Sigrid workflow for managers
Telling whether you are going the right direction requires goalsetting. This comparison you can make with Sigrid Objectives (the specific non-functionals for code within Sigrid). These technical objectives should naturally be in line with business characteristics such as business criticality, a system’s lifecycle stage, or whether a system is web-exposed (“deployment type”). These can be set as metadata.
Given the overlap in business interests with Product Owners and architects, aligning with them will make you a more effective team, while for developers, objectives in Sigrid can help setting direction and should make their lives a bit easier.
Prioritizing improvement actions will depend on the input from all team members, but generally, security findings (system level have (and should) receive the highest urgency. This includes possible vulnerabilities in imported code on a system level (third party dependencies being scanned in Open Source Health). A portfolio view on security and Open Source Health tells you more about the general health of the landscape.