complyctl

complyctl

ComplyCTL leverages OSCAL to perform compliance assessment activities, using plugins for each stage of the lifecycle.

Documentation

📎 Installation
📎 Quick Start
📎 Sample Component Definition

Basic Usage

Determine the baseline you want to run a scan for and create an OSCAL Assessment Plan. The Assessment Plan will act as configuration to guide the complyctl generation and scanning operations.

complyctl list
...
# Table appears with options. Look at the Framework ID column.

complyctl info <framework-id>
...
# Display information about a framework's controls and rules.

complyctl plan <framework-id>
...
# The file will be written out to assessment-plan.json in the specified workspace.
# Defaults to current working directory.

cat assessment-plan.json
# The default assessment-plan.json will be available in the complytime workspace (complytime/assessment-plan.json).

complyctl plan <framework-id> --dry-run
# See the default contents of the assessment-plan.json.

complyctl plan <framework-id> --dry-run --out config.yml
# Customize the assessment-plan.json with the "out" flag. Updates can be made in the config.yml.

complyctl plan <framework-id> --scope-config config.yml
# The config.yml will be loaded when passing "scope-config" to customize the assessment-plan.json.

Run the generate command to generate policy artifacts in the workspace and run the scan command to execute the generated artifacts and get results.

complyctl generate
...
complyctl scan

# The results will be written to assessment-results.json in the specified workspace.
# Defaults to current working directory under folder "complytime".

complyctl scan --with-md

# Both assessment-results.md and assessment-results.json will be written in the specified workspace.
# Defaults to current working directory under folder "complytime".

Contributing

📎 Read the contributing guidelines
📎 Read the style guide
📎 Read and agree to the Code of Conduct

Interested in writing a plugin? See the plugin guide.