A modern GRC (Governance, Risk, Compliance) tool. This project brings together asset management, risk analysis, compliance tracking, API/XML import, and AI-driven security planning in a single dashboard.
React 18+TypeScriptViteTailwind CSS+shadcn/uiReact RouterRechartsVitest@google/generative-ai(Gemini integration)
- Assets (
assets), risks (risks), and CIS controls are managed in local context. - Key metrics are calculated, including compliance percentage, active risk count, and non-compliant controls.
- Add/update/delete assets.
- Search and filtering.
- Includes an
Impact (1-5)field (currently UI-only, does not affect calculations yet).
- Three OS-specific agent options:
- Windows
- macOS
- Linux
- OS detection, matching agent selection, download links, and install-command copy flow.
Integrations are grouped by category, with at least 3 tools per category:
Vulnerability Management- Tenable
- Qualys VMDR
- Rapid7 InsightVM
Asset Scanner- CrowdStrike Falcon Discover
- Lansweeper
- Nmap Enterprise
LDAP / Directory- Active Directory LDAP
- OpenLDAP
- JumpCloud Directory
CMDB / MDM- ServiceNow CMDB
- Microsoft Intune
- Jamf Pro
Functions:
- Connect/Disconnect
- Sync (mock discovery)
- Import discovered assets directly into Assets
- Skip duplicate asset names
- For organizations without API support.
- Scanner XML upload support.
- Nmap XML and generic scanner XML parsing support.
- Preview table, single-add, and bulk-add.
- Risk summary cards (Critical/High/Medium/Low)
- Scatter heat map (Likelihood vs Impact)
- 5x5 risk matrix table
- Risk names rendered inside matrix cells
- Matrix total vs all-risks consistency check
- AI-powered compliance analysis and security plan using Gemini.
- Model fallback mechanism (tries multiple model IDs).
- Local heuristic fallback when API quota/model access fails (page remains usable).
/login/register(with department selection)
Note: Auth is currently UI flow only (no backend auth integration yet).
/- Dashboard/framework- Framework/assets- Asset Management/assets/management- Asset Management/assets/agents- Asset Agents/assets/apis- Asset APIs/assets/import- Asset Import/risks- Risks Overview/risks/assets- Asset Risk/compliance- Compliance/login- Login/register- Register
npm installnpm run devnpm run buildnpm testCreate a .env file in the project root:
VITE_GEMINI_API_KEY=your_gemini_api_key
# optional
VITE_GEMINI_MODEL=gemini-2.5-flashNotes:
VITE_GEMINI_API_KEYis required for AI compliance analysis.- If model access or quota is unavailable, the app automatically returns local fallback analysis.
- API integrations and Auth are not connected to a real backend yet (mock/UI-first workflow).
- Asset
Impactselection is not yet connected to risk scoring logic.
- Add real backend auth integration (JWT/session).
- Add real credential management and test-connection endpoints for API connectors.
- Include the asset impact field in risk scoring calculations.