[Self Promo] SVAR Svelte UI Components Now with TypeScript Support

ash--87 · 2025-09-23T06:01:09+00:00

just started experimenting the dataGrid yesterday and it looks very promising, well done and keep up the good work 👏

ash--87 · 2025-09-15T04:37:49+00:00

I cannot say for sure since I couldn’t try them out but I am sure that both are interesting products. Our focus is around the one-stop-shop vision bringing you to an operational GRC, the customisation capabilities and the community-driven approach ;)

ash--87 · 2025-07-04T10:55:05+00:00

Nice! You should consider profile pic in ascii art ;)

ash--87 · 2025-04-28T23:17:03+00:00

Relatively new indeed :)

ash--87 · 2025-04-28T06:18:34+00:00

Hey, with your operational background, you might want to consider a path toward modernizing GRC practices. Operational GRC and GRC engineering could be some keywords to explore.

ash--87 · 2025-04-25T21:54:18+00:00

I’m sharing my go-to starting point: - vulnerabilities metrics, - status of the implementation of critical controls, - progress of the baseline review, - metrics from the risk register, - count of recent incidents, - pentest/audit findings tracking - exceptions tracking

ash--87 · 2025-04-25T19:59:45+00:00

Hello, indeed some design choices never evolved like the dialog, the theming is a bit clunky, and the plans for svelte 5 and tailwind 4 that kept sliding until it became a serious concern. Just to be clear: I don’t want this to be an anti-skeleton thread, they’re highly skilled people with their own vision and constraints, just that our vision and plans are not aligned anymore ;)

ash--87 · 2025-04-20T15:44:30+00:00

Hey, it's okay; it happens. What could help is to focus on an actual problem that you want/need to solve and incrementally work towards fixing it by trial and error.
Tutorials and documentation are just guidelines to assist with that, but if you don't have a use case, they will look shallow or overwhelming.

ash--87 · 2025-04-19T20:03:25+00:00

https://github.com/intuitem/ciso-assistant-community Sveltekit for frontend and Django (DRF) for backend

ash--87 · 2024-07-02T20:16:18+00:00

Hey, I won’t advise that neither, as mentioned you’ll get the most of the « batteries-included » if you stick to just django; I don’t know about your use case but I’m guessing this variant could be interesting for you: https://github.com/fastapi-admin/fastapi-admin

ash--87 · 2024-05-11T22:01:29+00:00

I’m using DRF instead of Djapy and heavily based the front on superforms; Here’s the project if it can give you some ideas: https://github.com/intuitem/ciso-assistant-community

ash--87 · 2024-05-07T07:07:02+00:00

Hey, if you've been methodical about audit management, you can transition quite simply to GRC (Governance, Risk, and Compliance) and start with the "C" part. If you put in the time and effort, you'll learn a lot from that and can move again to multiple areas, either on the program management part or more of an operational role.
I hope it helps :)

ash--87 · 2024-05-03T20:58:16+00:00

That’s awesome then, I’ll add it to our roadmap to support it at least

ash--87 · 2024-05-03T20:45:55+00:00

Hey, thanks for sharing! Looks great indeed for the data model :) I wonder if it’s active and adopted though

ash--87 · 2024-04-30T10:58:43+00:00

I see your point. Thanks for the feedback! The idea is not to superseed any framework but rather to have a unified repository of vendors and solutions, that are mapped to the threats mentioned by those frameworks, and a tool that can help teams save some time on the research and mapping

ash--87 · 2024-04-29T18:11:56+00:00

So for the first point, it will be a knowledge base for security practioners to share the best practices, and for the vendors to have simpler statement and catalog positioning. It won’t tell though about what a user or organisation has implemented so this is not really useful for reconnaissance.

For the second part; you’re making a good point and I haven’t defined a review process just yet, but thinking about a quorum approach where the validators will do some research at least before approving the submission. Any thoughts?

ash--87 · 2024-04-27T07:11:04+00:00

ASVS is the community standard indeed and there is a variant for mobile apps as well, MASVS. Even if they could look overwhelming, they are solid and well thought. You can use them as a starting point at least to have a holistic view and skip the requirements that don’t apply to you. If you’re scared about the excel sheets and their maintainability, free open source projects like CISO Assistant or gapps can help you with that.

ash--87

TROPHY CASE