I built a Vendor Risk Management app.
I’m not a software engineer by training. My background is in IT administration, infrastructure, operations, security, and risk management. But over the years, I kept seeing the same problem: vendor risk programs were often spread across shared drives, spreadsheets, emails, and inconsistent review processes. And when looking for the evidence everything became a scramble vs being in a simple single location.
So in my recent downtime form the day to day office life, I started building one.
That meant late nights, a lot of trial and error, and learning the hard way how software actually gets built. It also meant breaking things, fixing them, and figuring out why they broke in the first place. None of that was glamorous, but it was real learning.
The result is a self-hosted Vendor Risk Assessment web app. It runs in your environment, keeps your data in your control, and avoids the recurring SaaS costs that can be hard to justify for smaller or leaner teams.
It includes:
- A vendor catalog.
- Risk scoring across five domains with configurable weights.
- Structured due diligence questionnaires.
- Review cycle tracking.
- Compliance document storage with expiration alerts.
- An immutable audit trail.
- Bulk import from spreadsheets.
I built it with React, Node.js, PostgreSQL, and Prisma, choosing tools with strong documentation and community support because I was learning as I went.
What surprised me most is how much this journey reflected risk management itself: evaluate carefully, make good decisions, document clearly, and know when to step back and rebuild.
The app is live, I am sharing the project link and in addition to a demo environment seeded with sample vendors so you can see it in action.
If you manage vendor risk, I’d love to hear what you think. If you’re a developer and want to contribute, even better. And if you just want to explore the demo and share feedback, that would mean a lot too.
Project link: https://jermsmit.github.io/vendor-risk-marketing/