Auto-generate, distribute, and score vendor risk assessment questionnaires based on vendor service type, data access level, geography, and regulatory exposure.
Coming soon — a hosted version will be available at a public URL.
macOS / Linux:
./start.shWindows:
start.bat
This installs dependencies, seeds sample data, starts the API and frontend, and opens your browser. Login with admin@example.com / password123.
docker compose upOpen http://localhost:8501 in your browser.
- Fork this repo
- Connect it to Railway
- Set environment variables:
SECRET_KEY,DATABASE_URL - Deploy — Railway uses
Dockerfile.railwayautomatically
- Questionnaire templates by category: Security, Privacy, AI Ethics, Business Continuity (20+ questions each)
- Smart questionnaire selection based on vendor profile — service type, data access, geography, and regulatory frameworks (GDPR, HIPAA, SOX, EU AI Act, DORA, etc.)
- Vendor portal with email verification for secure questionnaire completion
- Save & resume — vendors can save progress and return later
- Auto-scoring engine with per-question weighted scoring, category subtotals, and overall risk tiers
- Configurable risk tiers — 4 defaults (Low, Medium, High, Critical), fully editable by admins
- High-risk flagging — automatically flags concerning responses for human review
- Dashboard with summary stats, risk distribution, and pending review queue
- Email integration — pluggable providers (SMTP, SendGrid, Mailgun, Resend) or manual link sharing
- Admin authentication with JWT-based user accounts
Start the API server and visit http://localhost:8000/docs for interactive Swagger documentation.
vra_app/ # FastAPI backend
main.py # App entry point
config.py # Settings (pydantic-settings)
database.py # SQLAlchemy engine & session
dependencies.py # Auth dependencies
models/ # SQLAlchemy ORM models
schemas/ # Pydantic request/response schemas
routers/ # API route handlers
services/ # Business logic
vra_frontend/ # Streamlit frontend
app.py # Main app with auth & navigation
pages/ # Dashboard, Vendors, Assessments, Portal, Risk Tiers
data/
templates/ # YAML questionnaire templates
sample/ # Synthetic sample data
tests/ # pytest test suite
scripts/ # Seed data script
pip install -e ".[dev]"
pytest- Backend: Python 3.11+, FastAPI, SQLAlchemy 2.0, Pydantic v2
- Frontend: Streamlit
- Database: SQLite (prototype), designed for PostgreSQL migration
- Auth: JWT (python-jose) + bcrypt
- Email: Pluggable providers (SMTP, SendGrid, Mailgun, Resend)
- Deployment: Docker, Railway
MIT License - Copyright (c) 2026 Noam Raz and Pleasant Secret Labs