Skip to content

Mapping Loi 05-20 ↔ ISO/IEC 27001:2022 #2819

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5,424 commits into
base: main
Choose a base branch
from
+794,397 −395,098
Open

Mapping Loi 05-20 ↔ ISO/IEC 27001:2022 #2819

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5424 commits
Select commit Hold shift + click to select a range
ab814c8
feat: check serializer data before scenario perform write method
Mohamed-Hacene Dec 23, 2024
4ba2b60
Add a tag for accepted risks (#1229)
Mohamed-Hacene Dec 23, 2024
355ff10
Leverage RBAC for global settings
nas-tabchiche Dec 23, 2024
bd8a7e9
Leverage RBAC for global settings (#1234)
Mohamed-Hacene Dec 23, 2024
a2583c4
hotfix: applied controls creation from risk scenario edit view (#1232)
nas-tabchiche Dec 23, 2024
0833b9c
Feat/disable steps ebios (#1236)
Mohamed-Hacene Dec 23, 2024
48ca9c0
feat: improve scenario name and description (#1240)
Mohamed-Hacene Dec 23, 2024
79072b7
Specify label for EBIOS RM tile links (#1235)
nas-tabchiche Dec 23, 2024
51c53f1
Add redirect URL to risk scenario edit form action (#1239)
nas-tabchiche Dec 23, 2024
a09e526
fix: strip on empty objects (#1242)
Mohamed-Hacene Dec 23, 2024
ecfe82b
Integrate new breadcrumbs with command palette (#1238)
nas-tabchiche Dec 23, 2024
677cf6a
Fill EBIOS RM study summary tile (#1243)
nas-tabchiche Dec 23, 2024
b2bd004
Run invalidateAll on EBIOS RM workshop state change (#1237)
nas-tabchiche Dec 23, 2024
873e064
impact graph (#1231)
ab-smith Dec 24, 2024
7ef0832
Add Standards for Safeguarding Customer Information by the Federal Tr…
ImanABS Dec 24, 2024
50d6b43
feat: disable pointer events on sidebar when closed (#1241)
Axxiar Dec 24, 2024
067575f
Update README.md (#1244)
eric-intuitem Dec 24, 2024
5b0e6fa
Rename threat columns to plural threats
nas-tabchiche Dec 24, 2024
4a66714
Order risk scenarios by ref_id in risk assessment PDF export
nas-tabchiche Dec 24, 2024
c775968
Fix display issue on unassessed scenarios
nas-tabchiche Dec 24, 2024
127f1c9
chore: ruff format
nas-tabchiche Dec 24, 2024
5dc2620
CA 733 properly sort items in risk assessment pdf export (#1246)
Mohamed-Hacene Dec 24, 2024
ca2b4d8
Rename uploaded artifacts in GitHub actions
nas-tabchiche Dec 24, 2024
b8cd83a
Merge branch 'main' into CA-661-git-hub-actions-find-better-names-for…
nas-tabchiche Dec 24, 2024
2f3b693
Fix flash mode and table mode shortcuts interfering with inputs (#1250)
nas-tabchiche Dec 24, 2024
24cb967
Feat/add ebios help texts (#1249)
Mohamed-Hacene Dec 24, 2024
4affdec
add non-root user to frontend and backend containers (#1228)
eric-intuitem Dec 25, 2024
67a3287
Internationalize CSF functions and add french translation (#1252)
nas-tabchiche Dec 25, 2024
a3befc3
Add page title to library detail
nas-tabchiche Dec 25, 2024
90b923f
Add page title to experimental
nas-tabchiche Dec 25, 2024
c65c877
read all navdata for now
ab-smith Dec 25, 2024
2e307b4
Fix keyboard shortcuts
ab-smith Dec 25, 2024
cf00d7d
ebios stakeholders radar (#1251)
ab-smith Dec 25, 2024
cc6dfa5
extra links palette and kbr shortcuts (#1254)
ab-smith Dec 25, 2024
3dc1d84
Rename uploaded artifacts in GitHub actions (#1247)
Mohamed-Hacene Dec 26, 2024
90d2d8f
Merge branch 'main' into hotfix/navigation-base-page-title
nas-tabchiche Dec 26, 2024
ba3cdb6
feat: add ecosystem radar to ebios study
Mohamed-Hacene Dec 26, 2024
fc4bb86
style: use ebios support colors
Mohamed-Hacene Dec 26, 2024
3f9201d
feat: filter stakeholders in study ecosystem chart
Mohamed-Hacene Dec 26, 2024
863ce60
chore: format
Mohamed-Hacene Dec 26, 2024
2603ab7
better ui on experimental tab on click (#1260)
melinoix Dec 26, 2024
590eb51
feat: redirect to last risk analysis in ebios workshop 5 (#1256)
Mohamed-Hacene Dec 26, 2024
e3bdd8c
back to the official colors
ab-smith Dec 26, 2024
4b7d5d2
Add eco radar ebios study (#1261)
ab-smith Dec 26, 2024
1000f89
[PRO] priority review matrix (#1255)
ab-smith Dec 26, 2024
4b7e5bd
add audit table progress (#1264)
ab-smith Dec 26, 2024
4d49cf8
Keep lines breaks on Flash mode and improve readibility (#1263)
ab-smith Dec 27, 2024
b4cd6ad
Refactor and update deps
ab-smith Dec 27, 2024
5c21be5
Align more files
ab-smith Dec 27, 2024
0f37f5c
Fix evidence management in applied control detail (#1265)
nas-tabchiche Dec 27, 2024
5feeeb0
Sanitize branch name before generating uploaded artifact file name (#…
nas-tabchiche Dec 27, 2024
4a3a2fb
Merge branch 'main' into hotfix/navigation-base-page-title
ab-smith Dec 27, 2024
1af2a58
Bump jinja2 from 3.1.4 to 3.1.5 in /backend (#1257)
dependabot[bot] Dec 27, 2024
37dadf3
feat: put question mode by default only for third party user (#1267)
Mohamed-Hacene Dec 27, 2024
0c5812d
hotfix: gravity/likelihood display when no hexcolor (#1268)
Mohamed-Hacene Dec 27, 2024
cb7c6f2
fix: add dynamically controls in scenario
Mohamed-Hacene Dec 27, 2024
edfbc87
fix: reload stakeholder edit page after control creation
Mohamed-Hacene Dec 27, 2024
1a3093f
fix warning placeholder
ab-smith Dec 27, 2024
120596b
Restructure navigation and expose new insights
ab-smith Dec 27, 2024
6121c22
formatting EE
ab-smith Dec 27, 2024
da01a30
chore: format front
Mohamed-Hacene Dec 27, 2024
d8f1e13
fix: remove ending slashes in nav data href
Mohamed-Hacene Dec 27, 2024
d0ccdde
explicit values for now
ab-smith Dec 27, 2024
05d0b8d
Feat/add controls dynamically stakeholders scenarios (#1269)
ab-smith Dec 27, 2024
ae6d5a8
enterprise fixes (#1270)
ab-smith Dec 27, 2024
9f33697
ebios: add more qualifications to Feared events (#1271)
Mohamed-Hacene Dec 27, 2024
5f3942f
Refactor and update CI deps (#1266)
Mohamed-Hacene Dec 27, 2024
fb150f6
Add Mapping from Adobe CCF v5 to ISO 27001: 2022 (#1248)
ImanABS Dec 28, 2024
a373fef
fix: $value calculated onMount in autocomplete select (#1272)
Mohamed-Hacene Dec 28, 2024
4238e0f
Increase wait time for initialisation to cover slow devices
ab-smith Dec 29, 2024
9906654
Increase wait time for initialisation to cover slow devices (#1274)
ab-smith Dec 29, 2024
435ea91
increase wait during initialization
ab-smith Dec 29, 2024
8301cd9
increase wait during initialization (#1276)
ab-smith Dec 29, 2024
8f64a1f
Revert non-root docker user until further rework
ab-smith Dec 30, 2024
eaf175e
Revert non-root docker user until further rework (#1277)
ab-smith Dec 30, 2024
4dbe879
Alter Professional to Competitor
ab-smith Dec 30, 2024
ab605c3
Update data-model.md
eric-intuitem Dec 30, 2024
d7e1948
chore: remove unused translations
Mohamed-Hacene Dec 30, 2024
d1416f8
Ebios: Alter Professional to Competitor (#1279)
Mohamed-Hacene Dec 30, 2024
7d6bea3
Specify internationalisation strategy (#1281)
Mohamed-Hacene Dec 30, 2024
86b3a87
hotfix: handle ro to translation in detail view (#1282)
Mohamed-Hacene Dec 30, 2024
c6ffcd6
feat: update roles with ebios permissions (#1280)
Mohamed-Hacene Dec 30, 2024
6c9229e
hotfix: remove ebios-rm table edit button (#1283)
Mohamed-Hacene Dec 30, 2024
8cccab1
minor translation fix (#1284)
ab-smith Dec 30, 2024
1bafaec
Remove obsolete workaround
nas-tabchiche Dec 31, 2024
ab97e07
chore: Remove dead code
nas-tabchiche Dec 31, 2024
dff178c
Merge branch 'main' into hotfix/navigation-base-page-title
nas-tabchiche Dec 31, 2024
b1a4df9
Fix applied control create form error handling in risk scenario updat…
nas-tabchiche Dec 31, 2024
a3c01db
Fix functional tests workflow name
nas-tabchiche Dec 31, 2024
2574487
Move back getPageTitle call to reactive statement
nas-tabchiche Dec 31, 2024
6641b21
Require stakeholder category field (#1288)
nas-tabchiche Dec 31, 2024
f7477ea
Add related objects to the applied control detail view
monsieurswag Dec 31, 2024
de9e21e
Add Spanish translation of DORA (dora.xlsx) (#1290)
thidalgosalvador Dec 31, 2024
17cdee2
Create YAML for DORA Spanish translation provided by thidalgosalvador…
eric-intuitem Dec 31, 2024
7c8ed3b
Add Spanish translation NIS2 Annex 2024/2690 (#1293)
thidalgosalvador Jan 1, 2025
68e65b4
Enabler for Indonesian translation - note: paraglide uses IETF BCP 47
ab-smith Jan 1, 2025
cb46a23
Language file
ab-smith Jan 1, 2025
3712185
Fix czech code
ab-smith Jan 1, 2025
682daac
Clean up
ab-smith Jan 1, 2025
12cffc0
Indonesian translation (#1295)
ab-smith Jan 1, 2025
bc2f9a5
Update README.md
ab-smith Jan 1, 2025
3f16a53
Add OWASP's checklist for LLM governance (#1292)
ab-smith Jan 1, 2025
d487d2e
Update README.md
ab-smith Jan 1, 2025
eb5ac43
Update features illustration
ab-smith Jan 1, 2025
c52fb0b
Support question-only requirements
monsieurswag Jan 2, 2025
6d35b29
Fix filter popup closing when clicking bug
monsieurswag Jan 3, 2025
747e965
Doing a dedicated PR for this would be stupid
monsieurswag Jan 3, 2025
1fd9902
Fix typo on README.md (#1305)
za Jan 3, 2025
3288ac1
Prevent assigning parent assets to primary assets (#1302)
nas-tabchiche Jan 3, 2025
df8b758
Fix functional tests workflow name (#1287)
Mohamed-Hacene Jan 3, 2025
4b59814
Add related objects to the applied control detail view (#1289)
Mohamed-Hacene Jan 3, 2025
32e2f4e
Hotfix/navigation base page title (#1259)
Mohamed-Hacene Jan 3, 2025
670be9f
Fix error handling on nested create modals (#1286)
Mohamed-Hacene Jan 3, 2025
c2bc28b
chore: remove comment
Mohamed-Hacene Jan 3, 2025
1d47630
Ca 746 clicking on the box of the filter closes it it should only clo…
Mohamed-Hacene Jan 3, 2025
b5ca4c7
Spanish translation for NIS2 2024/2690 annex (#1294)
ab-smith Jan 3, 2025
ca209d5
Sort security objectives and disaster recovery objectives based on de…
nas-tabchiche Jan 3, 2025
8e4ea59
Sort security objectives and disaster recovery objectives based on de…
Mohamed-Hacene Jan 3, 2025
1182436
hotfix: check urn before importing dependencies (#1300)
Mohamed-Hacene Jan 3, 2025
4e3ca74
Revert "hotfix: check urn before importing dependencies" (#1307)
ab-smith Jan 3, 2025
1edbaf0
NIS2 Translation to Spanish (#1303)
thidalgosalvador Jan 3, 2025
049f83f
Hotfix/deprecated urn stored library (#1308)
ab-smith Jan 3, 2025
351b98f
create superuser after library creations (#1310)
eric-intuitem Jan 4, 2025
ae089eb
NIS2 Spanish translation yaml (#1309)
ab-smith Jan 4, 2025
9823770
Update README.md
ab-smith Jan 4, 2025
f11371c
Update README.md
ab-smith Jan 5, 2025
b2760bf
Fix severity and likelihood display when no hexcolor is defined in Ri…
nas-tabchiche Jan 6, 2025
dc095b3
Add applied_controls to RequirementAssessmentViewSet.filterset_fields
nas-tabchiche Jan 6, 2025
72cd9da
Add applied_controls to StakeholderViewSet.filterset_fields
nas-tabchiche Jan 6, 2025
77e3cd9
Add applied_controls to VulnerabilityViewSet.filterset_fields
nas-tabchiche Jan 6, 2025
e97d49a
Only display linked evidence in applied control detail
nas-tabchiche Jan 6, 2025
1468aa4
chore: ruff format
nas-tabchiche Jan 6, 2025
f461258
Fix filtering and display of linked objects in applied control detail…
nas-tabchiche Jan 6, 2025
d16acfb
Cap criticality to 16 in StakeholderSchema (#1315)
nas-tabchiche Jan 6, 2025
27761a3
Add score in table mode
monsieurswag Jan 6, 2025
ef63e51
Include search params in edit next URL when coming from list
nas-tabchiche Jan 6, 2025
10ece5b
Fix error when analyst creates asset (#1322)
eric-intuitem Jan 7, 2025
93dab82
Align production docker compose with regular compose and remove DEBUG…
nas-tabchiche Jan 7, 2025
db55940
Fix question not being displayed in framework and libary detail views
monsieurswag Jan 7, 2025
c5fb71b
Set framework page title to framework name
nas-tabchiche Jan 7, 2025
8c80046
Update trimBreadcrumbsToCurrentPath predicates
nas-tabchiche Jan 7, 2025
6d86023
Support question-only requirements (#1297)
monsieurswag Jan 7, 2025
0defb38
Make the score component take the full width of the treeview item
monsieurswag Jan 7, 2025
d07e9cd
feat: add back to audit button in table mode
Mohamed-Hacene Jan 7, 2025
fa59dbf
chore: format
Mohamed-Hacene Jan 7, 2025
e1d9807
Include search params in edit next URL when coming from list (#1318)
Mohamed-Hacene Jan 7, 2025
f64220c
Merge branch 'main' into hotfix/framework-detail-page-title
nas-tabchiche Jan 7, 2025
1ac048e
Fix severity and likelihood display when no hexcolor is defined in Ri…
Mohamed-Hacene Jan 7, 2025
d67956b
Add score in table mode (#1317)
Mohamed-Hacene Jan 7, 2025
d590179
Set framework page title to framework name (#1323)
Mohamed-Hacene Jan 7, 2025
3077d1a
Use node LTS in CI (#1338)
nas-tabchiche Jan 8, 2025
6ec88c7
Fallback to 0 on security objective value retrieval (#1331)
nas-tabchiche Jan 8, 2025
ec8b5d0
Update cs.json (#1325)
rzivny Jan 8, 2025
1d69b53
Apply filters on catalog import for matrices and mapping (#1335)
ab-smith Jan 8, 2025
3eea302
Added French translation of OWASP ASVS 4.0.3 (#1327)
h-4-t Jan 8, 2025
8652818
Format backend code base and pin ruff's version to 0.9.0 in CI (#1346)
ab-smith Jan 9, 2025
d13fe25
Hotfix: inlang build (#1347)
nas-tabchiche Jan 10, 2025
f94facf
The value 4 should not be allowed in the security_objectives_display …
gbyx3 Jan 10, 2025
a2602dc
Align left table mode answers (#1348)
Mohamed-Hacene Jan 10, 2025
20be244
Periodic upgrades (#1312)
ab-smith Jan 10, 2025
9753e73
Fix observation and score copying during the mapping process (#1298)
monsieurswag Jan 10, 2025
94da01b
Sort remediation plan scenarios by ref id (#1350)
nas-tabchiche Jan 10, 2025
b13b6e1
Add date of publication to a library (#1273)
monsieurswag Jan 10, 2025
5ce9b0d
SOC2 v2017 with rev.2022 and Spanish translation (#1328)
thidalgosalvador Jan 10, 2025
ff4a69a
chore: remove useless migrate done by startup.sh (#1349)
Mohamed-Hacene Jan 10, 2025
18491e1
DORA CZ (#1345)
rzivny Jan 11, 2025
9b9c349
Fix Czech translations (#1351)
eric-intuitem Jan 11, 2025
6db2bb5
Clean CRA (#1336)
eric-intuitem Jan 11, 2025
3b8709c
soc2 rev 2022 as a separate library (#1352)
ab-smith Jan 11, 2025
e2cb70b
change title for SOC2 2017 revision 2022 (#1353)
eric-intuitem Jan 11, 2025
810b92a
Cap asset security objective max value to 3 (#1344)
nas-tabchiche Jan 11, 2025
d9cbf97
Specify database dump format (#1354)
nas-tabchiche Jan 13, 2025
4a9cf29
Add documentation score (#1339)
monsieurswag Jan 13, 2025
4580897
fix: lang choice persistence and menu flicker (#1359)
ab-smith Jan 14, 2025
29fa344
typos (#1363)
eric-intuitem Jan 16, 2025
7a0f8f6
hotfix: add domain column in evidences table for filtering (#1366)
Mohamed-Hacene Jan 16, 2025
780a765
Update backend (#1367)
ab-smith Jan 16, 2025
9b74963
Remove Business Value field from Assets to avoid confusion with descr…
ab-smith Jan 16, 2025
79c4ea1
fix labels translation on dashboard's stackedbar (#1369)
ab-smith Jan 17, 2025
eba051b
fix broken pdf when exporting risk analysis and the associated action…
ab-smith Jan 17, 2025
959f097
Update django version (#1374)
ab-smith Jan 17, 2025
c140e1f
Fix broken link for existing controls on Risk assessment (#1373)
ab-smith Jan 17, 2025
5353ebc
export/import domain capabilities (#1376)
eric-intuitem Jan 18, 2025
ad577ad
Guided tour: first iteration (#1333)
ab-smith Jan 18, 2025
72ccfec
ENS version with evaluable reinforcements in each security measure (#…
thidalgosalvador Jan 18, 2025
6c62550
Update Esquema Nacional de Seguridad (ENS) (#1378)
eric-intuitem Jan 19, 2025
3dc15d9
ANSSI : Recommandations pour les arch SI sensibles ou DR (#1381)
ab-smith Jan 20, 2025
0e7df2a
Add is_third_party column in user list (#1386)
melinoix Jan 20, 2025
3dc50a1
Translate CCB in French and define score definition for documentation…
eric-intuitem Jan 20, 2025
4a0463e
Update README.md
ab-smith Jan 20, 2025
9380fa7
Base for word report i18n and split completion from maturity (#1385)
ab-smith Jan 20, 2025
25269f7
Update .pre-commit-config.yaml
ab-smith Jan 20, 2025
eb2c294
build: new production ready helm chart (#1224)
Nathanael-Mtd Jan 22, 2025
cf49b40
feat(lang): add credentials warning when importing a backup (#1387)
melinoix Jan 22, 2025
59a651b
fix: deactivate score after scoring for not applicable requirement as…
melinoix Jan 22, 2025
5d0a017
feat: add cyclic check on parent_folder (#1388)
Mohamed-Hacene Jan 22, 2025
2e33291
fix: clean client warnings on audit pages (#1399)
Mohamed-Hacene Jan 22, 2025
4f87b0d
docs: convential commits spec (#1405)
ab-smith Jan 22, 2025
b9b60ec
feat: display a count of "updatable" loaded libraries and allow their…
Mohamed-Hacene Jan 22, 2025
2f1badb
feat: add csv export for assets (#1392)
ab-smith Jan 22, 2025
7acf337
fix: improve ebios radar for colliding points (#1403)
ab-smith Jan 22, 2025
57177b7
feat(lib): mitre d3fend (#1394)
eric-intuitem Jan 23, 2025
604b405
fix: audit progress takes into account selected implementation groups…
nas-tabchiche Jan 23, 2025
2b78b69
fix: eager set cast of possibly None implementation_groups field (#1410)
nas-tabchiche Jan 23, 2025
4e1e6bf
Matplotlib experiment (#1412)
ab-smith Jan 23, 2025
dfe1d58
matplotlib experiment (#1413)
ab-smith Jan 23, 2025
6990f18
matplotlib experiment2 (#1414)
ab-smith Jan 23, 2025
14454ae
build dependencies
ab-smith Jan 23, 2025
fe8dc70
remove explicit arm64/v8 and let it be infered
ab-smith Jan 23, 2025
c01d2e9
feat(ui): Add matrix reference in ebios RM study (#1411)
Axxiar Jan 24, 2025
6b0fb66
feat: show guided tour on first connection (#1404)
nas-tabchiche Jan 24, 2025
3504e24
fix: proper association of newly created foreign object inside an upd…
nas-tabchiche Jan 24, 2025
362f633
docs: domain import/export specification (#1361)
eric-intuitem Jan 24, 2025
7f732ac
feat: allow automatic loading of required libraries when performing a…
Mohamed-Hacene Jan 24, 2025
c681577
build: switch backend base image to slim - part 1 (#1416)
ab-smith Jan 24, 2025
1b42c1e
feat: parametric ebios rm radar (#1379)
ab-smith Jan 24, 2025
834dcad
ci: switch dummy builder to arm runner (#1419)
ab-smith Jan 24, 2025
f5bb029
Update EE backend dockerfile (#1420)
ab-smith Jan 24, 2025
0babd1b
feat(ui): aggregate risk scenarios in risk matrix to avoid bloating (…
Axxiar Jan 24, 2025
5016c7b
feat(ui): guided tour styling for better readibility (#1423)
ab-smith Jan 25, 2025
b8713c9
fix: risk acceptance permission overrides (#1417)
nas-tabchiche Jan 26, 2025
1ec5a30
perf: multiple optimizations for gunicorn and expose pg's CONN_MAX_AG…
ab-smith Jan 26, 2025
9383b2f
docs: update convential commits spec (#1425)
ab-smith Jan 26, 2025
adcb8d3
fix: manage word export when IG name is a number (#1426)
eric-intuitem Jan 26, 2025
60f7e9c
fix: project creation inside domain detail (#1427)
nas-tabchiche Jan 27, 2025
20b2c96
docs: document PUBLIC_API_EXPOSED_URL (#1429)
eric-intuitem Jan 27, 2025
8e2fd1f
fix: autocomplete arraysEqual leading to loops (#1433)
nas-tabchiche Jan 27, 2025
4d4670a
feat: task runner enabler with huey (#1422)
ab-smith Jan 27, 2025
ee4e812
feat(ui): small optimizations of library presentation headers (#1430)
krismas Jan 27, 2025
1130357
refactor: fixup for code formatting (#1435)
ab-smith Jan 27, 2025
5af0a26
feat: extra settings to enable mail notifications and matrix aggregat…
ab-smith Jan 27, 2025
e2e4b9c
fix: enforce permissions for domain import (#1400)
nas-tabchiche Jan 28, 2025
9dd846b
perf: improve audit creation time with bulk mode (#1437)
ab-smith Jan 28, 2025
625e07b
feat(lib): add library for BSI elementary threats (german and english…
Patrick-PDV Jan 28, 2025
10c950f
perf: improve query for threats radar (#1441)
ab-smith Jan 28, 2025
bb7c019
refactor!: move compliance overview to a dedicated recap page (#1444)
ab-smith Jan 28, 2025
73570ee
feat: add a filter on current and residual risk levels on risk scenar…
Axxiar Jan 28, 2025
4a867cf
feat: expose extra env variables for more flexible infra tuning (#1445)
ab-smith Jan 28, 2025
f02055e
feat: progressive loading of Analytics page (#1447)
ab-smith Jan 28, 2025
5333e14
fix: align ee settings to include huey (#1448)
ab-smith Jan 29, 2025
e752c7d
Update README.md
ab-smith Jan 30, 2025
d37a5c1
feat: improve domain import error handling (#1432)
Mohamed-Hacene Jan 30, 2025
b3c334d
feat: add a progress field on applied controls (#1443)
melinoix Jan 30, 2025
8f8edf1
fix: diffentiate cell's tooltips using matrixName (#1453)
Axxiar Jan 30, 2025
64d591a
Increase limit_request_line param for gunicorn for SSO. (#1454)
AisukoHakumei Jan 30, 2025
255af83
Update README.md
ab-smith Jan 30, 2025
cb71785
fix: suggest applied controls on audit creation (#1458)
nas-tabchiche Jan 31, 2025
9933fdc
fix: regression on implementation group selection (#1457)
nas-tabchiche Jan 31, 2025
3b77b6b
fix: form consistency for stakeholder as a mandatory field (#1451)
melinoix Jan 31, 2025
0fc90e0
Ajout du mapping Loi 05-20 ↔ ISO/IEC 27001:2022
Qnadia Nov 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
The diff you're trying to view is too large. We only load the first 3000 changed files.
4 changes: 3 additions & 1 deletion .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
*.pyc
*.DS_Store
*~$*
**/*.mo
.git*
.pytest*
.idea*
venv/
env/
**/node_modules/
16 changes: 16 additions & 0 deletions .eslintrc.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{
"rules": {
"@typescript-eslint/no-unused-vars": [
"error",
{
"args": "all",
"argsIgnorePattern": "^_",
"caughtErrors": "all",
"caughtErrorsIgnorePattern": "^_",
"destructuredArrayIgnorePattern": "^_",
"varsIgnorePattern": "^_",
"ignoreRestSiblings": true
}
]
}
}
Comment on lines +1 to +16
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Critical: Invalid file format - JSON content in .js file.

The file has a .js extension but contains pure JSON syntax, which is invalid JavaScript. ESLint will fail to load this configuration file.

Two solutions:

  1. Rename to .eslintrc.json (simpler):
git mv .eslintrc.js .eslintrc.json
  1. Convert to JavaScript module format:
-{
-    "rules": {
-      "@typescript-eslint/no-unused-vars": [
-        "error",
-        {
-          "args": "all",
-          "argsIgnorePattern": "^_",
-          "caughtErrors": "all",
-          "caughtErrorsIgnorePattern": "^_",
-          "destructuredArrayIgnorePattern": "^_",
-          "varsIgnorePattern": "^_",
-          "ignoreRestSiblings": true
-        }
-      ]
-    }
-  }
+module.exports = {
+  rules: {
+    "@typescript-eslint/no-unused-vars": [
+      "error",
+      {
+        args: "all",
+        argsIgnorePattern: "^_",
+        caughtErrors: "all",
+        caughtErrorsIgnorePattern: "^_",
+        destructuredArrayIgnorePattern: "^_",
+        varsIgnorePattern: "^_",
+        ignoreRestSiblings: true
+      }
+    ]
+  }
+};

The Biome static analysis errors confirm this issue.

Additional concern: The PR objectives describe adding a YAML mapping file for Loi 05-20 ↔ ISO/IEC 27001:2022 compliance, but this file is an ESLint configuration. Please verify this is the intended file for this PR.

🧰 Tools
🪛 Biome (2.1.2)

[error] 2-2: Expected a semicolon or an implicit semicolon after a statement, but found none

An explicit or implicit semicolon is expected here...

...Which is required to end this statement

(parse)

[error] 3-3: Expected a semicolon or an implicit semicolon after a statement, but found none

An explicit or implicit semicolon is expected here...

...Which is required to end this statement

(parse)

[error] 6-6: Expected a semicolon or an implicit semicolon after a statement, but found none

An explicit or implicit semicolon is expected here...

...Which is required to end this statement

(parse)

[error] 14-14: Expected a statement but instead found ']'.

Expected a statement here.

(parse)

🤖 Prompt for AI Agents 
.eslintrc.js around lines 1-16: The file is named .js but contains pure JSON
which is invalid JS and prevents ESLint from loading; either rename the file to
.eslintrc.json (git mv .eslintrc.js .eslintrc.json) or convert its contents into
a valid JS module (export default { rules: { ... } } or module.exports = {
rules: { ... } }); after fixing, run the linter to confirm no load errors and
verify this change matches the PR intent (ensure you actually meant to add an
ESLint config and not the YAML mapping file for Loi 05-20 ↔ ISO/IEC 27001:2022).

23 changes: 23 additions & 0 deletions .github/ISSUE_TEMPLATE/feature_request.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
---
name: Feature Request
about: Suggestions for new features and improvements
title: ""
labels: "question"
assignees: ""
---

**Problem statement**
I want to be able to do X, but the current implementation only allows for Y.

**Expected behavior**

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

**Mock**
If applicable, add screenshots to help explain the expectation.

**Additional context**
Add any other context about the problem here.
Comment on lines +9 to +23
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Use markdown headings instead of bold emphasis for section headers.

Lines 9, 12, 19, and 22 use bold emphasis (**...**) for section headers. For proper document structure and accessibility, these should be converted to markdown headings using # or ## syntax.

Apply this diff to use proper markdown headings:

-**Problem statement**
+## Problem statement
 I want to be able to do X, but the current implementation only allows for Y.
 
-**Expected behavior**
+## Expected behavior
 
 1. Go to '...'
 2. Click on '....'
 3. Scroll down to '....'
 4. See error
 
-**Mock**
+## Mock
 If applicable, add screenshots to help explain the expectation.
 
-**Additional context**
+## Additional context
 Add any other context about the problem here.

This aligns with Markdown best practices (MD036 from markdownlint).

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
**Problem statement**
I want to be able to do X, but the current implementation only allows for Y.
**Expected behavior**
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
**Mock**
If applicable, add screenshots to help explain the expectation.
**Additional context**
Add any other context about the problem here.
## Problem statement
I want to be able to do X, but the current implementation only allows for Y.
## Expected behavior
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
## Mock
If applicable, add screenshots to help explain the expectation.
## Additional context
Add any other context about the problem here.
🧰 Tools
🪛 markdownlint-cli2 (0.18.1)

12-12: Emphasis used instead of a heading

(MD036, no-emphasis-as-heading)

🤖 Prompt for AI Agents 
In .github/ISSUE_TEMPLATE/feature_request.md around lines 9 to 23, the section
headers use bold emphasis instead of Markdown headings; replace the bolded lines
(lines 9, 12, 19, 22) with proper Markdown headings (for example "## Problem
statement", "## Expected behavior", "## Mock", "## Additional context") so each
header uses #/## syntax and the surrounding content remains unchanged to satisfy
markdownlint MD036 and improve document structure and accessibility.

72 changes: 72 additions & 0 deletions .github/workflows/backend-api-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
name: API Tests

on:
pull_request:
branches: [main, develop]
types: [opened, synchronize]
paths:
- "backend/**"
- ".github/workflows/backend-api-tests.yml"
workflow_dispatch:
Comment on lines +3 to +10
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Fix workflow trigger syntax error.

The workflow_dispatch key is incorrectly nested under pull_request. It should be at the root on: level as a separate trigger.

Apply this diff:

 on:
   pull_request:
     branches: [main, develop]
     types: [opened, synchronize]
     paths:
       - "backend/**"
       - ".github/workflows/backend-api-tests.yml"
+  workflow_dispatch:
-    workflow_dispatch:
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
on:
pull_request:
branches: [main, develop]
types: [opened, synchronize]
paths:
- "backend/**"
- ".github/workflows/backend-api-tests.yml"
workflow_dispatch:
on:
pull_request:
branches: [main, develop]
types: [opened, synchronize]
paths:
- "backend/**"
- ".github/workflows/backend-api-tests.yml"
workflow_dispatch:
🧰 Tools
🪛 actionlint (1.7.8)

10-10: unexpected key "workflow_dispatch" for "pull_request" section. expected one of "branches", "branches-ignore", "paths", "paths-ignore", "tags", "tags-ignore", "types", "workflows"

(syntax-check)

🤖 Prompt for AI Agents 
In .github/workflows/backend-api-tests.yml around lines 3 to 10, the
workflow_dispatch trigger is incorrectly nested under pull_request; move
workflow_dispatch out to be a sibling of pull_request under the top-level on:
key (so on: contains pull_request: {...} and workflow_dispatch: {} at the same
indentation), remove it from inside pull_request, and ensure YAML indentation is
valid so both triggers are applied.


env:
GITHUB_WORKFLOW: github_actions
PYTHON_VERSION: "3.12"
UBUNTU_VERSION: "ubuntu-24.04"

jobs:
test:
runs-on: ubuntu-24.04
env:
backend-directory: ./backend

strategy:
max-parallel: 4
matrix:
python-version: ["3.12"]

steps:
- uses: actions/checkout@v3
- name: Set up python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
cache: "pip"
- name: Install Poetry
uses: snok/install-poetry@v1
with:
virtualenvs-create: false
installer-parallel: true
- name: Install backend requirements
working-directory: ${{ env.backend-directory }}
run: poetry install
- name: Create environment variables file
working-directory: ${{env.backend-directory}}
run: |
touch .env
echo DJANGO_DEBUG='True' >> .env
echo DB_HOST=localhost >> .env
echo EMAIL_HOST=localhost >> .env
echo EMAIL_PORT=1025 >> .env
echo EMAIL_HOST_USER='' >> .env
echo EMAIL_HOST_PASSWORD='' >> .env
#echo EMAIL_USE_TLS=False >> .env
echo DEFAULT_FROM_EMAIL='ciso-assistant@alsigo.net' >> .env
echo CISO_ASSISTANT_SUPERUSER_EMAIL='' >> .env
echo CISO_ASSISTANT_URL=http://127.0.0.1:5173 >> .env
- name: Run migrations
working-directory: ${{env.backend-directory}}
run: |
export $(grep -v '^#' .env | xargs)
poetry run python manage.py migrate
- name: Run API tests
working-directory: ${{env.backend-directory}}
run: |
export $(grep -v '^#' .env | xargs)
poetry run pytest app_tests/api --html=pytest-report.html --self-contained-html
- uses: actions/upload-artifact@v4
if: always()
with:
name: api-tests-report
path: ${{ env.backend-directory }}/pytest-report.html
retention-days: 5
84 changes: 84 additions & 0 deletions .github/workflows/backend-coverage.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
name: Backend code coverage

on:
pull_request:
branches: ["main"]
paths:
- "backend/**"

env:
GITHUB_WORKFLOW: github_actions
POSTGRES_VERSION: "16"
UBUNTU_VERSION: "ubuntu-24.04"
PYTHON_VERSION: "3.12"

jobs:
build:
runs-on: ubuntu-24.04
env:
backend-directory: ./backend

services:
postgres:
image: postgres:16
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres # test credential
POSTGRES_DB: postgres
ports: ["5432:5432"]
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5

strategy:
max-parallel: 4
matrix:
python-version: ["3.12"]

steps:
- uses: actions/checkout@v3
- name: Set up python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
cache: "pip"
- name: Install Poetry
uses: snok/install-poetry@v1
with:
virtualenvs-create: false
installer-parallel: true
- name: Install backend requirements
working-directory: ${{ env.backend-directory }}
run: poetry install
- name: Create environment variables file
working-directory: ${{env.backend-directory}}
run: |
touch .env
echo DJANGO_DEBUG='True' >> .env
echo POSTGRES_NAME=postgres >> .env
echo POSTGRES_USER=postgres >> .env
echo POSTGRES_PASSWORD=postgres >> .env
echo DB_HOST=localhost >> .env
echo EMAIL_HOST=localhost >> .env
echo EMAIL_PORT=1025 >> .env
echo EMAIL_HOST_USER='' >> .env
echo EMAIL_HOST_PASSWORD='' >> .env
#echo EMAIL_USE_TLS=False >> .env
echo DEFAULT_FROM_EMAIL='ciso-assistant@alsigo.net' >> .env
echo CISO_ASSISTANT_SUPERUSER_EMAIL='' >> .env
echo CISO_ASSISTANT_URL=http://127.0.0.1:5173 >> .env
- name: Run migrations
working-directory: ${{env.backend-directory}}
run: |
export $(grep -v '^#' .env | xargs)
poetry run python manage.py migrate
- name: Run coverage
working-directory: ${{env.backend-directory}}
env:
DATABASE_URL: "postgres://postgres:postgres@localhost:${{ job.services.postgres.ports[5432] }}/postgres"
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Fix DATABASE_URL port access syntax.

The expression ${{ job.services.postgres.ports[5432] }} uses a numeric index on an object, which will cause a workflow error. GitHub Actions requires string keys for property access.

Apply this diff:

-          DATABASE_URL: "postgres://postgres:postgres@localhost:${{ job.services.postgres.ports[5432] }}/postgres"
+          DATABASE_URL: "postgres://postgres:postgres@localhost:${{ job.services.postgres.ports['5432'] }}/postgres"

Apply the same fix on line 83.

Also applies to: 83-83

🧰 Tools
🪛 actionlint (1.7.8)

76-76: property access of object must be type of string but got "number"

(expression)

🪛 Checkov (3.2.334)

[medium] 76-77: Basic Auth Credentials

(CKV_SECRET_4)

🤖 Prompt for AI Agents 
.github/workflows/backend-coverage.yaml lines 76 and 83: the workflow expression
currently uses a numeric object index `${{ job.services.postgres.ports[5432] }}`
which is invalid in GitHub Actions; replace the numeric index with a string key
so the expression becomes `${{ job.services.postgres.ports['5432'] }}` (apply on
both line 76 and line 83).

run: |
export $(grep -v '^#' .env | xargs)
find . -path '*/tests/*' -and -name 'test*.py' -and -not -path "./venv/*" | xargs coverage run -m pytest
- name: Display coverage report
working-directory: ${{env.backend-directory}}
env:
DATABASE_URL: "postgres://postgres:postgres@localhost:${{ job.services.postgres.ports[5432] }}/postgres"
run: coverage report
41 changes: 41 additions & 0 deletions .github/workflows/backend-linters.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: Backend Linters

on:
pull_request:
paths:
- "backend/**"

env:
GITHUB_WORKFLOW: github_actions
PYTHON_VERSION: "3.12"
UBUNTU_VERSION: "ubuntu-24.04"

jobs:
ruff:
runs-on: ubuntu-24.04
env:
working-directory: ./backend

strategy:
max-parallel: 4
matrix:
python-version: ["3.12"]

steps:
- uses: actions/checkout@v4
- name: Set up python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
cache: "pip"
- name: Install ruff
working-directory: ${{env.working-directory}}
run: |
python -m pip install ruff==0.9.2
Comment on lines +26 to +34
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Bump actions/setup-python to a Node20+ release.

actions/setup-python@v4 still targets the retired Node16 runtime, which GitHub removed from hosted runners in late 2024. Upgrade to the current major (v6) so the job stays runnable on ubuntu-24.04.(github.blog)

Use this change:

-      - name: Set up python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+      - name: Set up python ${{ matrix.python-version }}
+        uses: actions/setup-python@v6
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Set up python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
cache: "pip"
- name: Install ruff
working-directory: ${{env.working-directory}}
run: |
python -m pip install ruff==0.9.2
- name: Set up python ${{ matrix.python-version }}
uses: actions/setup-python@v6
with:
python-version: ${{ matrix.python-version }}
cache: "pip"
- name: Install ruff
working-directory: ${{env.working-directory}}
run: |
python -m pip install ruff==0.9.2
🧰 Tools
🪛 actionlint (1.7.8)

27-27: the runner of "actions/setup-python@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents 
In .github/workflows/backend-linters.yaml around lines 26 to 34, the workflow
uses actions/setup-python@v4 which depends on the retired Node16 runtime; update
the action to actions/setup-python@v6 (Node20+) to restore compatibility with
ubuntu-24.04 runners, keeping the same inputs (python-version and cache) and
verify the workflow runs locally or via a test commit; also scan the workflow
for any other actions pinned to v4/v5 that may require similar updates and bump
them consistently if needed.

- name: Run ruff format check
working-directory: ${{env.working-directory}}
run: ruff format --check .
# NOTE: The following will be uncommented once the codebase is cleaned up
# - name: ruff
# working-directory: ${{env.working-directory}}
# run: ruff check .
110 changes: 110 additions & 0 deletions .github/workflows/backend-migrations-check.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
name: Backend migrations check

on:
pull_request:
branches: [main, develop]
types: [opened, synchronize]
workflow_dispatch:

env:
GITHUB_WORKFLOW: github_actions
backend-directory: ./backend
enterprise-backend-directory: ./enterprise/backend
enterprise-backend-settings-module: enterprise_core.settings
UBUNTU_VERSION: "ubuntu-24.04"
PYTHON_VERSION: "3.12"

jobs:
migrations-check:
runs-on: ubuntu-24.04

strategy:
max-parallel: 4
matrix:
python-version: ["3.12"]

steps:
- uses: actions/checkout@v4
- name: Set up python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
cache: "pip"
- name: Install Poetry
uses: snok/install-poetry@v1
with:
virtualenvs-create: false
installer-parallel: true
- name: Install backend requirements
working-directory: ${{ env.backend-directory }}
run: poetry install
- name: Create backend environment variables file
working-directory: ${{ env.backend-directory }}
run: |
touch .env
echo DJANGO_DEBUG=True >> .env
echo DJANGO_SUPERUSER_EMAIL=admin@tests.com >> .env
echo DJANGO_SUPERUSER_PASSWORD=1234 >> .env
echo DB_HOST=localhost >> .env
echo CISO_ASSISTANT_SUPERUSER_EMAIL='' >> .env
echo CISO_ASSISTANT_URL=http://localhost:4173 >> .env
echo DEFAULT_FROM_EMAIL='ciso-assistant@tests.net' >> .env
echo EMAIL_HOST=localhost >> .env
echo EMAIL_HOST_USER=user@tests.com >> .env
echo EMAIL_HOST_PASSWORD=password >> .env
echo EMAIL_PORT=1025 >> .env
- name: Check that migrations were made
working-directory: ${{ env.backend-directory }}
run: |
export $(grep -v '^#' .env | xargs)
poetry run python manage.py makemigrations --check --dry-run --verbosity=3

enterprise-migrations-check:
runs-on: ubuntu-24.04

strategy:
max-parallel: 4
matrix:
python-version: ["3.12"]

steps:
- uses: actions/checkout@v4
- name: Set up python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
cache: "pip"
- name: Install Poetry
uses: snok/install-poetry@v1
with:
virtualenvs-create: false
installer-parallel: true
- name: Install backend requirements
working-directory: ${{ env.backend-directory }}
run: poetry install
- name: Install enterprise backend
working-directory: ${{ env.enterprise-backend-directory }}
run: poetry install
- name: Create backend environment variables file
working-directory: ${{ env.backend-directory }}
run: |
touch .env
echo DJANGO_DEBUG=True >> .env
echo DJANGO_SUPERUSER_EMAIL=admin@tests.com >> .env
echo DJANGO_SUPERUSER_PASSWORD=1234 >> .env
echo DB_HOST=localhost >> .env
echo CISO_ASSISTANT_SUPERUSER_EMAIL='' >> .env
echo CISO_ASSISTANT_URL=http://localhost:4173 >> .env
echo DEFAULT_FROM_EMAIL='ciso-assistant@tests.net' >> .env
echo EMAIL_HOST=localhost >> .env
echo EMAIL_HOST_USER=user@tests.com >> .env
echo EMAIL_HOST_PASSWORD=password >> .env
echo EMAIL_PORT=1025 >> .env
echo DJANGO_SETTINGS_MODULE=enterprise_core.settings >> .env
echo LICENSE_SEATS=999 >> .env
- name: Check that migrations were made
working-directory: ${{ env.backend-directory }}
run: |
export $(grep -v '^#' .env | xargs)
poetry run python manage.py makemigrations --check --dry-run --verbosity=3 --settings=${{ env.enterprise-backend-settings-module }}
if [ $? -ne 0 ]; then echo "::error Migrations were not made, please run the makemigrations command." && exit 1; fi
Loading