When I try to add a new risk analysis I find follow situation and I can not do anything:

Add data related of MONARC steps below, when is an export of whole risk analysis .

• Risks analysis context
• Evaluation of Trends and Threat, and synthesis
• Risks management organisation
• Synthesis of assets / impacts
• Management of the implementation of the risk treatment plan
• Interview table

In AbstractService.php around line 677 to 733, the methods mcrypt_encrypt and mcrypt_decrypt are deprecated.

The mcrypt PHP module is deprecated as of PHP 7.1 and will be removed in PHP 7.2. See the PHP 7.1 deprecation article for more information. The mcrypt library has been in an abandoned state for over a decade, and thus might present security issues in the future.

It is advised to use the OpenSSL equivalent, openssl_encrypt and openssl_decrypt.

When recommendations have a duedate (Deadline in implementation of the risk treatment plan) , import function gets bug below:

{"errors":[{"message":"Call to a member function format() on array","error":"error-exception","exception":{"class":"Error","file":"\/var\/www\/monarc\/fo\/vendor\/doctrine\/dbal\/lib\/Doctrine\/DBAL\/Types\/DateTimeType.php","line":53,"message":"Call to a member function format() on array","stacktrace":"#0 \/var\/www\/monarc\/fo\/vendor\/doctrine\/dbal\/lib\/Doctrine\/DBAL\/Statement.php(114): Doctrine\\DBAL\\Types\\DateTimeType-\u003EconvertToDatabaseValue(Array, Object(Doctrine\\DBAL\\Platforms\\MySQL57Platform))\n#1 \/var\/www\/monarc\/fo\/vendor\/doctrine\/orm\/lib\/Doctrine\/ORM\/Persisters\/Entity\/BasicEntityPersister.php(277): Doctrine\\DBAL\\Statement-\u003EbindValue(7, Array, Object(Doctrine\\DBAL\\Types\\DateTimeType))\n#2 \/var\/www\/monarc\/fo\/vendor\/doctrine\/orm\/lib\/Doctrine\/ORM\/UnitOfWork.php(1014): Doctrine\\ORM\\Persisters\\Entity\\BasicEntityPersister-\u003EexecuteInserts()\n#3 \/var\/www\/monarc\/fo\/vendor\/doctrine\/orm\/lib\/Doctrine\/ORM\/UnitOfWork.php(378): Doctrine\\ORM\\UnitOfWork-\u003EexecuteInserts(Object(Doctrine\\ORM\\Mapping\\ClassMetadata))\n#4 \/var\/www\/monarc\/fo\/vendor\/doctrine\/orm\/lib\/Doctrine\/ORM\/EntityManager.php(356): Doctrine\\ORM\\UnitOfWork-\u003Ecommit(NULL)\n#5 \/var\/www\/monarc\/fo\/vendor\/monarc\/core\/src\/MonarcCore\/Model\/Db.php(298): Doctrine\\ORM\\EntityManager-\u003Eflush()\n#6 \/var\/www\/monarc\/fo\/vendor\/monarc\/core\/src\/MonarcCore\/Model\/Db.php(278): MonarcCore\\Model\\Db-\u003Eflush()\n#7 \/var\/www\/monarc\/fo\/vendor\/monarc\/core\/src\/MonarcCore\/Model\/Table\/AbstractEntityTable.php(316): MonarcCore\\Model\\Db-\u003Esave(Object(MonarcFO\\Model\\Entity\\Recommandation), true)\n#8 \/var\/www\/monarc\/fo\/vendor\/monarc\/frontoffice\/src\/MonarcFO\/Service\/AnrInstanceService.php(404): MonarcCore\\Model\\Table\\AbstractEntityTable-\u003Esave(Object(MonarcFO\\Model\\Entity\\Recommandation))\n#9 \/var\/www\/monarc\/fo\/vendor\/monarc\/frontoffice\/src\/MonarcFO\/Service\/AnrInstanceService.php(653): MonarcFO\\Service\\AnrInstanceService-\u003EimportFromArray(Array, Object(MonarcFO\\Model\\Entity\\Anr), 8202, \u0027merge\u0027, true, Array)\n#10 \/var\/www\/monarc\/fo\/vendor\/monarc\/frontoffice\/src\/MonarcFO\/Service\/AnrInstanceService.php(653): MonarcFO\\Service\\AnrInstanceService-\u003EimportFromArray(Array, Object(MonarcFO\\Model\\Entity\\Anr), 8196, \u0027merge\u0027, true, Array)\n#11 \/var\/www\/monarc\/fo\/vendor\/monarc\/frontoffice\/src\/MonarcFO\/Service\/AnrInstanceService.php(702): MonarcFO\\Service\\AnrInstanceService-\u003EimportFromArray(Array, Object(MonarcFO\\Model\\Entity\\Anr), NULL, \u0027merge\u0027, true, Array, true)\n#12 \/var\/www\/monarc\/fo\/vendor\/monarc\/frontoffice\/src\/MonarcFO\/Service\/AnrInstanceService.php(60): MonarcFO\\Service\\AnrInstanceService-\u003EimportFromArray(Array, Object(MonarcFO\\Model\\Entity\\Anr), NULL, \u0027merge\u0027, true, Array, true)\n#13 \/var\/www\/monarc\/fo\/vendor\/monarc\/frontoffice\/src\/MonarcFO\/Controller\/ApiAnrImportAbstractController.php(39): MonarcFO\\Service\\AnrInstanceService-\u003EimportFromFile(288, Array)\n#14 \/var\/www\/monarc\/fo\/vendor\/zendframework\/zend-mvc\/src\/Controller\/AbstractRestfulController.php(458): MonarcFO\\Controller\\ApiAnrImportAbstractController-\u003Ecreate(Array)\n#15 \/var\/www\/monarc\/fo\/vendor\/zendframework\/zend-mvc\/src\/Controller\/AbstractRestfulController.php(416): Zend\\Mvc\\Controller\\AbstractRestfulController-\u003EprocessPostData(Object(Zend\\Http\\PhpEnvironment\\Request))\n#16 [internal function]: Zend\\Mvc\\Controller\\AbstractRestfulController-\u003EonDispatch(Object(Zend\\Mvc\\MvcEvent))\n#17 \/var\/www\/monarc\/fo\/vendor\/zendframework\/zend-eventmanager\/src\/EventManager.php(490): call_user_func(Array, Object(Zend\\Mvc\\MvcEvent))\n#18 \/var\/www\/monarc\/fo\/vendor\/zendframework\/zend-eventmanager\/src\/EventManager.php(263): Zend\\EventManager\\EventManager-\u003EtriggerListeners(\u0027dispatch\u0027, Object(Zend\\Mvc\\MvcEvent), Object(Closure))\n#19 \/var\/www\/monarc\/fo\/vendor\/zendframework\/zend-mvc\/src\/Controller\/AbstractController.php(118): Zend\\EventManager\\EventManager-\u003EtriggerEventUntil(Object(Closure), Object(Zend\\Mvc\\MvcEvent))\n#20 \/var\/www\/monarc\/fo\/vendor\/zendframework\/zend-mvc\/src\/Controller\/AbstractRestfulController.php(300): Zend\\Mvc\\Controller\\AbstractController-\u003Edispatch(Object(Zend\\Http\\PhpEnvironment\\Request), Object(Zend\\Http\\PhpEnvironment\\Response))\n#21 \/var\/www\/monarc\/fo\/vendor\/zendframework\/zend-mvc\/src\/DispatchListener.php(118): Zend\\Mvc\\Controller\\AbstractRestfulController-\u003Edispatch(Object(Zend\\Http\\PhpEnvironment\\Request), Object(Zend\\Http\\PhpEnvironment\\Response))\n#22 [internal function]: Zend\\Mvc\\DispatchListener-\u003EonDispatch(Object(Zend\\Mvc\\MvcEvent))\n#23 \/var\/www\/monarc\/fo\/vendor\/zendframework\/zend-eventmanager\/src\/EventManager.php(490): call_user_func(Array, Object(Zend\\Mvc\\MvcEvent))\n#24 \/var\/www\/monarc\/fo\/vendor\/zendframework\/zend-eventmanager\/src\/EventManager.php(263): Zend\\EventManager\\EventManager-\u003EtriggerListeners(\u0027dispatch\u0027, Object(Zend\\Mvc\\MvcEvent), Object(Closure))\n#25 \/var\/www\/monarc\/fo\/vendor\/zendframework\/zend-mvc\/src\/Application.php(340): Zend\\EventManager\\EventManager-\u003EtriggerEventUntil(Object(Closure), Object(Zend\\Mvc\\MvcEvent))\n#26 \/var\/www\/monarc\/fo\/public\/index.php(24): Zend\\Mvc\\Application-\u003Erun()\n#27 {main}"}}]}

• https://mathiasbynens.be/notes/mysql-utf8mb4
• https://medium.com/@adamhooper/in-mysql-never-use-utf8-use-utf8mb4-11761243e434
• https://dev.mysql.com/doc/refman/5.7/en/charset-unicode-utf8mb4.html

MySQL utf8 encoding is broken and dangerous for security reasons. The switch seems easy and could be done in the context of developments for the issue #7.

Issue after creation a snapshot. Then in current risk analysis, no operational risk of assets in the library.
If you restore snapshot, the operational risks come back.

The residual risk could be pre-filled with the values of Risk NET

Let the client customize the template of the deliverables. It is preferable to focus first on issue #19 .

I think it would be better to not store template of deliverables on database blob fields.

Storing then on a dedicated folder would ease the customization per analysis.

Add something like:

mysqldump --defaults-file=/home/monarc/credentialsmysql.cnf --databases monarc_common > /home/monarc/dbdump/dump-common.sql
mysqldump --defaults-file=/home/monarc/credentialsmysql.cnf --databases monarc_cli > /home/monarc/dbdump/dump-cli.sql

With credentialsmysql.cnf :

[client]
host     = localhost
user     = root
password = 
socket   = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host     = localhost
user     = root
password = 
socket   = /var/run/mysqld/mysqld.sock
basedir  = /usr

It should be possible to add several tags to a primary assets.

Many of my clients would like to read the JSON extraction file of a MONARC analysis, in order to integrate it into other BIA (Business Impact Analysis) software.
It would be enough to have a simple interface:

• Input : Encrypted JSON file and the password
• Output : The JSON file in clear text.
  What do you thing of taht ?
  CU
  Thierry

It's possible to create a tag in the knowledge base of a risk analysis but it's impossible to attach it in a risk. The application send an error in the console :

angular-common-libs.js:119 TypeError: Cannot read property 'length' of undefined
at AnrKbMgmtCtrl.js:1716
at angular-common-libs.js:132
at m.$eval (angular-common-libs.js:147)
at m.$digest (angular-common-libs.js:144)
at angular-common-libs.js:147
at f (angular-common-libs.js:45)
at angular-common-libs.js:48

In AbstractService.php around line 457 to 525, the historization methods are directly put into the AbstractService.

This doesn't make sense as they are used only in a limited set of services, and can simply be moved into the already existing HistoricalService. The historizeUpdate signature can be changed to add a reference to the calling service in order to call the compareEntities method.

Looking closely, the compareEntities method may even be moved inside the AbstractEntity class itself, as the dependencies can be checked by using is_object/is_array directly on each field - I think regular fields will never be arrays or objects, but I might be wrong there, it needs some recheck.
If the method can be moved, then no need to change historizeUpdate method signature.

Hi,

I would like to translate Monarc in Italian language. It is possibile?

Thank you!

Add an interface in order to translate (new) models of risk analysis.

It's impossible to attach a tag to an operational risk created by an user in the knowledge base.

angular-common-libs.js:119 TypeError: this.items.some is not a function
at e.appendChip (angular-common-libs.js:413)
at e. (angular-common-libs.js:413)
at angular-common-libs.js:16
at angular-common-libs.js:412
at Array.forEach ()
at R (angular-common-libs.js:412)
at angular-common-libs.js:412
at angular-common-libs.js:132
at m.$eval (angular-common-libs.js:147)
at m.$digest (angular-common-libs.js:144)

Hi, when I execute command 'php ./vendor/robmorgan/phinx/bin/phinx seed:run -c ./module/MonarcFO/migrations/phinx.php' I receive this error:

Phinx by Rob Morgan - https://phinx.org. 0.5.5

using config file ./vendor/monarc/frontoffice/migrations/phinx.php
using config parser php
using migration path /var/www/html/monarc/vendor/monarc/frontoffice/migrations/db
using seed path /var/www/html/monarc/vendor/monarc/frontoffice/migrations/seeds
warning no environment specified, defaulting to: cli
using adapter mysql
using database monarc_cli

== AdminUserInit: seeding

[PDOException]
SQLSTATE[42S22]: Column not found: 1054 Unknown column 'creator' in 'field list'

seed:run [-c|--configuration CONFIGURATION] [-p|--parser PARSER] [-e|--environment ENVIRONMENT] [-s|--seed SEED]

Here table list of monarc_cli db:

+-------------------------+
| Tables_in_monarc_cli |
+-------------------------+
| amvs |
| anrs |
| anrs_objects |
| anrs_objects_categories |
| assets |
| clients |
| phinxlog |
+-------------------------+

And when I try to connect to monarc localhost page, I see this message:

php -S 0.0.0.0:8080 -t public/ public/index.php
PHP 7.0.22-0ubuntu0.16.04.1 Development Server started at Sun Nov 19 00:47:53 2017
Listening on http://0.0.0.0:8080
Document root is /var/www/html/monarc/public
Press Ctrl-C to quit.
[Sun Nov 19 00:49:20 2017] PHP Fatal error: Uncaught PDOException: SQLSTATE[42S02]: Base table or view not found: 1146 Table 'monarc_cli.users_roles' doesn't exist in /var/www/html/monarc/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php:77
Stack trace:
#0 /var/www/html/monarc/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOConnection.php(77): PDO->prepare('SELECT u0_.id A...', Array)
#1 /var/www/html/monarc/vendor/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(844): Doctrine\DBAL\Driver\PDOConnection->prepare('SELECT u0_.id A...')
#2 /var/www/html/monarc/vendor/doctrine/orm/lib/Doctrine/ORM/Query/Exec/SingleSelectExecutor.php(50): Doctrine\DBAL\Connection->executeQuery('SELECT u0_.id A...', Array, Array, NULL)
#3 /var/www/html/monarc/vendor/doctrine/orm/lib/Doctrine/ORM/Query.php(321): Doctrine\ORM\Query\Exec\SingleSelectExecutor->execute(Object(Doctrine\DBAL\Connection), Array, Array)
#4 /var/www/html/monarc/vendor/doctrine/orm/lib/Doctrine/ORM/AbstractQuery.php(969): Doctrine\ORM\Query->_doExecute()
#5 /var/www/html/monarc/vendor/doct in /var/www/html/monarc/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/AbstractMySQLDriver.php on line 53

But I do not find any reference to users_roles in more db-bootstrap/*

Any idea?

Thank you!

The generation of the report is broken (at step 3) when a label of an impact contains a character such as '&' or '%'.

A risk analysis in english you can't edit impacts of two same global asset.
Look up in InstanceService.php#L718
Error

{
   "errors":[
      {
         "message":"Name is required",
         "error":"error-exception",
         "exception":{
            "class":"MonarcCore\\Exception\\Exception",
            "file":"\/var\/lib\/monarc\/MonarcAppFO\/vendor\/monarc\/core\/src\/MonarcCore\/Model\/Entity\/AbstractEntity.php",
            "line":192,
            "message":"Name is required",
            "stacktrace":"#0 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/monarc\/core\/src\/MonarcCore\/Service\/InstanceService.php(335): MonarcCore\\Model\\Entity\\AbstractEntity-\u003EexchangeArray(Array)\n
#1 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/monarc\/core\/src\/MonarcCore\/Service\/InstanceService.php(756): MonarcCore\\Service\\InstanceService-\u003EupdateInstance(162, 10143, Array, Array, false)\n
#2 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/monarc\/core\/src\/MonarcCore\/Service\/InstanceService.php(486): MonarcCore\\Service\\InstanceService-\u003EupdateBrothers(162, Object(MonarcFO\\Model\\Entity\\Instance), Array, Array)\n
#3 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/monarc\/core\/Module.php(54): MonarcCore\\Service\\InstanceService-\u003EpatchInstance(162, 10162, Array, Array, true)\n
#4 [internal function]: MonarcCore\\Module-\u003EMonarcCore\\{closure}(Object(Zend\\EventManager\\Event))\n
#5 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/zendframework\/zend-eventmanager\/src\/EventManager.php(490): call_user_func(Object(Closure), Object(Zend\\EventManager\\Event))\n
#6 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/zendframework\/zend-eventmanager\/src\/EventManager.php(214): Zend\\EventManager\\EventManager-\u003EtriggerListeners(\u0027patch\u0027, Object(Zend\\EventManager\\Event), NULL)\n
#7 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/monarc\/core\/src\/MonarcCore\/Service\/InstanceConsequenceService.php(234): Zend\\EventManager\\EventManager-\u003Etrigger(\u0027patch\u0027, NULL, Array)\n
#8 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/monarc\/core\/src\/MonarcCore\/Service\/InstanceConsequenceService.php(77): MonarcCore\\Service\\InstanceConsequenceService-\u003EupdateInstanceImpacts(81327, false)\n
#9 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/monarc\/core\/src\/MonarcCore\/Service\/InstanceService.php(785): MonarcCore\\Service\\InstanceConsequenceService-\u003EpatchConsequence(81327, Array, true, true)\n
#10 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/monarc\/core\/src\/MonarcCore\/Service\/InstanceService.php(342): MonarcCore\\Service\\InstanceService-\u003EupdateConsequences(162, Array, true)\n
#11 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/monarc\/frontoffice\/src\/MonarcFO\/Controller\/ApiAnrInstancesController.php(50): MonarcCore\\Service\\InstanceService-\u003EupdateInstance(162, 10162, Array)\n
#12 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/zendframework\/zend-mvc\/src\/Controller\/AbstractRestfulController.php(425): MonarcFO\\Controller\\ApiAnrInstancesController-\u003Eupdate(\u002710162\u0027, Array)\n
#13 [internal function]: Zend\\Mvc\\Controller\\AbstractRestfulController-\u003EonDispatch(Object(Zend\\Mvc\\MvcEvent))\n
#14 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/zendframework\/zend-eventmanager\/src\/EventManager.php(490): call_user_func(Array, Object(Zend\\Mvc\\MvcEvent))\n
#15 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/zendframework\/zend-eventmanager\/src\/EventManager.php(263): Zend\\EventManager\\EventManager-\u003EtriggerListeners(\u0027dispatch\u0027, Object(Zend\\Mvc\\MvcEvent), Object(Closure))\n
#16 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/zendframework\/zend-mvc\/src\/Controller\/AbstractController.php(118): Zend\\EventManager\\EventManager-\u003EtriggerEventUntil(Object(Closure), Object(Zend\\Mvc\\MvcEvent))\n
#17 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/zendframework\/zend-mvc\/src\/Controller\/AbstractRestfulController.php(300): Zend\\Mvc\\Controller\\AbstractController-\u003Edispatch(Object(Zend\\Http\\PhpEnvironment\\Request), Object(Zend\\Http\\PhpEnvironment\\Response))\n
#18 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/zendframework\/zend-mvc\/src\/DispatchListener.php(118): Zend\\Mvc\\Controller\\AbstractRestfulController-\u003Edispatch(Object(Zend\\Http\\PhpEnvironment\\Request), Object(Zend\\Http\\PhpEnvironment\\Response))\n
#19 [internal function]: Zend\\Mvc\\DispatchListener-\u003EonDispatch(Object(Zend\\Mvc\\MvcEvent))\n
#20 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/zendframework\/zend-eventmanager\/src\/EventManager.php(490): call_user_func(Array, Object(Zend\\Mvc\\MvcEvent))\n
#21 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/zendframework\/zend-eventmanager\/src\/EventManager.php(263): Zend\\EventManager\\EventManager-\u003EtriggerListeners(\u0027dispatch\u0027, Object(Zend\\Mvc\\MvcEvent), Object(Closure))\n
#22 \/var\/lib\/monarc\/MonarcAppFO\/vendor\/zendframework\/zend-mvc\/src\/Application.php(340): Zend\\EventManager\\EventManager-\u003EtriggerEventUntil(Object(Closure), Object(Zend\\Mvc\\MvcEvent))\n
#23 \/var\/lib\/monarc\/MonarcAppFO\/public\/index.php(24): Zend\\Mvc\\Application-\u003Erun()\n
#24 {main}"
         }
      }
   ]
}

And Zend Framework related libraries.

If you have a risk analysis in english, you must enter the comment twice to get the correct field in DB.
See code below, comment1 is hardcoded.

Same bug adding impact scale column.

ng_anr/src/Anrservice.js:278
var createScaleComment = function (anr_id, scale_id, row, comment, type_impact_id, success, error) {
new self.ScalesCommentResource({anrId: anr_id, scaleId: scale_id, val: row, scaleImpactType: type_impact_id, comment1: comment}).$save(success, error);

ng_anr/src/Anrservice.js:261
var createScaleType = function (anr_id, scale_id, label1, success, error) {
new self.ScalesTypesResource({anrId: anr_id, anr: anr_id, scale: scale_id, label1: label1, isHidden: false, isSys: false, implicitPosition: 2}).$save(success, error);
};

it would be interesting to include this for larger companies so they could easily manage resources.

this would help:
https://framework.zend.com/manual/1.10/en/zend.auth.adapter.ldap.html

In AbstractService.php around line 677 to 733, the risk calculation methods are directly put as methods.

This doesn't make sense as they are used only in a limited set of services, and should be moved into a separate (helper) class as static methods, as they don't require a specific state nor a specific entity.

Did i do something wrong or is here a configuration step missing in your readme ?

When a user tries to use the "Mot de passe oublié ?" it always sends the emails to [email protected] instead of the email address the user entered.

2017-06-16 15:08:13 1dLqyw-00008N-Ib => [email protected] R=smarthost T=remote_smtp_smarthost H=******* [xxx.xxx.xxx.xxx] X=TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256 CV=no DN="CN=*****" C="250 2.6.0 <E1dLqyw-00008N-Ib@******> [InternalId=76982993813521, Hostname=********] 3260 bytes in 0.102, 31,063 KB/sec Queued mail for delivery"
2017-06-16 15:08:13 1dLqyw-00008N-Ib Completed

Currently, the MonarcAppFO/MonarcAppBO repositories (which basically are skeletons) contains all the required dependencies for the entire app, including the ones that are actually only required by the zm_core/zm_[client|backoffice] repositories.
Dependencies should be atomic, and the skeletons should only contain dependencies on zm_client or zm_backoffice, which in turn should depend on zm_core and other dependencies.

There is a Type in the readme and some important missing informations about use rights on data directory.

Sadly PR #9 has been merged without considering my remarks. So i open this issue to not forget these corrections.

You find details in the now merged PR #9

Reviewing the current initial SQL dump (monarc-common.sql) and the overall structure, here is a series of recommendations (from short-term to long-term):

• The initial database file should be separated in two parts: the schema creation from the data itself (two files should be create like monarc-common.sql - monarc-data.sql)
• Consistency of description fields (what are the default constraints? NOT NULL or empty?)
• What is the default type for description? text? longtext or varchar(255) this can have an impact on indexing
• The current SQL dump is basically a raw dump and needs to be clean-up (initial AUTO_INCREMENT= values should not be there)
• Fixing the field name international English
• Having a single repository for the database (what's the differences between all the various dumps like https://github.com/CASES-LU/MonarcAppBO/tree/master/db-bootstrap versus MonarcAppFO) to simplify the management
• Simplify the data model - remove the 1,2,3,4 stuff and make a proper translation table
• Use meaningful names (e.g. confidentiality, integrity and availability instead of single characters)
• Rethinking the indexes (based on what is really searches from the application) especially that the current model only relies on foreign keys
• Separate template/docx document from the database and put in a separate directory/file
• Create JSON files instead of SQL files for the initial population (to allow external contribution)
• Rethinking the table structure and make it simpler

Feature for importing external files to DB

When using exim4, recovery emails are always sent to [email protected] see #10 .
It is working as expected with postfix.
The field seems to be appropriately set (https://github.com/CASES-LU/zm-core/blob/981128d68b8f3dac885a846cef40566032f268ee/src/MonarcCore/Service/MailService.php#L38). Sh should investigate on the Zend\Mail usage.

In a primary asset when we detach a tag from a primary asset, the associated risks are not deleted in the risk analysis. But they are deleted in the library.

The best solution is to change them in additional risk (blue risks), and the user can after deletes them.

Bug when you duplicate an asset and then you edit the name.
Couldn't re-duplicate the last asset.
See. https://github.com/monarc-project/zm-core/blob/5f2756e589665507e952c8616a506f8d87b455f8/src/MonarcCore/Service/ObjectService.php#L908

When we are importing an object from MONARC database, there are no sort or search filter on this list which begin to be huge.

Add the possibility to check the security log of important events involving a risk analysis.
Such as:

• risk analysis access log,
• modification of risks,
• any other important records to be logged as well (to determine).

Also take into account: #363.

I cannot start Your app because there is no manual

The category of the operational risk is not use and usefull.

Hi,

is possibile to use a login token to login in in Monarc? I would like to use my intranet login to automate login in Monarc.

Thank you!

When the scales have not been fixed : point 1.4 ticked in the method, it should be normal to block the probability in the threat assessment (no edition available) because this point uses the scales defined in 1.4 (2 steps after).
When we ticked the 1.4 in the method, we can now edit the probability of the threat because we know the scales.

Include:

• History table
• Implementation of the risk treatment plan

When creating a new user in MONARC it should be mandatory to select a level of permissions/roles for this user.
If a user is created without any permissions, he will get a blank screen after a successful login.

Autocomplete threats and vulnerabilities
Like when being create a risk in the DB (https://github.com/monarc-project/ng-anr/blob/master/views/create.amvs.html#L43)

Hello,
try to create a simple asset with existing object

• Service
  • Front Office
  • Back Office
  • Obligation legal GDPR

Export analysis (Focus on Service), no password, only the model
Try to import the asset in a existant analysis.
Nothing is imported.
Don't hesitate for more détails
CU
Thierry Petitgenet

The following scenario is not working :

1. Create a risk analysis (RA)
2. Put the asset "service" in the RA
3. Create a new Operational Risk on "service"

It doesn't work

Specifications of the feature.

Update the version of Angular used and also the JavaScript requirements for the related projects:

• ng-anr
• ng-client
• ng-backoffice

in /home/ubuntu/monarc/vendor/monarc/frontoffice/src/MonarcFO/Service/AnrService.php on line 479

//Link tags
$indexTagRisk = 0;
$listTagrisk = [];
foreach ($rolfRisk->tags as $key => $tag) {
    if (!empty($rolfTagsNewIds[$tag->id])) {
        $listTagrisk[i]=$rolfTagsNewIds[$tag->id];
        $indexTagRisk++;
    }
}

the variable 'i' used as index for the table listTagrisk is not declared