compliance

package
v1.38.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 30, 2026 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Overview

Package compliance provides SOC 2 compliance automation tooling including Trust Services Criteria control mapping, evidence collection, policy document generation, and control status tracking.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func PolicyTemplates 

func PolicyTemplates() map[PolicyType]PolicyTemplate

PolicyTemplates returns all available policy templates keyed by PolicyType.

Types

type AccessLogSource 

type AccessLogSource struct {
	SystemName string
	LogPath    string
}

AccessLogSource collects evidence from access log systems.

func (*AccessLogSource) Collect 

func (al *AccessLogSource) Collect(controlID ControlID) ([]Evidence, error)

Collect gathers access log evidence for the given control.

func (*AccessLogSource) Name 

func (al *AccessLogSource) Name() string

Name returns the source name.

func (*AccessLogSource) SupportedControls 

func (al *AccessLogSource) SupportedControls() []ControlID

SupportedControls returns controls that access log evidence supports.

type Category 

type Category string

Category represents a SOC 2 Trust Services Category. 

const (
	CategorySecurity            Category = "Security"
	CategoryAvailability        Category = "Availability"
	CategoryConfidentiality     Category = "Confidentiality"
	CategoryProcessingIntegrity Category = "Processing Integrity"
	CategoryPrivacy             Category = "Privacy"
)

type CategorySummary 

type CategorySummary struct {
	Category     Category
	Total        int
	Compliant    int
	Partial      int
	NonCompliant int
	NotAssessed  int
}

CategorySummary provides compliance status for a single category.

type CodeReviewSource 

type CodeReviewSource struct {
	Owner string
	Repo  string
}

CodeReviewSource collects evidence from code review practices.

func (*CodeReviewSource) Collect 

func (cr *CodeReviewSource) Collect(controlID ControlID) ([]Evidence, error)

Collect gathers code review evidence for the given control.

func (*CodeReviewSource) Name 

func (cr *CodeReviewSource) Name() string

Name returns the source name.

func (*CodeReviewSource) SupportedControls 

func (cr *CodeReviewSource) SupportedControls() []ControlID

SupportedControls returns controls that code review evidence supports.

type Control 

type Control struct {
	ID          ControlID
	Category    Category
	Title       string
	Description string
	Criteria    string // Trust Services Criteria reference (e.g., "CC1.1")
}

Control represents a single SOC 2 Trust Services Criteria control.

type ControlAssessment 

type ControlAssessment struct {
	ControlID   ControlID
	Status      ControlStatus
	AssessedAt  time.Time
	AssessedBy  string
	EvidenceIDs []string
	Notes       string
}

ControlAssessment records the assessment of a control at a point in time.

type ControlDetail 

type ControlDetail struct {
	Control    Control
	Assessment ControlAssessment
	Assessed   bool
	Evidence   []Evidence
}

ControlDetail provides detailed status for a single control.

type ControlID 

type ControlID string

ControlID uniquely identifies a SOC 2 control (e.g., "CC1.1", "A1.2").

type ControlMapping 

type ControlMapping struct {
	// contains filtered or unexported fields
}

ControlMapping maps SOC 2 Trust Services Criteria to implementation evidence.

func NewControlMapping 

func NewControlMapping() *ControlMapping

NewControlMapping returns a ControlMapping pre-populated with the standard SOC 2 Type II Trust Services Criteria controls.

func (*ControlMapping) Assess 

func (cm *ControlMapping) Assess(a ControlAssessment) error

Assess records an assessment for a control.

func (*ControlMapping) Assessment 

func (cm *ControlMapping) Assessment(id ControlID) (ControlAssessment, bool)

Assessment returns the most recent assessment for a control.

func (*ControlMapping) Control 

func (cm *ControlMapping) Control(id ControlID) (Control, bool)

Control returns the control definition for the given ID.

func (*ControlMapping) Controls 

func (cm *ControlMapping) Controls() []Control

Controls returns all registered controls.

func (*ControlMapping) ControlsByCategory 

func (cm *ControlMapping) ControlsByCategory(cat Category) []Control

ControlsByCategory returns controls filtered by category.

type ControlStatus 

type ControlStatus string

ControlStatus represents the compliance status of a control. 

const (
	StatusNotAssessed   ControlStatus = "not_assessed"
	StatusCompliant     ControlStatus = "compliant"
	StatusPartial       ControlStatus = "partially_compliant"
	StatusNonCompliant  ControlStatus = "non_compliant"
	StatusNotApplicable ControlStatus = "not_applicable"
)

type Dashboard 

type Dashboard struct {
	// contains filtered or unexported fields
}

Dashboard generates a compliance dashboard from a ControlMapping and EvidenceCollector.

func NewDashboard 

func NewDashboard(mapping *ControlMapping, collector *EvidenceCollector) *Dashboard

NewDashboard creates a Dashboard from the given mapping and collector.

func (*Dashboard) ControlDetails 

func (d *Dashboard) ControlDetails() []ControlDetail

ControlDetails returns detailed information for every control.

func (*Dashboard) Summary 

func (d *Dashboard) Summary() DashboardSummary

Summary computes the current compliance dashboard summary.

type DashboardSummary 

type DashboardSummary struct {
	GeneratedAt     time.Time
	TotalControls   int
	Compliant       int
	Partial         int
	NonCompliant    int
	NotAssessed     int
	NotApplicable   int
	EvidenceCount   int
	CategorySummary []CategorySummary
}

DashboardSummary provides an overview of the compliance posture.

func (*DashboardSummary) ComplianceRate 

func (ds *DashboardSummary) ComplianceRate() float64

ComplianceRate returns the percentage of assessed controls that are fully compliant. Returns 0 if no controls have been assessed.

type Evidence 

type Evidence struct {
	ID          string
	Type        EvidenceType
	ControlID   ControlID
	Title       string
	Description string
	Source      string // URI or path to the source system
	CollectedAt time.Time
	CollectedBy string
	Data        map[string]string // Arbitrary key-value evidence data
}

Evidence represents a single piece of compliance evidence.

type EvidenceCollector 

type EvidenceCollector struct {
	// contains filtered or unexported fields
}

EvidenceCollector orchestrates evidence collection from multiple sources.

func NewEvidenceCollector 

func NewEvidenceCollector(sources ...EvidenceSource) *EvidenceCollector

NewEvidenceCollector creates a collector with the given sources.

func (*EvidenceCollector) AddSource 

func (ec *EvidenceCollector) AddSource(src EvidenceSource)

AddSource registers an additional evidence source.

func (*EvidenceCollector) CollectAll 

func (ec *EvidenceCollector) CollectAll() (int, []error)

CollectAll gathers evidence from all sources for all their supported controls. Returns the number of evidence items collected and any errors encountered.

func (*EvidenceCollector) CollectForControl 

func (ec *EvidenceCollector) CollectForControl(controlID ControlID) ([]Evidence, []error)

CollectForControl gathers evidence for a specific control from all sources.

func (*EvidenceCollector) Evidence 

func (ec *EvidenceCollector) Evidence() []Evidence

Evidence returns all collected evidence.

func (*EvidenceCollector) EvidenceByControl 

func (ec *EvidenceCollector) EvidenceByControl(controlID ControlID) []Evidence

EvidenceByControl returns collected evidence filtered by control ID.

type EvidenceSource 

type EvidenceSource interface {
	// Name returns a human-readable name for this evidence source.
	Name() string

	// Collect gathers evidence relevant to the given control.
	// Returns collected evidence or an error if collection fails.
	Collect(controlID ControlID) ([]Evidence, error)

	// SupportedControls returns the control IDs this source can provide evidence for.
	SupportedControls() []ControlID
}

EvidenceSource defines the interface for automated evidence collection.

type EvidenceType 

type EvidenceType string

EvidenceType classifies the source of compliance evidence. 

const (
	EvidenceCICD       EvidenceType = "ci_cd"
	EvidenceAccessLog  EvidenceType = "access_log"
	EvidenceCodeReview EvidenceType = "code_review"
	EvidencePolicy     EvidenceType = "policy"
	EvidenceManual     EvidenceType = "manual"
)

type GitHubCISource 

type GitHubCISource struct {
	Owner string
	Repo  string
}

GitHubCISource collects evidence from GitHub Actions CI/CD pipelines.

func (*GitHubCISource) Collect 

func (g *GitHubCISource) Collect(controlID ControlID) ([]Evidence, error)

Collect gathers CI/CD evidence for the given control.

func (*GitHubCISource) Name 

func (g *GitHubCISource) Name() string

Name returns the source name.

func (*GitHubCISource) SupportedControls 

func (g *GitHubCISource) SupportedControls() []ControlID

SupportedControls returns controls that CI/CD evidence supports.

type PolicyDocument 

type PolicyDocument struct {
	Type        PolicyType
	Title       string
	Version     string
	Owner       string
	ApprovedBy  string
	EffectiveAt time.Time
	ReviewBy    time.Time
	Sections    []PolicySection
	ControlIDs  []ControlID // Controls this policy satisfies
}

PolicyDocument represents a compliance policy document.

func GeneratePolicy 

func GeneratePolicy(ptype PolicyType, org, owner, approver string, effective time.Time) (PolicyDocument, error)

GeneratePolicy creates a policy document from a template.

func (*PolicyDocument) Render 

func (pd *PolicyDocument) Render() string

Render formats the policy document as a human-readable text document.

type PolicySection 

type PolicySection struct {
	Heading string
	Body    string
}

PolicySection represents a section within a policy document.

type PolicyTemplate 

type PolicyTemplate func(org, owner, approver string, effective time.Time) PolicyDocument

PolicyTemplate defines a function that generates a PolicyDocument.

type PolicyType 

type PolicyType string

PolicyType classifies the kind of policy document. 

const (
	PolicyAccessControl      PolicyType = "access_control"
	PolicyChangeManagement   PolicyType = "change_management"
	PolicyIncidentResponse   PolicyType = "incident_response"
	PolicyDataClassification PolicyType = "data_classification"
	PolicyRiskAssessment     PolicyType = "risk_assessment"
	PolicyVendorManagement   PolicyType = "vendor_management"
)

Source Files

View all Source files

Directories

Path Synopsis
Package audit provides SOC 2 Type I audit tooling including readiness assessment, evidence collection automation, gap analysis, and report generation.
 Package audit provides SOC 2 Type I audit tooling including readiness assessment, evidence collection automation, gap analysis, and report generation.
Package observation implements the SOC 2 Type II observation period framework.
 Package observation implements the SOC 2 Type II observation period framework.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.