linuxfoundation
diff --git a/‎frontend/app/components/modules/project/views/security.vue‎
Lines changed: 179 additions & 165 deletions b/‎frontend/app/components/modules/project/views/security.vue‎
Lines changed: 179 additions & 165 deletions
diff --git a/‎frontend/server/api/community/[slug].post.ts‎
Lines changed: 9 additions & 1 deletion b/‎frontend/server/api/community/[slug].post.ts‎
Lines changed: 9 additions & 1 deletion
@@ -3,190 +3,205 @@ Copyright (c) 2025 The Linux Foundation and each contributor.
 SPDX-License-Identifier: MIT
 -->
 <template>
-  <div class="container pt-4 md:pt-12">
-    <lfx-card class="pt-4 sm:pt-6">
-      <div class="px-4 sm:px-6 flex justify-between items-start pb-4 sm:pb-5 flex-wrap gap-2">
-        <div class="w-full sm:w-1/2 md:w-1/2">
-          <!-- Title -->
-          <div class="flex flex-col-reverse sm:flex-row items-start sm:items-center gap-2 sm:gap-4 pb-2">
-            <h1 class="text-heading-3 font-secondary font-bold">Controls assessment</h1>
-            <lfx-tag
-              variation="warning"
-              size="small"
-            >
-              Alpha version
-            </lfx-tag>
+  <div class="container pt-4 md:pt-12 flex md:gap-10 gap-5 md:flex-row flex-col-reverse">
+    <div class="md:w-3/4 w-full">
+      <lfx-card class="pt-4 sm:pt-6">
+        <div class="px-4 sm:px-6 flex justify-between items-start pb-4 sm:pb-5 flex-wrap gap-2">
+          <div class="w-full sm:w-1/2 md:w-1/2">
+            <!-- Title -->
+            <div class="flex flex-col-reverse sm:flex-row items-start sm:items-center gap-2 sm:gap-4 pb-2">
+              <h1 class="text-heading-3 font-secondary font-bold">Controls assessment</h1>
+              <lfx-tag
+                variation="warning"
+                size="small"
+              >
+                Alpha version
+              </lfx-tag>
+            </div>
+
+            <!-- Description -->
+            <p class="text-xs text-neutral-500">
+              Process of assessing a project's practices, policies, and technical measures against a set of predefined
+              standards to determine its security posture, reliability, and maturity.
+              <a
+                :href="links.securityScore"
+                class="text-brand-500"
+                target="_blank"
+                rel="noopener noreferrer"
+                >Learn more</a
+              >
+            </p>
           </div>
 
-          <!-- Description -->
-          <p class="text-xs text-neutral-500">
-            Process of assessing a project's practices, policies, and technical measures against a set of predefined
-            standards to determine its security posture, reliability, and maturity.
-            <a
-              :href="links.securityScore"
-              class="text-brand-500"
-              target="_blank"
-              rel="noopener noreferrer"
-              >Learn more</a
-            >
-          </p>
+          <a
+            href="https://revanite.io"
+            target="_blank"
+            rel="noopener noreferrer"
+            class="flex items-center justify-center px-2.5 py-1 border border-neutral-200 rounded-full"
+          >
+            <p class="text-neutral-500 text-xs mr-2">Powered by:</p>
+            <img
+              src="~/assets/images/revanite.svg"
+              alt="Revanite.io Logo"
+              class="h-5 w-5.5 mr-1.5"
+            />
+            <p class="text-neutral-900 text-xs">Revanite.io</p>
+          </a>
+          <!-- TODO: Enable when backend is ready -->
+          <!--          <lfx-button-->
+          <!--            type="tertiary"-->
+          <!--            size="small"-->
+          <!--            button-style="pill"-->
+          <!--            class="whitespace-nowrap"-->
+          <!--          >-->
+          <!--            <lfx-icon name="arrows-rotate-reverse" />-->
+          <!--            Update results-->
+          <!--          </lfx-button>-->
         </div>
 
-        <a
-          href="https://revanite.io"
-          target="_blank"
-          rel="noopener noreferrer"
-          class="flex items-center justify-center px-2.5 py-1 border border-neutral-200 rounded-full"
+        <!-- Disclaimer for aggregated view -->
+        <div
+          v-if="!isRepository"
+          class="px-6 py-3 bg-neutral-50 border-y border-neutral-100 flex items-center gap-1.5 rounded-b-lg"
         >
-          <p class="text-neutral-500 text-xs mr-2">Powered by:</p>
-          <img
-            src="~/assets/images/revanite.svg"
-            alt="Revanite.io Logo"
-            class="h-5 w-5.5 mr-1.5"
+          <lfx-icon
+            name="info-circle"
+            :size="14"
+            class="text-neutral-500"
           />
-          <p class="text-neutral-900 text-xs">Revanite.io</p>
-        </a>
-        <!-- TODO: Enable when backend is ready -->
-        <!--          <lfx-button-->
-        <!--            type="tertiary"-->
-        <!--            size="small"-->
-        <!--            button-style="pill"-->
-        <!--            class="whitespace-nowrap"-->
-        <!--          >-->
-        <!--            <lfx-icon name="arrows-rotate-reverse" />-->
-        <!--            Update results-->
-        <!--          </lfx-button>-->
-      </div>
+          <p class="text-body-2 text-neutral-500 font-semibold">
+            You’re viewing an aggregated score and controls assessment for the entire project. For a detailed analysis,
+            choose a specific repository.
+          </p>
+        </div>
+        <div class="px-4 sm:px-6 pt-1">
+          <!-- Show spinner when loading -->
+          <div
+            v-if="isFetching"
+            class="pt-5 border-t border-neutral-100"
+          >
+            <div class="flex flex-col items-center justify-center py-20">
+              <lfx-spinner
+                :size="40"
+                type="light"
+                class="text-neutral-300"
+              />
+              <p class="text-neutral-500 text-center text-body-1 pt-5">Loading controls assessment...</p>
+            </div>
+          </div>
 
-      <!-- Disclaimer for aggregated view -->
-      <div
-        v-if="!isRepository"
-        class="px-6 py-3 bg-neutral-50 border-y border-neutral-100 flex items-center gap-1.5 rounded-b-lg"
-      >
-        <lfx-icon
-          name="info-circle"
-          :size="14"
-          class="text-neutral-500"
-        />
-        <p class="text-body-2 text-neutral-500 font-semibold">
-          You’re viewing an aggregated score and controls assessment for the entire project. For a detailed analysis,
-          choose a specific repository.
-        </p>
-      </div>
-      <div class="px-4 sm:px-6 pt-1">
-        <!-- Show spinner when loading -->
-        <div
-          v-if="isFetching"
-          class="pt-5 border-t border-neutral-100"
-        >
-          <div class="flex flex-col items-center justify-center py-20">
-            <lfx-spinner
-              :size="40"
-              type="light"
-              class="text-neutral-300"
-            />
-            <p class="text-neutral-500 text-center text-body-1 pt-5">Loading controls assessment...</p>
+          <!-- show if all repos are archived -->
+          <lfx-empty-state
+            v-else-if="allArchived"
+            icon="archive"
+            :title="pluralize('Archived Repository', archivedRepos.length)"
+            description="Archived repositories are excluded from Health Score and Security & Best practices.
+                You can still access historical data of Contributors, Popularity, or Development metrics."
+          />
+
+          <!-- Show if no data available -->
+          <div
+            v-else-if="data?.length === 0 || error"
+            class="pt-5 border-t border-neutral-100"
+          >
+            <div class="flex flex-col items-center justify-center py-20">
+              <lfx-icon
+                name="eyes"
+                class="text-neutral-300"
+                :size="40"
+              />
+              <p class="text-neutral-500 text-center text-body-1 pt-5">
+                No data available to perform controls assessment
+              </p>
+            </div>
+          </div>
+          <div v-else>
+            <!-- Display checks -->
+            <lfx-accordion v-model="accordion">
+              <lfx-project-security-evaluation-section
+                v-for="(checks, title) in groupedData"
+                :key="title"
+                :name="title"
+                :checks="checks"
+                :tooltip="isRepository ? 'Category success rate' : 'Average category success rate of all repositories'"
+              >
+                <template v-if="isRepository">
+                  <template
+                    v-for="check in checks"
+                    :key="check.controlId"
+                  >
+                    <lfx-project-security-evaluation-assesment
+                      v-for="assessment in check.assessments"
+                      :key="assessment.requirementId"
+                      :assessment="assessment"
+                    />
+                  </template>
+                </template>
+                <template v-else>
+                  <lfx-project-security-paginated-eval-repos :group-checks="groupChecksByRepository(checks || [])" />
+                </template>
+              </lfx-project-security-evaluation-section>
+            </lfx-accordion>
           </div>
         </div>
+      </lfx-card>
 
-        <!-- show if all repos are archived -->
-        <lfx-empty-state
-          v-else-if="allArchived"
-          icon="archive"
-          :title="pluralize('Archived Repository', archivedRepos.length)"
-          description="Archived repositories are excluded from Health Score and Security & Best practices.
-              You can still access historical data of Contributors, Popularity, or Development metrics."
+      <div class="flex items-center justify-center mt-8">
+        <lfx-repos-exclusion-footer
+          v-if="hasSelectedArchivedRepos && !isFetching"
+          page-content="security"
         />
-
-        <!-- Show if no data available -->
+        <!-- Generate YAML and Update buttons -->
         <div
-          v-else-if="data?.length === 0 || error"
-          class="pt-5 border-t border-neutral-100"
+          v-if="!isFetching && data?.length && !allArchived"
+          class="flex items-center gap-2 px-1.5"
         >
-          <div class="flex flex-col items-center justify-center py-20">
+          <p
+            v-if="hasSelectedArchivedRepos && !isFetching"
+            class="text-neutral-500 text-xs font-semibold"
+          >
+            ・
+          </p>
+        </div>
+      </div>
+    </div>
+
+    <div class="md:w-1/4 w-full">
+      <lfx-card
+        class="p-5 bg-gradient-to-b from-brand-50 to-white to-30% flex flex-col justify-center items-start gap-5"
+      >
+        <div class="flex md:flex-col flex-row justify-center items-start gap-5">
+          <div class="relative inline-block">
             <lfx-icon
-              name="eyes"
-              class="text-neutral-300"
-              :size="40"
+              name="file"
+              :size="32"
+              class="text-brand-500"
             />
-            <p class="text-neutral-500 text-center text-body-1 pt-5">
-              No data available to perform controls assessment
+            <div
+              class="bg-brand-500 text-icon-label font-bold absolute bottom-0 w-[75%] py-0.5 text-white text-center ml-1"
+            >
+              YAML
+            </div>
+          </div>
+          <div class="flex flex-col gap-2">
+            <span class="text-sm font-semibold text-neutral-900">YAML security file</span>
+            <p class="text-xs text-neutral-600">
+              Generate a security metadata file to enable automated security assessments and provide clear contact
+              information of your GitHub repository.
             </p>
           </div>
         </div>
-        <div v-else>
-          <!-- Display checks -->
-          <lfx-accordion v-model="accordion">
-            <lfx-project-security-evaluation-section
-              v-for="(checks, title) in groupedData"
-              :key="title"
-              :name="title"
-              :checks="checks"
-              :tooltip="isRepository ? 'Category success rate' : 'Average category success rate of all repositories'"
-            >
-              <template v-if="isRepository">
-                <template
-                  v-for="check in checks"
-                  :key="check.controlId"
-                >
-                  <lfx-project-security-evaluation-assesment
-                    v-for="assessment in check.assessments"
-                    :key="assessment.requirementId"
-                    :assessment="assessment"
-                  />
-                </template>
-              </template>
-              <template v-else>
-                <lfx-project-security-paginated-eval-repos :group-checks="groupChecksByRepository(checks || [])" />
-              </template>
-            </lfx-project-security-evaluation-section>
-          </lfx-accordion>
-        </div>
-      </div>
-    </lfx-card>
 
-    <div class="flex items-center justify-center mt-8">
-      <lfx-repos-exclusion-footer
-        v-if="hasSelectedArchivedRepos && !isFetching"
-        page-content="security"
-      />
-      <!-- Generate YAML and Update buttons -->
-      <div
-        v-if="!isFetching && data?.length && !allArchived"
-        class="flex items-center gap-2 px-1.5"
-      >
-        <p
-          v-if="hasSelectedArchivedRepos && !isFetching"
-          class="text-neutral-500 text-xs font-semibold"
-        >
-          ・
-        </p>
-        <lfx-tooltip
-          v-if="!PROJECT_SECURITY_SERVICE.hasSecurityMdFile(data || [])"
-          placement="top"
+        <lfx-button
+          type="tertiary"
+          size="small"
+          button-style="pill"
+          class="flex justify-center w-full"
+          @click="handleGenerateYamlClick"
         >
-          <lfx-button
-            type="transparent"
-            size="small"
-            button-style="pill"
-            class="whitespace-nowrap !hidden lg:!flex"
-            @click="handleGenerateYamlClick"
-          >
-            <lfx-icon name="file-shield" />
-            Generate YAML file
-          </lfx-button>
-
-          <template #content>
-            <div class="flex flex-col gap-1 max-w-72">
-              <div class="font-semibold text-white text-xs">YAML Security specifications file</div>
-              <div class="text-neutral-300 text-xs">
-                Generate a YAML security file, upload it to your repository, and ensure we can run all security
-                assessments for your project.
-              </div>
-            </div>
-          </template>
-        </lfx-tooltip>
-      </div>
+          Generate YAML
+        </lfx-button>
+      </lfx-card>
     </div>
   </div>
   <lf-security-generate-yaml-modal
@@ -218,7 +233,6 @@ import LfxReposExclusionFooter from '~/components/shared/components/repos-exclus
 import LfxEmptyState from '~/components/shared/components/empty-state.vue';
 import LfxTag from '~/components/uikit/tag/tag.vue';
 import LfxButton from '~/components/uikit/button/button.vue';
-import LfxTooltip from '~/components/uikit/tooltip/tooltip.vue';
 import LfSecurityGenerateYamlModal from '~/components/modules/project/components/security/yaml/generate-yaml-modal.vue';
 import { SECURITY_API_SERVICE } from '~/components/modules/project/services/security.api.service';
 import { useQueryParam } from '~/components/shared/utils/query-param';
 
@@ -14,8 +14,16 @@ export default defineEventHandler(async (event): Promise<boolean | Error> => {
     return createError({ statusCode: 422, statusMessage: 'Invalid request' });
   }
 
+  const data = { ...body.data };
+  if (data.viewKeywords.length > 0 && !data.viewKeywords.includes(data.keyword)) {
+    const commonKeywords = data.keywords.filter((kw) => data.viewKeywords.includes(kw));
+    if (commonKeywords.length > 0) {
+      data.keyword = commonKeywords[0];
+    }
+  }
+
   await addDataToTinybirdDatasource('mentions', {
-    ...body.data,
+    ...data,
     projectSlug: slug,
   });
   return true;