Directories
¶
| Path | Synopsis |
|---|---|
|
Package baseline reads and writes the baseline file that the v0.6 drift workflow compares against.
|
Package baseline reads and writes the baseline file that the v0.6 drift workflow compares against. |
|
checks
|
|
|
aws
Package aws holds the AWS check implementations.
|
Package aws holds the AWS check implementations. |
|
digitalocean
Package digitalocean holds the DigitalOcean check implementations.
|
Package digitalocean holds the DigitalOcean check implementations. |
|
gcp
Package gcp holds the GCP check implementations.
|
Package gcp holds the GCP check implementations. |
|
hetzner
Package hetzner holds Hetzner Cloud check implementations.
|
Package hetzner holds Hetzner Cloud check implementations. |
|
k8s
Package k8s holds the Kubernetes check catalog.
|
Package k8s holds the Kubernetes check catalog. |
|
linux
Package linux holds the Linux check implementations.
|
Package linux holds the Linux check implementations. |
|
Package cli contains the cobra command tree for the compliancekit binary.
|
Package cli contains the cobra command tree for the compliancekit binary. |
|
collectors
|
|
|
aws
Package aws is the AWS Collector.
|
Package aws is the AWS Collector. |
|
cloudcommon
Package cloudcommon contains the cross-cloud abstractions every cloud collector reuses: account/region resource attribution helpers, the per-cloud Resource ID convention, and the per-cloud Region listing protocol.
|
Package cloudcommon contains the cross-cloud abstractions every cloud collector reuses: account/region resource attribution helpers, the per-cloud Resource ID convention, and the per-cloud Region listing protocol. |
|
digitalocean
Package digitalocean is the DigitalOcean Collector.
|
Package digitalocean is the DigitalOcean Collector. |
|
gcp
Package gcp is the Google Cloud Platform Collector.
|
Package gcp is the Google Cloud Platform Collector. |
|
hetzner
Package hetzner is the Hetzner Cloud Collector.
|
Package hetzner is the Hetzner Cloud Collector. |
|
k8s
Package k8s is the Kubernetes collector.
|
Package k8s is the Kubernetes collector. |
|
linux
Package linux is the Linux SSH collector (v0.2+).
|
Package linux is the Linux SSH collector (v0.2+). |
|
Package config defines the parsed shape of compliancekit.yaml and the loader that populates it.
|
Package config defines the parsed shape of compliancekit.yaml and the loader that populates it. |
|
Package core defines the value types and interfaces shared across the compliancekit codebase: Severity, Status, Resource, ResourceGraph, Finding, Check, Collector, Evaluator, and the check registry.
|
Package core defines the value types and interfaces shared across the compliancekit codebase: Severity, Status, Resource, ResourceGraph, Finding, Check, Collector, Evaluator, and the check registry. |
|
Package diff classifies a current scan's findings against a previously captured baseline.
|
Package diff classifies a current scan's findings against a previously captured baseline. |
|
Package engine orchestrates a scan: it runs Collectors to populate the ResourceGraph, then drives the check Registry to produce Findings.
|
Package engine orchestrates a scan: it runs Collectors to populate the ResourceGraph, then drives the check Registry to produce Findings. |
|
Package evidence assembles an audit-ready folder from a set of scan findings.
|
Package evidence assembles an audit-ready folder from a set of scan findings. |
|
Package frameworks loads compliance framework definitions from embedded YAML files and exposes them for the reporters and the `checks list` / `checks show` commands.
|
Package frameworks loads compliance framework definitions from embedded YAML files and exposes them for the reporters and the `checks list` / `checks show` commands. |
|
Package ingest reads findings produced by external security tools (Trivy, Checkov, KICS, AWS Security Hub, GCP SCC, Defender, …) and projects them onto compliancekit's resource graph + framework catalog.
|
Package ingest reads findings produced by external security tools (Trivy, Checkov, KICS, AWS Security Hub, GCP SCC, Defender, …) and projects them onto compliancekit's resource graph + framework catalog. |
|
checkov
Package checkov implements a native-JSON ingest adapter for Checkov (bridgecrewio/checkov) output.
|
Package checkov implements a native-JSON ingest adapter for Checkov (bridgecrewio/checkov) output. |
|
gitleaks
Package gitleaks implements a native-JSON ingest adapter for gitleaks (gitleaks/gitleaks) output.
|
Package gitleaks implements a native-JSON ingest adapter for gitleaks (gitleaks/gitleaks) output. |
|
grype
Package grype implements a native-JSON ingest adapter for Anchore Grype (anchore/grype) output.
|
Package grype implements a native-JSON ingest adapter for Anchore Grype (anchore/grype) output. |
|
ocsf
Package ocsf implements the OCSF (Open Cybersecurity Schema Framework) v1.x ingest adapter for compliancekit.
|
Package ocsf implements the OCSF (Open Cybersecurity Schema Framework) v1.x ingest adapter for compliancekit. |
|
oscal
Package oscal implements the OSCAL (Open Security Controls Assessment Language) Catalog ingest adapter for compliancekit.
|
Package oscal implements the OSCAL (Open Security Controls Assessment Language) Catalog ingest adapter for compliancekit. |
|
sarif
Package sarif implements the SARIF 2.1.0 ingest adapter for compliancekit.
|
Package sarif implements the SARIF 2.1.0 ingest adapter for compliancekit. |
|
trivy
Package trivy implements a native-JSON ingest adapter for Trivy (aquasecurity/trivy) output.
|
Package trivy implements a native-JSON ingest adapter for Trivy (aquasecurity/trivy) output. |
|
Package profile is the v0.6 named-subset-of-checks abstraction.
|
Package profile is the v0.6 named-subset-of-checks abstraction. |
|
Package remediate generates structured fix-it artifacts (Terraform blocks, kubectl patches, cloud-CLI commands, Ansible plays, Helm overlays, bash one-liners) from compliancekit Findings.
|
Package remediate generates structured fix-it artifacts (Terraform blocks, kubectl patches, cloud-CLI commands, Ansible plays, Helm overlays, bash one-liners) from compliancekit Findings. |
|
ansible
Package ansible implements remediate.Strategy renderers for the FormatAnsible output.
|
Package ansible implements remediate.Strategy renderers for the FormatAnsible output. |
|
awscli
Package awscli implements remediate.Strategy renderers for the FormatAWSCLI output.
|
Package awscli implements remediate.Strategy renderers for the FormatAWSCLI output. |
|
azcli
Package azcli implements remediate.Strategy renderers for the FormatAzureCLI output.
|
Package azcli implements remediate.Strategy renderers for the FormatAzureCLI output. |
|
bash
Package bash implements remediate.Strategy renderers for the FormatBash output.
|
Package bash implements remediate.Strategy renderers for the FormatBash output. |
|
doctl
Package doctl implements remediate.Strategy renderers for the FormatDoctl output.
|
Package doctl implements remediate.Strategy renderers for the FormatDoctl output. |
|
gcloud
Package gcloud implements remediate.Strategy renderers for the FormatGCloud output.
|
Package gcloud implements remediate.Strategy renderers for the FormatGCloud output. |
|
hcloud
Package hcloud implements remediate.Strategy renderers for the FormatHcloud output.
|
Package hcloud implements remediate.Strategy renderers for the FormatHcloud output. |
|
helm
Package helm implements remediate.Strategy renderers for the FormatHelm output.
|
Package helm implements remediate.Strategy renderers for the FormatHelm output. |
|
kubectl
Package kubectl implements remediate.Strategy renderers for the FormatKubectl output.
|
Package kubectl implements remediate.Strategy renderers for the FormatKubectl output. |
|
poam
Package poam emits OSCAL v1.1.2 Plan of Action & Milestones (POA&M) JSON for findings whose remediation classifies as manual — either because no strategy is registered, or because the registered strategy declared RiskManual.
|
Package poam emits OSCAL v1.1.2 Plan of Action & Milestones (POA&M) JSON for findings whose remediation classifies as manual — either because no strategy is registered, or because the registered strategy declared RiskManual. |
|
render
Package render holds small shared helpers strategy packages use to emit safe, well-formatted snippet content.
|
Package render holds small shared helpers strategy packages use to emit safe, well-formatted snippet content. |
|
runbook
Package runbook writes the operator-facing artifacts of v0.15's remediation flow:
|
Package runbook writes the operator-facing artifacts of v0.15's remediation flow: |
|
terraform
Package terraform implements remediate.Strategy renderers for the FormatTerraform output.
|
Package terraform implements remediate.Strategy renderers for the FormatTerraform output. |
|
tickets
Package tickets files external tickets (Jira, Linear) for findings whose remediation is manual.
|
Package tickets files external tickets (Jira, Linear) for findings whose remediation is manual. |
|
Package report holds the Reporter implementations.
|
Package report holds the Reporter implementations. |
|
Package score computes the 0-100 hardening score the v0.6 milestone adds as the headline metric.
|
Package score computes the 0-100 hardening score the v0.6 milestone adds as the headline metric. |
Click to show internal directories.
Click to hide internal directories.