Dev

[dbarzin]

Summary by CodeRabbit

• New Features

  • Added comprehensive risk management module with creation, editing, deletion, and listing capabilities.
  • Introduced configurable risk scoring system with multiple formulas and customizable classification thresholds.
  • Added risk matrix visualization for assessing risks by probability and impact.
  • Integrated risk tracking with controls and action plans.
  • Added risk export functionality to Excel.

• Documentation

  • Added Docker Compose deployment guide with configuration and troubleshooting.
  • Added risk management documentation.

• Chores

  • Updated Docker environment configuration and deployment setup.
  • Enhanced navigation menu with risk and exception links.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 2e6c8ea0-c449-46ef-b94b-5193ba64ad3f

📥 Commits

Reviewing files that changed from the base of the PR and between 0c2d39f and 8a2bee3.

⛔ Files ignored due to path filters (20)

• composer.lock is excluded by !**/*.lock
• docs/images/douments.fr.png is excluded by !**/*.png
• docs/images/groups.fr.png is excluded by !**/*.png
• docs/images/groups.png is excluded by !**/*.png
• docs/images/home1.fr.png is excluded by !**/*.png
• docs/images/home1.png is excluded by !**/*.png
• docs/images/risk.edit.fr.png is excluded by !**/*.png
• docs/images/risk.edit.png is excluded by !**/*.png
• docs/images/risk.fr.png is excluded by !**/*.png
• docs/images/risk.list.fr.png is excluded by !**/*.png
• docs/images/risk.list.png is excluded by !**/*.png
• docs/images/risk.matrix.fr.png is excluded by !**/*.png
• docs/images/risk.matrix.png is excluded by !**/*.png
• docs/images/risk.png is excluded by !**/*.png
• docs/images/risk.scoring.create.fr.png is excluded by !**/*.png
• docs/images/risk.scoring.create.png is excluded by !**/*.png
• docs/images/risk.scoring.fr.png is excluded by !**/*.png
• docs/images/risk.scoring.png is excluded by !**/*.png
• docs/images/risk.show.fr.png is excluded by !**/*.png
• docs/images/risk.show.png is excluded by !**/*.png

📒 Files selected for processing (66)

• .env.docker
• .env.example
• Docker.md
• Dockerfile
• ROADMAP.md
• app/Exports/RiskExport.php
• app/Http/Controllers/AuditLogsController.php
• app/Http/Controllers/ControlController.php
• app/Http/Controllers/DocumentController.php
• app/Http/Controllers/HomeController.php
• app/Http/Controllers/RiskController.php
• app/Http/Controllers/RiskScoringConfigController.php
• app/Models/Control.php
• app/Models/Document.php
• app/Models/Risk.php
• app/Models/RiskScoringConfig.php
• app/Models/User.php
• app/Services/RiskScoringService.php
• config/app.php
• database/migrations/2026_04_07_151247_create_risk_table.php
• database/migrations/2026_04_07_152854_create_risk_scoring_table.php
• database/seeders/DomainSeeder.php
• database/seeders/MeasureSeeder.php
• docker/deming.conf
• docker/docker-compose.yml
• docker/entrypoint.sh
• docker/initialdb.sh
• docs/config.fr.md
• docs/controls.fr.md
• docs/controls.md
• docs/css/extra.css
• docs/css/overrides.css
• docs/index.fr.md
• docs/measures.fr.md
• docs/risks.fr.md
• docs/risks.md
• mkdocs.yaml
• public/build/assets/app-g_4aWm6R.css
• public/build/manifest.json
• resources/css/app.css
• resources/lang/de/menu.php
• resources/lang/en/common.php
• resources/lang/en/cruds.php
• resources/lang/en/menu.php
• resources/lang/fr/common.php
• resources/lang/fr/cruds.php
• resources/lang/fr/menu.php
• resources/views/auth/login.blade.php
• resources/views/controls/edit.blade.php
• resources/views/controls/history.blade.php
• resources/views/controls/make.blade.php
• resources/views/layout.blade.php
• resources/views/radar/measures.blade.php
• resources/views/reports.blade.php
• resources/views/risks/_scoring_script.blade.php
• resources/views/risks/create.blade.php
• resources/views/risks/edit.blade.php
• resources/views/risks/index.blade.php
• resources/views/risks/matrix.blade.php
• resources/views/risks/scoring/form.blade.php
• resources/views/risks/scoring/index.blade.php
• resources/views/risks/scoring/show.blade.php
• resources/views/risks/show.blade.php
• resources/views/users/edit.blade.php
• resources/views/welcome.blade.php
• routes/web.php

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

---

Walkthrough

This pull request introduces a comprehensive risk register module aligned with ISO 27001:2022, featuring configurable risk scoring with multiple formulas, a risk matrix visualization, CRUD operations for risk management, and associated database migrations. It includes Docker deployment configuration and updated documentation.

Changes

Cohort / File(s)	Summary
Core Risk Models & Services app/Models/Risk.php, app/Models/RiskScoringConfig.php, app/Services/RiskScoringService.php, app/Exports/RiskExport.php	Added Risk model with relationships, status constants, and scoring accessors; introduced RiskScoringConfig model for managing scoring formulas and thresholds; added RiskScoringService with formula-driven score calculation, matrix building, and axis generation; created RiskExport for spreadsheet exports.
Risk Controllers app/Http/Controllers/RiskController.php, app/Http/Controllers/RiskScoringConfigController.php	Introduced RiskController with full CRUD, matrix view, and export endpoints; added RiskScoringConfigController with admin-guarded configuration management (create, edit, activate, delete) and request validation for formulas/levels/thresholds.
Risk-Related Views resources/views/risks/*.blade.php, resources/views/risks/scoring/*.blade.php	Added risk index/create/edit/show views with conditional scoring UI based on active formula; created matrix visualization with interactive filtering; added scoring configuration create/edit/index views with dynamic level/threshold management; included scoring calculation script partial.
Other Controller & Model Updates app/Http/Controllers/HomeController.php, app/Http/Controllers/ControlController.php, app/Http/Controllers/DocumentController.php, app/Http/Controllers/AuditLogsController.php, app/Models/Control.php, app/Models/Document.php, app/Models/User.php	Enhanced HomeController with risk count computation; refactored ControlController tempo/clause filtering with scope-aware queries; improved DocumentController with explicit type signatures and admin check refactoring; added risk type support to AuditLogsController; added return-type annotations and PHPDoc generics to Control; added Document property PHPDoc; added OAuthenticatable interface to User.
Database Migrations database/migrations/2026_04_07_151247_create_risk_table.php, database/migrations/2026_04_07_152854_create_risk_scoring_table.php	Created risks table with ownership, evaluation metrics (probability/impact/exposure/vulnerability), review scheduling, and soft deletes; created risk_scoring_configs table with JSON-based formula configuration and seeded default probability×impact formula; added measure_risk and action_risk pivot tables.
Database Seeders database/seeders/DomainSeeder.php, database/seeders/MeasureSeeder.php	Refactored DomainSeeder with framework field support and foreign-key-safe deletion; improved MeasureSeeder with locale-based CSV selection, error handling, and reliable cleanup via try/finally.
Docker & Deployment Configuration .env.docker, .env.example, Dockerfile, docker/docker-compose.yml, docker/deming.conf, docker/entrypoint.sh, docker/initialdb.sh	Added .env.docker for production-like defaults; updated .env.example to local development settings with new APP_BANNER_TEST and simplified LDAP/OIDC configuration; updated Dockerfile to reference new nginx config; revised docker-compose.yml with updated environment variables, port mapping, and MySQL version/health check; added MySQL readiness wait logic and Passport install handling in entrypoint.sh; refactored initialdb.sh with separate seeding logic.
Routing & Application Configuration routes/web.php, config/app.php	Added risk and risk scoring configuration routes with named route support; replaced editor config with APP_BANNER_TEST boolean flag.
Internationalization (i18n) resources/lang/en/menu.php, resources/lang/en/common.php, resources/lang/en/cruds.php, resources/lang/fr/menu.php, resources/lang/fr/common.php, resources/lang/fr/cruds.php, resources/lang/de/menu.php	Added risk matrix and exceptions menu items (all languages); added active/export common labels (en/fr) and months plural (fr); added comprehensive risk and risk_scoring translation sections with field labels, status labels, formula names, and UI hints (en/fr); updated German menu with risks/exceptions.
View Updates & Styling resources/views/layout.blade.php, resources/views/welcome.blade.php, resources/views/reports.blade.php, resources/views/controls/edit.blade.php, resources/views/controls/make.blade.php, resources/views/controls/history.blade.php, resources/views/radar/measures.blade.php, resources/views/users/edit.blade.php, resources/css/app.css, public/build/assets/app-*.css, public/build/manifest.json	Updated layout with risk matrix and exceptions navigation items; enhanced welcome dashboard with risks/exceptions tiles and updated chart colors; added risks export link to reports; removed numeric input type from control note fields; updated Chart.js colors and font-based indicators in controls history; refactored radar measures filtering from id to clause-based with optional scope filtering; added password autocomplete and grid adjustments to user edit; added multi-select styling for wrapped tag display; updated CSS build artifacts.
Documentation Docker.md, docs/risks.md, docs/risks.fr.md, ROADMAP.md, docs/config.fr.md, docs/controls.fr.md, docs/controls.md, docs/measures.fr.md, docs/index.fr.md, mkdocs.yaml, docs/css/overrides.css	Added comprehensive Docker deployment guide; created risk register documentation (en/fr) covering matrix, list, detail, scoring configuration, and integration points; updated ROADMAP with completed dashboard/risks items and new security exceptions/documentation tasks; converted HTML anchors to Markdown heading attributes across config/controls documentation; updated MkDocs configuration from readthedocs to material theme with i18n plugin and markdown extensions; added CSS overrides for inline code color.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant RiskController
    participant RiskModel as Risk Model
    participant RiskScoringService as Scoring Service
    participant RiskScoringConfig as Config Model
    participant Database

    User->>RiskController: POST /risk/store<br/>(probability, impact, status)
    RiskController->>RiskModel: create(validated data)
    RiskModel->>Database: insert risk record
    Database-->>RiskModel: created risk
    RiskModel-->>RiskController: risk instance

    User->>RiskController: GET /risk/show/{id}
    RiskController->>RiskModel: find(id)
    Database-->>RiskModel: risk data
    RiskController->>RiskScoringConfig: active()
    Database-->>RiskScoringConfig: config with formula
    RiskController->>RiskScoringService: score(risk)
    RiskScoringService->>RiskScoringConfig: get formula type
    Note over RiskScoringService: Calculate score based<br/>on formula<br/>(probability×impact, etc.)
    RiskScoringService->>RiskScoringConfig: thresholdFor(score)
    RiskScoringConfig-->>RiskScoringService: threshold level/color
    RiskScoringService-->>RiskController: score array
    RiskController->>User: render show view<br/>with computed score

Loading

sequenceDiagram
    participant User
    participant RiskController
    participant RiskScoringService as Scoring Service
    participant RiskModel as Risk Collection
    participant RiskScoringConfig as Config Model
    participant View

    User->>RiskController: GET /risk/matrix
    RiskController->>RiskModel: all risks
    RiskScoringService->>RiskScoringConfig: active config
    RiskScoringService->>RiskScoringService: buildMatrix(risks)
    Note over RiskScoringService: Organize risks by<br/>Y-axis (probability/likelihood)<br/>X-axis (impact)
    RiskScoringService->>RiskScoringService: matrixXAxis()<br/>matrixYAxis()
    RiskScoringService-->>RiskController: matrix array + axes
    RiskController->>View: render matrix.blade.php
    View->>View: foreach cell compute<br/>score & threshold color
    View-->>User: interactive 2D matrix<br/>with risk counts & filters

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~75 minutes

The changes introduce a substantial new risk management feature spanning models, services, controllers, views, database migrations, Docker configuration, and internationalization. While many translation entries are repetitive, the core logic is intricate: risk scoring with multiple formulas, dynamic UI conditional on configuration, complex controller logic with scope filtering, and coordinated database/migration changes. The heterogeneous nature across different layers and the density of new interactive features (matrix, filtering, dynamic calculations) require careful cross-component reasoning.

Poem

🐰 A risk register hops into view,
With scoring formulas tried and true,
Colors and thresholds dance and sway,
In matrices bright, come what may!
From exposure to impact we now can see,
A safer ISMS, wild and free! 🌟

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dev

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 Trivy (0.69.3)

Failed to read Trivy output file: ENOENT: no such file or directory, open '/inmem/1273/nsjail-9c2bfa8a-62ad-4a3f-b5f6-ed80de68824d/merged/.trivy-output.json'

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}