Feature - opensource to new website and new UX in eramba for templatea

We need to move opensource to the new website, we want to achieve:

  • a single website with all the stuff (website, templates, learning, etc)
    • initially, we will work only on english language templates
    • there is a possibility we will do this in other languages in the future
  • we want to remove “collaboration from users” in opensourcegrc, in 3 years we got three collaborations despite thousands using the opensourcegrc platform
  • we want to expand templates to other areas: threats, vulnerabilities, risks, assets, questionnaire, etc
    • we need to populate this templates from an eramba managed by the core team
    • any update done on our side should become available to users within hours maximum, ideally inmendiately
    • consider users might run different versions of eramba from what we will be running on the master template server
  • we want to reinstate a seamless user interface in eramba so people can use templates directly from their eramba
    • people should be able to add compliance packages directly from templates
    • people should be able to create risks (and their relationships: assets, etc) from templates
    • etc

github: https://github.com/eramba/eramba_v2/issues/3539
related: https://github.com/eramba/eramba_v2/issues/2595


There are two pieces to this functionality:

  • changes on the website for a new opensourcegrc
  • changes in eramba to get that content easily

Changes on the website:

We need somewhere to explain we have free, open license templates. I suggest one more frame here:

We also need to access templates from the menu on the top because we want this to be super visible:

When clicked there, we want to show the templates main page which needs to be a mix of introduction on how this works and the content itself

which templates:

  • compliance packages
  • mapping in between them
  • controls, policies linked to compliance packages
  • OA templates

and later:

  • third parties
  • liabilities
  • assets
  • risks
  • controls and policies linked to risks

The website mockups look like this for Compliance Templates:

The website mockups look like this for Online Assessments:

For policies, notice that when you click on a policy it shows its related controls:

And here we have internal controls:

We then need to define how templates will be used in eramba, for that we need to make multiple changes and some key long term decisions.