Add org-aware third-party vetting#1463
Draft
SachaProbo wants to merge 1 commit into
Draft
Conversation
Decompose vendor fact-finding from org-specific risk judgment so both the common catalog and org vetting share one building block: - Extract a reusable, persistence-free Profiler (company profile, compliance docs, domains) and have the catalog enrichment worker use it. - Prime the vetting orchestrator with KnownFacts resolved from a catalog link or an on-demand profiling pass, seeded into the orchestrator message. - Inject broad organization context (frameworks, latest risk rating, linked data/assets/processing activities, countries) into the assessment; a user-provided procedure overrides the default playbook while org context is always applied. - Add Data/Assets/ProcessingActivities LoadByThirdPartyID coredata loaders. - Vetting form prefills and confirms vendor identity (name, legal name, website), updating the third party's identity to feed the assessment. Signed-off-by: Sacha Al Himdani <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Decompose vendor fact-finding from org-specific risk judgment so both the common catalog and org vetting share one building block:
Summary by cubic
Make vetting org-aware by splitting general vendor profiling from org-specific risk and feeding both into the assessment. Adds a reusable
Profiler, primes the orchestrator with catalog/on‑demand facts, injects organization context, and updates the vetting UI to confirm identity.Coredata
+216-0LoadByThirdPartyIDloaders forData,Assets, andProcessingActivitiesto pull items linked to a vendor.GraphQL API
+12-0VetThirdPartyInputnow accepts optionalnameandlegalName; resolver enforces update permission and forwards fields to vetting.Service
+1037-141Profiler(company profile, compliance docs, domains) and adopted it in the catalog enrichment worker.Profilerto prime assessments withKnownFacts(no writes to the catalog).Assessnow seeds them before crawling.probodto provide the profiler to the vetting worker when enrichment config is set; minor refactors and prompt tweaks.App: console
+47-11VettingDialog.Tests
+1-1Assesssignature.Written for commit db4b4ec. Summary will update on new commits.