Description:
We need to create a periodic background job that fetches the latest project levels from the official OWASP source of truth:
🔗 project_levels.json

Instead of changing the project level locally, the job should identify non-compliant projects (i.e., projects whose locally stored level does not match the official level) and flag them so their score reflects this non-compliance.

Requirements:

• Schedule the job to run periodically (e.g., daily right after project sync job)

• Fetch and parse the project_levels.json file from the OWASP GitHub repository

• Compare the official level with the local level for each project

• Mark projects as non-compliant if the levels differ (a new boolean fields needs to be introduced)

• Update the score calculation formula to apply a penalty or other adjustment for non-compliance (a new weight needs to be introduced)

• Add tests to ensure that:

  • Data is fetched and parsed correctly
  • Non-compliance detection works as expected
  • Scores are adjusted correctly when non-compliance is detected

Acceptance Criteria:

• The job detects and logs any level mismatches between local data and the official OWASP file
• Non-compliant projects are clearly marked in the system
• Score calculation reflects non-compliance penalties
• Tests cover both detection and scoring adjustment logic

Are you going to work on implementing this?

• Yes
• No

Additional context

• https://github.com/OWASP/Nest/blob/main/backend/apps/owasp/models/project_health_metrics.py
• https://github.com/OWASP/Nest/blob/main/backend/apps/owasp/models/project_health_requirements.py