count",
+            "has_no_recent_commits": "has_no_recent_commits",
             "is_funding_requirements_compliant": "is_funding_requirements_compliant",
             "is_leader_requirements_compliant": "is_leader_requirements_compliant",
             "last_committed_at": "pushed_at",

@@ -32,6 +32,11 @@ def handle(self, *args, **options):
             "unassigned_issues_count": 6.0,
         }
 
+        boolean_mapping = {
+            "open_issues_count": "has_long_open_issues",
+            "unanswered_issues_count": "has_long_unanswered_issues",
+            "unassigned_issues_count": "has_long_unassigned_issues",
+        }
         project_health_metrics = []
         project_health_requirements = {
             phr.level: phr for phr in ProjectHealthRequirements.objects.all()
@@ -56,11 +61,21 @@ def handle(self, *args, **options):
             for field, weight in backward_fields.items():
                 if int(getattr(metric, field)) <= int(getattr(requirements, field)):
                     score += weight
+                elif field in boolean_mapping:
+                    setattr(metric, boolean_mapping[field], True)
 
             metric.score = score
             project_health_metrics.append(metric)
 
-        ProjectHealthMetrics.bulk_save(project_health_metrics, fields=["score"])
+        ProjectHealthMetrics.bulk_save(
+            project_health_metrics,
+            fields=[
+                "score",
+                "has_long_open_issues",
+                "has_long_unanswered_issues",
+                "has_long_unassigned_issues",
+            ],
+        )
         self.stdout.write(
             self.style.SUCCESS("Updated projects health metrics score successfully.")
         )
diff --git a/backend/apps/owasp/migrations/0038_projecthealthmetrics_has_long_open_issues_and_more.py b/backend/apps/owasp/migrations/0038_projecthealthmetrics_has_long_open_issues_and_more.py
@@ -0,0 +1,32 @@
+# Generated by Django 5.2.1 on 2025-06-11 15:55
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("owasp", "0037_alter_projecthealthmetrics_project"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="projecthealthmetrics",
+            name="has_long_open_issues",
+            field=models.BooleanField(default=False, verbose_name="Has long open issues"),
+        ),
+        migrations.AddField(
+            model_name="projecthealthmetrics",
+            name="has_long_unanswered_issues",
+            field=models.BooleanField(default=False, verbose_name="Has long unanswered issues"),
+        ),
+        migrations.AddField(
+            model_name="projecthealthmetrics",
+            name="has_long_unassigned_issues",
+            field=models.BooleanField(default=False, verbose_name="Has long unassigned issues"),
+        ),
+        migrations.AddField(
+            model_name="projecthealthmetrics",
+            name="has_no_recent_commits",
+            field=models.BooleanField(default=False, verbose_name="Has no recent commits"),
+        ),
+    ]
diff --git a/backend/apps/owasp/migrations/0041_merge_20250613_0336.py b/backend/apps/owasp/migrations/0041_merge_20250613_0336.py
@@ -0,0 +1,12 @@
+# Generated by Django 5.2.1 on 2025-06-13 03:36
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("owasp", "0038_projecthealthmetrics_has_long_open_issues_and_more"),
+        ("owasp", "0040_alter_projecthealthmetrics_is_leader_requirements_compliant"),
+    ]
+
+    operations = []
diff --git a/.../apps/owasp/migrations/0042_remove_projecthealthmetrics_has_no_recent_commits_and_more.py b/.../apps/owasp/migrations/0042_remove_projecthealthmetrics_has_no_recent_commits_and_more.py
@@ -0,0 +1,21 @@
+# Generated by Django 5.2.1 on 2025-06-13 05:54
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("owasp", "0041_merge_20250613_0336"),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name="projecthealthmetrics",
+            name="has_no_recent_commits",
+        ),
+        migrations.AddField(
+            model_name="projecthealthmetrics",
+            name="has_recent_commits",
+            field=models.BooleanField(default=False, verbose_name="Has recent commits"),
+        ),
+    ]
-    operations = [
-        migrations.RemoveField(
-            model_name="projecthealthmetrics",
-            name="has_no_recent_commits",
-        ),
-        migrations.AddField(
-            model_name="projecthealthmetrics",
-            name="has_recent_commits",
-            field=models.BooleanField(default=False, verbose_name="Has recent commits"),
-        ),
-    ]
+    operations = [
+        migrations.RenameField(
+            model_name="projecthealthmetrics",
+            old_name="has_no_recent_commits",
+            new_name="has_recent_commits",
+        ),
+        migrations.RunPython(
+            code=lambda apps, _: apps
+                .get_model("owasp", "ProjectHealthMetrics")
+                .objects
+                .update(has_recent_commits=models.F("has_recent_commits").bitwise_not()),
+            reverse_code=migrations.RunPython.noop,
+        ),
+    ]
-    operations = [
-        migrations.RemoveField(
-            model_name="projecthealthmetrics",
-            name="has_no_recent_commits",
-        ),
-        migrations.AddField(
-            model_name="projecthealthmetrics",
-            name="has_recent_commits",
-            field=models.BooleanField(default=False, verbose_name="Has recent commits"),
-        ),
-    ]
+    operations = [
+        migrations.RenameField(
+            model_name="projecthealthmetrics",
+            old_name="has_no_recent_commits",
+            new_name="has_recent_commits",
+        ),
+        migrations.RunPython(
+            code=lambda apps, _: apps
+                .get_model("owasp", "ProjectHealthMetrics")
+                .objects
+                .update(has_recent_commits=models.F("has_recent_commits").bitwise_not()),
+            reverse_code=migrations.RunPython.noop,
+        ),
+    ]
diff --git a/...end/apps/owasp/migrations/0043_remove_projecthealthmetrics_has_recent_commits_and_more.py b/...end/apps/owasp/migrations/0043_remove_projecthealthmetrics_has_recent_commits_and_more.py
@@ -0,0 +1,21 @@
+# Generated by Django 5.2.1 on 2025-06-13 07:44
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("owasp", "0042_remove_projecthealthmetrics_has_no_recent_commits_and_more"),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name="projecthealthmetrics",
+            name="has_recent_commits",
+        ),
+        migrations.AddField(
+            model_name="projecthealthmetrics",
+            name="has_no_recent_commits",
+            field=models.BooleanField(default=False, verbose_name="Has no recent commits"),
+        ),
+    ]
diff --git a/backend/apps/owasp/migrations/0044_merge_20250615_0346.py b/backend/apps/owasp/migrations/0044_merge_20250615_0346.py
@@ -0,0 +1,12 @@
+# Generated by Django 5.2.1 on 2025-06-15 03:46
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("owasp", "0042_alter_projecthealthmetrics_score"),
+        ("owasp", "0043_remove_projecthealthmetrics_has_recent_commits_and_more"),
+    ]
+
+    operations = []
diff --git a/backend/apps/owasp/models/project.py b/backend/apps/owasp/models/project.py
@@ -132,6 +132,12 @@ def __str__(self) -> str:
         """Project human readable representation."""
         return f"{self.name or self.key}"
 
+    @property
+    def has_no_recent_commits(self) -> bool:
+        """Indicate whether project has no recent commits."""
+        recent_period = timezone.now() - datetime.timedelta(days=60)
+        return self.pushed_at is None or self.pushed_at < recent_period or self.commits_count == 0
+
     @property
     def is_code_type(self) -> bool:
         """Indicate whether project has CODE type."""

diff --git a/backend/apps/owasp/models/project_health_metrics.py b/backend/apps/owasp/models/project_health_metrics.py
@@ -23,6 +23,18 @@ class Meta:
     contributors_count = models.PositiveIntegerField(verbose_name="Contributors", default=0)
     created_at = models.DateTimeField(verbose_name="Created at", blank=True, null=True)
     forks_count = models.PositiveIntegerField(verbose_name="Forks", default=0)
+
+    # The next boolean fields are used for filtering
+    has_no_recent_commits = models.BooleanField(
+        verbose_name="Has no recent commits", default=False
+    )
+    has_long_open_issues = models.BooleanField(verbose_name="Has long open issues", default=False)
+    has_long_unanswered_issues = models.BooleanField(
+        verbose_name="Has long unanswered issues", default=False
+    )
+    has_long_unassigned_issues = models.BooleanField(
+        verbose_name="Has long unassigned issues", default=False
+    )
     is_funding_requirements_compliant = models.BooleanField(
         verbose_name="Is funding requirements compliant", default=False
     )