Automation

Execute custom PHP automation logic on module events such as creation, updates, or status changes.

  • Documentation
  • Duration3m 33s
  • LanguagesEN

Introduction

Automations in eramba allow users to run custom PHP code directly within eramba. The code is provided by the user and can include Composer dependencies. Automations give full control over what runs and when, without predefined workflows or fixed integrations.

Automations can run on a schedule (for example, daily) or in response to user-defined scenarios, such as when an item is created, edited, or when a specific attribute changes.

They are mainly used for integrating eramba with external systems, but can also execute any programmatic task, including validations, custom processing, or advanced use cases like using an LLM to review policies for spelling or consistency issues.

Examples

This chapter shows practical ways to use automations:

  • Automatically test internal controls by connecting to AWS and verifying that storage volumes are encrypted

  • Automatically review policies and procedures for spelling or formatting issues using an LLM

  • Regularly sync Jira projects with eramba Projects (one-way or bi-directional)

  • Pull assets from a CMDB and keep them synchronized in eramba

  • Create or update tickets in an ITSM tool when risks, incidents, or control failures are detected in eramba

  • Push compliance or risk status from eramba into BI or reporting platforms for centralized dashboards

  • Run a custom risk calculation after a Risk is saved, using parameters from eramba and external systems

  • Parse online assessment responses and automatically create Third Party Risks

Supported Versions

Automations run on both on-premise and cloud deployments and are available Enterprise only.

Each Enterprise installation is limited to a maximum of five automation scripts across all modules. To protect system stability, automations are subject to enforced limits on execution time, network usage, and file storage.

Scope

Automations are available only in selected modules. Support will be expanded to additional modules over time, with the long-term goal of covering all modules.

You can verify whether automations are enabled for a module by opening the module and checking the Common Features menu. If Automation is listed, the module supports automations.

Core Concepts

The following is a detailed list of key concepts you need to understand in order to manage automations:

  • Automations are available only in certain modules (for example, Internal Controls). Not all modules support automations.
  • Automations may also be available at the sub-module level (for example, Internal Controls / Audits).
  • One or more automations can be created, subject to the global automation limit.
  • Automation code must be written in the latest stable version of PHP.
  • Each automation consists of:
    • an optional Composer configuration
    • a mandatory execution script
  • Automations can run in two modes:
    • Event-driven, triggered by a specific event
    • Scheduled, running at regular intervals
  • Event-driven automations are executed through the notification system:
    • a Dynamic Status is defined (optional)
    • the status is linked to a Notification
    • the notification is configured to run an Automation instead of sending an email or webhook

  • When an event triggers an automation, the automation can access the affected item’s attributes (such as ID, name, and other fields) through macros, which can be used directly in the PHP code.
  • An event-driven automation can:
    • update attributes of the triggering item (for example, mark an Internal Control / Audit as passed or failed)
    • create additional items within the same module or sub-module (for example, create new audit records under Internal Controls / Audits)
  • Automations can write data to the filesystem, but only to a single, predefined file name assigned to each automation.
  • This file can be accessed by automations across different modules.
  • File storage is subject to a maximum size limit.
  • This mechanism can be used to share data between automations, for example by maintaining a company roster file that multiple automations use for account reviews.
  • Automation secrets can be stored under System / Settings and referenced by automation scripts, avoiding hardcoded credentials or tokens.
  • Automation scripts can be tested before being enabled for production use.
  • Each automation has a unique hash generated from its content, allowing execution changes to be tracked over time.
  • Every automation execution generates logs, capturing both STDOUT and STDERR output.
  • Automations run inside a dedicated, hardened container.
  • Only outgoing TCP connections on ports 80 and 443 are allowed, subject to bandwidth limits.
  • The number of concurrent TCP connections from the container is limited to prevent flooding or denial-of-service scenarios.

Implementation

Scenario Definition

tbd

Coding

tbd

Create Automation

tbd

Test Automation

tbd

Debug

tbd