Automotive Risk Management Web Portal
R&R is a full-stack web application that replaces spreadsheet-based risk tracking with a structured, auditable risk lifecycle across automotive programs.
Functional Topic & Business Objective
Risk management and process automation for automotive programs, replacing manual tracking with a structured and auditable risk lifecycle.
Replace spreadsheet tracking with a system that logs, assesses, and manages risks end-to-end, with clear ownership and a built-in audit trail.
Industry
| Client | Automotive (German OEM) |
|---|---|
| Segment | Enterprise - Automotive Programme Management |
| Platform | Web Application (internal portal, full-stack) |
Problem Statement
- No single place to see all risks and current status across programs
- No consistent process for assessing risks or documenting decisions
- Ownership was unclear, with limited accountability tracking
- Audit trails required manual collection from email and file shares
- Different roles required different visibility levels that spreadsheets could not support
Our Role & Contribution
- Designed the backend as a clean four-module Gradle structure (api, application, domain, infrastructure)
- Built the React frontend as an SPA with Vite for performance
- Implemented authentication with Keycloak and JWT, including role and attribute-based access control
- Set up Bamboo CI with SonarQube quality gates on every branch
- Integrated Bitbucket, JFrog Artifactory, and Kubernetes/Helm in the client Devstack
- Documented REST APIs with SpringDoc/SwaggerUI for independent frontend delivery
- Targeted 90% code coverage with unit and integration testing by layer
Solution Overview
R&R manages the complete risk lifecycle. Users raise, assess, and categorize risks, assign ownership, attach documents, and track them through closure. Access is controlled by role and attribute-based policies via Keycloak and JWT.
The backend uses Spring Boot with Kotlin and a strict four-module Gradle structure. Database changes are managed with Flyway migrations, and file attachments are stored in MinIO for S3-compatible object storage.
The React 18 frontend is built with Vite and TypeScript. MSW enables UI work against mocked APIs so teams move in parallel without waiting for backend endpoints.
Technology Stack
| Backend | Spring Boot, Kotlin, Gradle (multi-module), MySQL 8, Hibernate, Flyway |
|---|---|
| Frontend | React 18, Vite, TypeScript, Node.js v24 LTS, MSW, npm |
| Storage | MinIO (S3-compatible object storage) |
| Authentication | Keycloak / JWT with role and attribute-based access control |
| API Documentation | SpringDoc / SwaggerUI |
| Testing | JUnit 5, Mockito, JaCoCo (90%+ coverage target) |
| Code Quality | SonarQube (enforced in CI pipeline) |
| DevOps | Docker, Helm, Kubernetes |
| CI | Bamboo |
| Source Control | Bitbucket (SSH) |
| Artefact Registry | JFrog Artifactory (internal mirror) |
Delivery Context
| Environment | Client internal Devstack infrastructure |
|---|---|
| Team Setup | Distributed team with frontend and backend streams running in parallel |
| Stakeholder Collaboration | Worked closely with stakeholders to define access control rules and risk workflow requirements |
| Development Approach | Iterative delivery with MSW to decouple frontend and backend progress |
| Infrastructure Constraint | All dependencies routed through JFrog Artifactory, no external internet access |
Implementation Scope
- Greenfield build replacing manual processes with a production-grade web application
- Full backend builds across four Gradle modules with layered architecture
- New React 18 frontend replacing a legacy Create React App setup
- CI/CD pipeline from build to deployment via Docker and Helm
- Environment-specific Helm configuration for multiple deployments
- Flyway-managed database schema with versioned migrations
- REST API documented and available through SwaggerUI
Key Achievements & Business Impact
- Centralized, structured risk portal across automotive programs
- Built-in audit trail from creation to closure
- Granular access control by role and attribute
- 90%+ code coverage enforced in CI with SonarQube gates
- MSW enabled parallel delivery without blocking
- Flyway ensured consistent schema rollout across environments
- Kubernetes and Helm deployment ready to scale
Differentiators & Highlights
- Four-module backend architecture kept concerns isolated and tests fast
- Testing split by layer with unit and integration suites enforced in CI
- MSW mocks doubled as API contracts for the UI team
- Entire delivery ran inside Devstack with no external service dependencies
- SpringDoc/SwaggerUI enabled self-service API documentation
- Clear requirements allowed strong technical decisions early
