Risk Assessment App v2.0.0

By Aaron Clark | August 16, 2023

Welcome! It’s with great excitement and long-awaited anticipation that I get to share some recent updates that have hit the {riskassessment} app’s GitHub repository earlier this month. If this is the first time you’ve heard or seen the application, I’d recommend starting with our README to gain some familiarity with the project, especially with installation instructions. However, (in a nut-shell) the app is a full-fledged R package that seeks augment the utility of the {riskmetric} package within an organizational context.

Latest features Recap

Most notably, the application has sustained the following improvements, in order from least exciting to most exciting:

  • Face lift to functionality & aesthetics of the 'Report Builder' & 'Database View'
  • Enhanced support to analyze dependencies
  • More org-level customization, including the use of a configuration file
  • admins can now to edit roles and privileges
  • All users can explore source contents of package

The feedback loop is crucial! All of these improvements started off as community-driven suggestions on our GitHub repo. If you have an idea that doesn’t already exist on the existing list of issues, submit a new issue today and it may become a reality tomorrow.

'Report Builder' Face Lift

This new release introducted a more holistic Report Builder! Allowing users to define what content shows up in the report. In addition, users can now compose a long form “Package Summary” to keep track of more pertinent items (perhaps non-{riskmetric} items) for a more rounded package review.

In the example below, see how users can quickly include/exclude specific elements in the summary report, plus edit the package summary in a real-time report preview. When satisfied, the user can download the report to HTML, DOCX, or PDF:

'Database View' Face Lift

More useful content to ingest!

  • A summary of uploaded packages
  • The package uploaded date
  • Decision-related columns including a time stamp & decision source
  • Quick & easy download options to Excel or CSV

Package Dependencies

Though {riskmetric} has supported the dependencies assessment for some time, the application didn’t do a great job of displaying this data until this release. Now, the user can see each package dependency which may or may not have a lower bound on it, plus the dependency type (Imports, Depends, LinkingTo, or Suggests). If the package dependency already exists in the {riskassessment} database, then it’s risk score is displayed. When the package hasn’t been uploaded yet, there are convenient buttons to help the user evaluate those packages.

Enhanced organization-level settings

The following features allow admins critical control over how prospective users within an organization perform their risk assessments. Most, if not all, can be edited in-app or via the config file! So, what’s new? You can now…

  • Add/edit user roles/privileges
  • Customize decision categories & colors
  • Toggle decision automation rules
  • Initialize metric weights

Below is an example configuration file that demonstrates our ability to togggle these settings. First, config athors can add as many roles as they want under credentials. From there, they can use the privileges tag to populate that role with unique privileges in the app. For a details on each privilege, please see our documentation site. These roles can then be assigned to specific users to manage who is involved with different parts of the review process.

Next, decisions is where users can define custom package categories in the application that correspond to their organization’s validation process. From there, you can automate decisions based on risk scores or even define a custom color to each decision category.

By default, all metric weights (that ultimately determine package risk scores) are set to 1, unless you override them here or in the app’s UI. This is a convenient way to incorporate your organizations priorities into the validation process for all users of the application. Use a zero (0) to remove a metric entirely.

Example config (YML) file:

  assessment_db: database.sqlite
  loggit_json: loggit.json
  credential_db: credentials.sqlite
      - admin
      - lead
      - reviewer
      - viewer
      admin: [admin, weight_adjust, auto_decision_adjust, final_decision, revert_decision, add_package, delete_package, overall_comment, general_comment]
      lead: [weight_adjust, auto_decision_adjust, final_decision, revert_decision, add_package, delete_package, overall_comment, general_comment]
      reviewer: [add_package, general_comment]
      - Low Risk
      - Medium Risk
      - High Risk
      Medium Risk:
        - .398
        - .639
      High Risk:
        - .639
        - 1
      Medium Risk: !expr grDevices::rgb(52, 235, 229, maxColorValue = 255)
    covr_coverage: 2
    has_vignettes: 0

Edit Roles & Privileges

Building on the configuration file, admin users can also manage who’s involved in the review process on the fly in the app. This is helpful so that the application doesn’t have to be re-deployed every time a new role needs creation. User authentication & role management is a major cornerstone of this application, which helps organizations adhere to their unique validation strategies.

Explore Package Source Code

Finally, if there were one major change to announce at this release that creates unique value for app users, it would be this: the app now offers the ability to browse package source code! This is huge news for those orgs with a more manual package review process. {riskmetric} metrics are great because they can serve up isolated assessments from the source code (and beyond), but sometimes you just need to dig deeper into a package’s contents, and that’s what his new module does.

Below, you can see the ‘FILE BROWSER’ which gives us a directory tree on the left hand side and a file preview on the right. Currently, it’s displaying a description file for the {tidyCDISC} package. There you can explore all the things you may care about, such as the license, maintainer, dependencies, etc. In addition, you can navigate to a specific function’s script in the R/ folder to review methodology. Even more importantly, you can browse through the author’s tests to evaluate testing coverage and robustness.

Thanks and call to action

That’s all for now. Thanks for reviewing the latest release details and we hope you find them useful.

Interested in supporting package development? We could always use extra help / feedback! Please consider one of the following options: