A streamlined Digital Sovereignty assessment tool focused on providing organizations with a quick and actionable readiness evaluation.
This tool helps organizations evaluate their digital sovereignty posture across 7 critical domains in just 10-15 minutes. Upon completion, you can download a PDF report for sharing with internal teams or stakeholders.
The name "viewfinder" reflects the tool's purpose as a lens into your organization's sovereignty posture — giving civil society organisations, IT and business leaders a clear, focused view across 7 critical domains. The repository name viewfinder-upstream follows Red Hat's open-source model: "upstream" is the pure, self-hosted codebase (this repo), while "downstream" is the branded version hosted on Red Hat's website. Running the upstream version means all assessment data stays in your browser — nothing is sent to Red Hat or third parties.
For more background:
- Digital Sovereignty Is Illusory Without Open Source and a Trusted Supply Chain
- Introducing the Red Hat Sovereignty Readiness Assessment Tool
For adding or updating custom assessment questions, see Adding Custom Questions.
Prerequisite: Requires Docker & Docker Compose.
git clone https://github.com/Sinar/dsra.git
cd dsra
docker compose up -d --buildThen open http://localhost:8080
For local development without Docker (composer, PHP built-in server), see the Local Installation Runbook.
The landing page features the Digital Sovereignty Readiness Assessment.
The assessment questionnaire presents 21 questions across 7 domains with Yes/No/"Don't Know" response options. Progress is auto-saved to browser storage.
Comprehensive results display showing scoring, maturity level, domain analysis, and actionable recommendations.
Professional PDF report with scores, domain breakdown, maturity level assessment, and tailored improvement actions.
- Quick Assessment: Complete evaluation in 10-15 minutes
- 7 Critical Domains: Comprehensive coverage across:
- Data Sovereignty
- Technical Sovereignty
- Operational Sovereignty
- Assurance Sovereignty
- Open Source Strategy
- Executive Oversight
- Managed Services
- 21 Key Questions: 2-3 targeted questions per domain
- 9 Industry Profiles: Balanced, Financial Services, Healthcare, Government, Technology/SaaS, Manufacturing, Telecom, Energy, and Custom with domain-specific weighting
- Custom Profile Builder: Adjustable domain weight sliders for tailored assessments
- Multiple Response Options: Yes/No/"Don't Know" format
- Instant Scoring: Real-time maturity level calculation
- Maturity Levels: Foundation, Developing, Strategic, Advanced
- Actionable Recommendations: Tailored guidance based on assessment results
- Research Questions: Track "Don't Know" responses for follow-up investigation
- PDF Export: Professional downloadable reports
- Progress Auto-Save: Browser-based session persistence
- Keyboard Navigation: Arrow keys for quick navigation, Ctrl+S to save
- Privacy-First: No data collected or stored server-side; all progress persisted in browser localStorage
-
Clone the repository:
git clone https://github.com/Sinar/dsra.git cd dsra -
Build and run with Docker Compose:
docker compose up -d --build
-
Access the application:
http://localhost:8080Note: Image and container names currently use
viewfinder-upstreamfor upstream compatibility. These will be updated in a future release after internal packages are migrated.
docker build -t viewfinder-upstream:latest .
docker run -d -p 8080:8080 --name viewfinder-upstream viewfinder-upstream:latest# Example: Building for both amd64 and arm64
docker buildx build -t viewfinder-upstream:latest . --platform linux/amd64,linux/arm64# Stop the container
docker stop viewfinder-upstream
# Remove the container
docker rm viewfinder-upstream
# View logs
docker compose logs -fFor local deployment without Docker using PHP, Apache/Nginx, and Composer directly, see the Local Installation Runbook.
VirtualHost Example (/etc/httpd/conf.d/dsra.conf):
<VirtualHost *:80>
ServerName dsra.example.com
DocumentRoot /var/www/html/dsra
<Directory /var/www/html/dsra>
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
# Security headers
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
</Directory>
# Logging
ErrorLog /var/log/httpd/dsra-error.log
CustomLog /var/log/httpd/dsra-access.log combined
</VirtualHost>Server Block Example (/etc/nginx/conf.d/dsra.conf):
server {
listen 80;
server_name dsra.example.com;
root /var/www/html/dsra;
index index.php;
# Security headers
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# Deny access to sensitive files
location ~ /\. {
deny all;
}
# Logging
access_log /var/log/nginx/dsra-access.log;
error_log /var/log/nginx/dsra-error.log;
}dsra/
├── index.php # Landing page
├── composer.json # PHP dependencies
├── docker-compose.yml # Docker Compose configuration
├── Dockerfile # Container build configuration
├── README.md # This file
├── RUNBOOK.md # Local installation runbook
│
├── ds-qualifier/ # Digital Sovereignty Readiness Assessment
│ ├── index.php # Assessment questionnaire interface
│ ├── results.php # Results and recommendations page
│ ├── config.php # Questions configuration
│ ├── profiles.php # Industry weighting profiles
│ ├── generate-pdf.php # PDF report generator
│ ├── css/
│ │ └── ds-qualifier.css # Assessment-specific styles
│ └── js/
│ └── ds-qualifier.js # Interactive features & auto-save
│
├── includes/ # Core backend classes
│ ├── Config.php # Application configuration
│ ├── Security.php # Security utilities
│ ├── Logger.php # Logging functionality
│ └── Exceptions/ # Custom exception classes
│ ├── ViewfinderException.php
│ ├── FileSystemException.php
│ ├── DataValidationException.php
│ ├── ConfigurationException.php
│ └── ViewfinderJsonException.php
│
├── css/ # Shared stylesheets
│ ├── bootstrap.min.css # Bootstrap framework
│ ├── brands.css # Font Awesome brands
│ ├── style.css # Main application styles
│ ├── tab-dark.css # Dark theme tab styling
│ ├── patternfly.css # Red Hat PatternFly design system
│ └── patternfly-addons.css # PatternFly extensions
│
├── images/ # Images and logos
│ └── screenshots/ # Documentation screenshots
│ ├── landing-page-balanced.png
│ ├── landing-page-financial.png
│ ├── landing-page-custom.png
│ ├── assessment-page.png
│ ├── results-page1.png
│ ├── results-page2.png
│ ├── results-page3.png
│ ├── pdf-report-sample.png
│ └── cmmi-levels.png
│
├── error-pages/ # Error handling pages
│ ├── error-handler.php
│ └── templates/
│ ├── system-error.php
│ ├── validation-error.php
│ ├── file-not-found.php
│ └── json-error.php
│
├── .github/ # GitHub configuration
│ ├── workflows/
│ │ └── build-image.yml # CI/CD pipeline
│ └── dependabot.yml # Dependency updates
│
├── logs/ # Application logs (created at runtime)
│
└── vendor/ # Composer dependencies (created by composer install)
Navigate to the root URL to access the landing page featuring the Digital Sovereignty Readiness Assessment card.
- Select Profile: Choose from 9 industry profiles or create a custom weighting
- Start Assessment: Click "Start Assessment" button to begin
- Answer Questions: Progress through 7 domains
- Use Next/Previous buttons to navigate
- Answer Yes/No or select "Don't Know" for uncertain items
- Questions are validated before proceeding
- Progress auto-saves to browser storage
- Submit: Click "Complete Assessment" on the final section
- View Results: Review your maturity level and recommendations
- Download Report: Generate PDF report for stakeholders
- Take New Assessment: Start fresh assessment anytime
The assessment uses a 4-level maturity model based on the Capability Maturity Model Integration (CMMI) framework.
Based on your score (0-21 points):
-
Foundation (0-5 points): Early-stage maturity
- Ad-hoc processes with minimal sovereignty controls
- Significant dependencies on external providers
- Focus: Establish executive awareness and basic policies
-
Developing (6-10 points): Growing maturity
- Basic controls are in place but not yet standardized
- Projects are planned but processes may not be repeatable organization-wide
- Focus: Build repeatable practices and implement foundational controls
-
Strategic (11-16 points): Mature posture
- Processes are well characterized, understood, documented, and standardized
- Digital sovereignty practices are consistent and repeatable across the organization
- Clear governance structures and policies are in place
- Focus: Ensure organization-wide consistency and pursue certifications
-
Advanced (17-21 points): Leading maturity
- Continuous improvement through quantitative feedback and innovation
- Proactive identification and deployment of innovative sovereignty practices
- Industry-leading posture with thought leadership contributions
- Focus: Drive innovation and lead industry best practices
- Score Breakdown: Percentage-based maturity indicator
- Domain Analysis Table: Shows score and maturity level per domain
- Progress bars show percentage completion per domain
- Improvement Actions: Recommended next steps based on maturity level
- Domain Insights: Detailed view of strengths and improvement areas
- Research Questions: "Don't Know" responses flagged for further investigation
Edit includes/Config.php to modify:
- Application name and version
- Base paths
- Error handling settings
- Security configuration
Edit ds-qualifier/config.php to customize:
- Question text
- Domain definitions
- Tooltips and help text
Edit ds-qualifier/profiles.php to customize:
- Domain weighting multipliers
- Profile names and descriptions
- PHP: ^8.1
- Extensions: ext-json
- monolog/monolog (^3.5): Logging framework
- dompdf/dompdf (^3.1): PDF report generation
- jQuery 3.6.0
- jQuery UI 1.13.2
- Font Awesome 8.x
- Bootstrap (included locally)
- PatternFly (included locally)
- Input Validation: Comprehensive sanitization of all user inputs
- CSRF Protection: Session-based CSRF token validation
- Secure Headers: X-Content-Type-Options, X-Frame-Options, X-XSS-Protection
- Path Traversal Prevention: Secure file path handling
- Error Logging: Detailed logging without exposing sensitive data
- Session Timeout: Automatic session expiration (1 hour)
- Secure File Operations: Atomic file writes with rollback capability
| Feature | Full Viewfinder | DSRA |
|---|---|---|
| Profile Management | ✓ | ✗ |
| Full Maturity Assessments | ✓ | ✗ |
| Readiness Assessment | ✓ | ✓ |
| Digital Sovereignty Quiz | ✓ | ✗ |
| Operation Sovereign Shield | ✓ | ✗ |
| Compliance Framework Mapping | ✓ | ✗ |
| Line of Business Content | ✓ | ✗ |
| Approximate Size | ~100+ MB | ~60-65 MB |
Issue: Port 8080 already in use
sudo lsof -i :8080Or change the host port in docker-compose.yml (e.g., "8081:8080").
Issue: Container name already exists
docker stop viewfinder-upstream
docker rm viewfinder-upstream
docker compose up -dIssue: Container exits immediately
docker compose logs -f
docker compose up -d --buildIssue: PDF generation fails
docker compose exec viewfinder composer show dompdf/dompdf
docker compose up -d --buildIssue: Viewing logs
docker compose logs -f
docker compose logs viewfinder- Edit
ds-qualifier/config.php - Add questions to the appropriate domain
- Follow the existing format:
'questions' => [ [ 'id' => 'unique-id', 'text' => 'Your question text?', 'tooltip' => 'Helpful explanation' ] ]
- Main application: Edit
css/style.css - Assessment interface: Edit
ds-qualifier/css/ds-qualifier.css - Dark theme: Edit
css/tab-dark.css
Edit ds-qualifier/results.php to adjust:
- Score thresholds
- Maturity level names
- Recommendations per level
This is a community-supported open source project. For issues, questions, or feature requests:
- GitHub Issues: https://github.com/Sinar/dsra/issues
- GitHub Discussions: https://github.com/Sinar/dsra/discussions
Apache-2.0 License
This application is provided for informational purposes only. The information is provided "as is" with no guarantee or warranty of accuracy, completeness, or fitness for a particular purpose. Users should conduct their own validation and testing before relying on assessment results for decision-making.
Digital Sovereignty Readiness Assessment (DSRA) - Streamlined Digital Sovereignty Readiness Assessment
Version: 1.0.0