compliance

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 20, 2025 License: MIT Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AssessmentEngine

type AssessmentEngine interface {
	Assess(control *Control, evidence []Evidence) (*AssessmentResult, error)
	CalculateCompliance(results []*AssessmentResult) float64
}

AssessmentEngine interface for assessing controls

type AssessmentResult

type AssessmentResult struct {
	ControlID       string                 `json:"controlId"`
	Status          string                 `json:"status"`
	ComplianceScore float64                `json:"complianceScore"`
	Findings        []Finding              `json:"findings"`
	Recommendations []string               `json:"recommendations"`
	AssessmentDate  time.Time              `json:"assessmentDate"`
	NextReviewDate  time.Time              `json:"nextReviewDate"`
	Details         map[string]interface{} `json:"details"`
}

AssessmentResult represents the result of a control assessment

type CategoryCoverage

type CategoryCoverage struct {
	Category             OWASPLLMCategory
	Name                 string
	Status               string // "full", "partial", "not_covered"
	TemplatesCount       int
	SubcategoriesCovered int
	SubcategoriesTotal   int
	Templates            []TemplateSummary
	MissingSubcategories []OWASPLLMSubcategory
}

CategoryCoverage represents the coverage for a category

type CategoryInfo

type CategoryInfo struct {
	ID            OWASPLLMCategory
	Name          string
	Description   string
	Subcategories []SubcategoryInfo
}

CategoryInfo contains information about an OWASP LLM category

type Clause

type Clause struct {
	ID           string        `json:"id"`
	Number       string        `json:"number"`
	Title        string        `json:"title"`
	Description  string        `json:"description"`
	Controls     []Control     `json:"controls"`
	Requirements []Requirement `json:"requirements"`
}

Clause represents a clause in ISO 42001

type ComplianceGap

type ComplianceGap struct {
	Category             OWASPLLMCategory      `json:"category"`
	Name                 string                `json:"name"`
	Status               string                `json:"status"`
	MissingSubcategories []OWASPLLMSubcategory `json:"missing_subcategories"`
	Recommendation       string                `json:"recommendation"`
}

ComplianceGap represents a gap in compliance coverage

type ComplianceMapping

type ComplianceMapping struct {
	OWASPLLM []OWASPLLMMapping      `json:"owasp-llm,omitempty"`
	Other    map[string]interface{} `json:"-"`
}

ComplianceMapping represents the compliance mappings for a template

type ComplianceReport

type ComplianceReport struct {
	Standard          string                       `json:"standard"`
	AssessmentDate    time.Time                    `json:"assessmentDate"`
	Results           map[string]*AssessmentResult `json:"results"`
	OverallCompliance float64                      `json:"overallCompliance"`
	Recommendations   []Recommendation             `json:"recommendations"`
	ExecutiveSummary  string                       `json:"executiveSummary"`
}

ComplianceReport represents a compliance assessment report

type ComplianceSummary

type ComplianceSummary struct {
	TotalCategories   int     `json:"total_categories"`
	CategoriesCovered int     `json:"categories_covered"`
	TotalTemplates    int     `json:"total_templates"`
	ComplianceScore   float64 `json:"compliance_score"`
	GapsIdentified    int     `json:"gaps_identified"`
}

ComplianceSummary provides a summary of compliance status

type Control

type Control struct {
	ID              string                 `json:"id"`
	ClauseNumber    string                 `json:"clauseNumber"`
	Title           string                 `json:"title"`
	Description     string                 `json:"description"`
	Type            string                 `json:"type"` // technical, organizational, documentation
	Implementation  ImplementationStatus   `json:"implementation"`
	Evidence        []Evidence             `json:"evidence"`
	Gaps            []Gap                  `json:"gaps"`
	Recommendations []string               `json:"recommendations"`
	Metadata        map[string]interface{} `json:"metadata"`
}

Control represents a control within a clause

type CoverageLevel

type CoverageLevel string

CoverageLevel represents the level of coverage for a category or subcategory

const (
	BasicCoverage         CoverageLevel = "basic"
	ComprehensiveCoverage CoverageLevel = "comprehensive"
	AdvancedCoverage      CoverageLevel = "advanced"
)

Coverage levels

type Evidence

type Evidence struct {
	ID          string                 `json:"id"`
	Type        string                 `json:"type"` // document, log, scan_result, test_result
	Title       string                 `json:"title"`
	Description string                 `json:"description"`
	Location    string                 `json:"location"`
	Date        time.Time              `json:"date"`
	Status      string                 `json:"status"`
	Metadata    map[string]interface{} `json:"metadata"`
}

Evidence represents evidence for control implementation

type EvidenceStore

type EvidenceStore interface {
	Store(evidence Evidence) error
	Retrieve(controlID string) ([]Evidence, error)
	Search(criteria map[string]interface{}) ([]Evidence, error)
}

EvidenceStore interface for storing and retrieving evidence

type Finding

type Finding struct {
	ID          string    `json:"id"`
	Severity    string    `json:"severity"`
	Description string    `json:"description"`
	Impact      string    `json:"impact"`
	ControlID   string    `json:"controlId"`
	Timestamp   time.Time `json:"timestamp"`
}

Finding represents a compliance finding

type Gap

type Gap struct {
	ID          string    `json:"id"`
	ControlID   string    `json:"controlId"`
	Description string    `json:"description"`
	Severity    string    `json:"severity"` // critical, high, medium, low
	DueDate     time.Time `json:"dueDate"`
	Status      string    `json:"status"` // open, in_progress, closed
}

Gap represents a compliance gap

type ISO42001Compliance

type ISO42001Compliance struct {
	// contains filtered or unexported fields
}

ISO42001Compliance provides ISO 42001 compliance checking

func NewISO42001Compliance

func NewISO42001Compliance() *ISO42001Compliance

NewISO42001Compliance creates a new ISO 42001 compliance checker

func (*ISO42001Compliance) CheckCompliance

func (iso *ISO42001Compliance) CheckCompliance() (*ComplianceReport, error)

CheckCompliance performs a comprehensive compliance check

func (*ISO42001Compliance) ExportReport

func (iso *ISO42001Compliance) ExportReport(report *ComplianceReport, format string) ([]byte, error)

ExportReport exports the compliance report in various formats

type ISO42001Standard

type ISO42001Standard struct {
	Name        string
	Version     string
	Description string
	Clauses     []Clause
}

ISO42001Standard represents the ISO/IEC 42001:2023 standard

type ISO42001Summary

type ISO42001Summary struct {
	TotalControls        int `json:"totalControls"`
	CompliantControls    int `json:"compliantControls"`
	PartialControls      int `json:"partialControls"`
	NonCompliantControls int `json:"nonCompliantControls"`
	CriticalGaps         int `json:"criticalGaps"`
	HighGaps             int `json:"highGaps"`
	MediumGaps           int `json:"mediumGaps"`
	LowGaps              int `json:"lowGaps"`
}

ISO42001Summary represents a compliance summary for ISO 42001

type ImplementationStatus

type ImplementationStatus struct {
	Status         string    `json:"status"` // not_implemented, partial, implemented, verified
	Percentage     float64   `json:"percentage"`
	LastAssessed   time.Time `json:"lastAssessed"`
	AssessedBy     string    `json:"assessedBy"`
	EffectiveDate  time.Time `json:"effectiveDate"`
	ExpirationDate time.Time `json:"expirationDate,omitempty"`
}

ImplementationStatus represents the status of control implementation

type OWASPComplianceReport

type OWASPComplianceReport struct {
	ReportID    string             `json:"report_id"`
	GeneratedAt string             `json:"generated_at"`
	Framework   string             `json:"framework"`
	Summary     ComplianceSummary  `json:"summary"`
	Categories  []CategoryCoverage `json:"categories"`
	Gaps        []ComplianceGap    `json:"gaps"`
}

OWASPComplianceReport represents an OWASP LLM compliance report

type OWASPLLMCategory

type OWASPLLMCategory string

OWASPLLMCategory represents an OWASP LLM Top 10 category

const (
	PromptInjection            OWASPLLMCategory = "LLM01"
	InsecureOutputHandling     OWASPLLMCategory = "LLM02"
	TrainingDataPoisoning      OWASPLLMCategory = "LLM03"
	ModelDenialOfService       OWASPLLMCategory = "LLM04"
	SupplyChainVulnerabilities OWASPLLMCategory = "LLM05"
	SensitiveInfoDisclosure    OWASPLLMCategory = "LLM06"
	InsecurePluginDesign       OWASPLLMCategory = "LLM07"
	ExcessiveAgency            OWASPLLMCategory = "LLM08"
	Overreliance               OWASPLLMCategory = "LLM09"
	ModelTheft                 OWASPLLMCategory = "LLM10"
)

OWASP LLM Top 10 categories

type OWASPLLMMapping

type OWASPLLMMapping struct {
	Category    OWASPLLMCategory    `json:"category"`
	Subcategory OWASPLLMSubcategory `json:"subcategory,omitempty"`
	Coverage    CoverageLevel       `json:"coverage,omitempty"`
}

OWASPLLMMapping represents a mapping to an OWASP LLM Top 10 category and subcategory

type OWASPLLMSubcategory

type OWASPLLMSubcategory string

OWASPLLMSubcategory represents a subcategory within an OWASP LLM Top 10 category

const (
	// LLM01 subcategories
	DirectInjection   OWASPLLMSubcategory = "direct-injection"
	IndirectInjection OWASPLLMSubcategory = "indirect-injection"
	Jailbreaking      OWASPLLMSubcategory = "jailbreaking"

	// LLM02 subcategories
	XSS              OWASPLLMSubcategory = "xss"
	SSRF             OWASPLLMSubcategory = "ssrf"
	CommandInjection OWASPLLMSubcategory = "command-injection"
	SQLInjection     OWASPLLMSubcategory = "sql-injection"

	// LLM03 subcategories
	DataPoisoning   OWASPLLMSubcategory = "data-poisoning"
	BackdoorAttacks OWASPLLMSubcategory = "backdoor-attacks"
	BiasInjection   OWASPLLMSubcategory = "bias-injection"

	// LLM04 subcategories
	ResourceExhaustion      OWASPLLMSubcategory = "resource-exhaustion"
	TokenFlooding           OWASPLLMSubcategory = "token-flooding"
	ContextWindowSaturation OWASPLLMSubcategory = "context-window-saturation"

	// LLM05 subcategories
	PretrainedModelVulnerabilities OWASPLLMSubcategory = "pretrained-model-vulnerabilities"
	DependencyRisks                OWASPLLMSubcategory = "dependency-risks"
	IntegrationVulnerabilities     OWASPLLMSubcategory = "integration-vulnerabilities"

	// LLM06 subcategories
	TrainingDataExtraction OWASPLLMSubcategory = "training-data-extraction"
	CredentialLeakage      OWASPLLMSubcategory = "credential-leakage"
	PIIDisclosure          OWASPLLMSubcategory = "pii-disclosure"

	// LLM07 subcategories
	PluginEscalation   OWASPLLMSubcategory = "plugin-escalation"
	UnauthorizedAccess OWASPLLMSubcategory = "unauthorized-access"
	DataLeakage        OWASPLLMSubcategory = "data-leakage"

	// LLM08 subcategories
	UnauthorizedActions OWASPLLMSubcategory = "unauthorized-actions"
	ScopeExpansion      OWASPLLMSubcategory = "scope-expansion"
	PrivilegeEscalation OWASPLLMSubcategory = "privilege-escalation"

	// LLM09 subcategories
	HallucinationAcceptance    OWASPLLMSubcategory = "hallucination-acceptance"
	UnverifiedRecommendations  OWASPLLMSubcategory = "unverified-recommendations"
	CriticalDecisionDelegation OWASPLLMSubcategory = "critical-decision-delegation"

	// LLM10 subcategories
	ModelExtraction       OWASPLLMSubcategory = "model-extraction"
	WeightStealing        OWASPLLMSubcategory = "weight-stealing"
	ArchitectureInference OWASPLLMSubcategory = "architecture-inference"
)

OWASP LLM Top 10 subcategories

type OWASPLLMValidator

type OWASPLLMValidator struct {
	// contains filtered or unexported fields
}

OWASPLLMValidator validates OWASP LLM compliance mappings

func NewDefaultOWASPLLMValidator

func NewDefaultOWASPLLMValidator() (*OWASPLLMValidator, error)

NewDefaultOWASPLLMValidator creates a new OWASP LLM compliance validator with the default schema path

func NewOWASPLLMValidator

func NewOWASPLLMValidator(schemaPath string) (*OWASPLLMValidator, error)

NewOWASPLLMValidator creates a new OWASP LLM compliance validator

func (*OWASPLLMValidator) GenerateComplianceReport

func (v *OWASPLLMValidator) GenerateComplianceReport(templates []interface{}, reportID string, timestamp string) (*OWASPComplianceReport, error)

GenerateComplianceReport generates a compliance report for a set of templates

func (*OWASPLLMValidator) GetAllCategories

func (v *OWASPLLMValidator) GetAllCategories() []CategoryInfo

GetAllCategories returns information about all OWASP LLM categories

func (*OWASPLLMValidator) GetCategoryInfo

func (v *OWASPLLMValidator) GetCategoryInfo(category OWASPLLMCategory) (CategoryInfo, bool)

GetCategoryInfo returns information about an OWASP LLM category

func (*OWASPLLMValidator) ValidateMapping

func (v *OWASPLLMValidator) ValidateMapping(mapping *ComplianceMapping) (bool, []string, error)

ValidateMapping validates an OWASP LLM compliance mapping

type Recommendation

type Recommendation struct {
	ID          string   `json:"id"`
	Priority    string   `json:"priority"`
	Description string   `json:"description"`
	Actions     []string `json:"actions"`
	Timeline    string   `json:"timeline"`
}

Recommendation represents a compliance recommendation

type Requirement

type Requirement struct {
	ID          string `json:"id"`
	Description string `json:"description"`
	Mandatory   bool   `json:"mandatory"`
	Verifiable  bool   `json:"verifiable"`
}

Requirement represents a specific requirement

type SubcategoryInfo

type SubcategoryInfo struct {
	ID          OWASPLLMSubcategory
	Name        string
	Description string
}

SubcategoryInfo contains information about an OWASP LLM subcategory

type TemplateComplianceValidator

type TemplateComplianceValidator struct {
	// contains filtered or unexported fields
}

TemplateComplianceValidator validates template compliance mappings

func NewTemplateComplianceValidator

func NewTemplateComplianceValidator() (*TemplateComplianceValidator, error)

NewTemplateComplianceValidator creates a new template compliance validator

func (*TemplateComplianceValidator) GenerateComplianceReport

func (v *TemplateComplianceValidator) GenerateComplianceReport(templates []interface{}, reportID string, timestamp string) (*ComplianceReport, error)

GenerateComplianceReport generates a compliance report for a set of templates

func (*TemplateComplianceValidator) GetComplianceCoverage

func (v *TemplateComplianceValidator) GetComplianceCoverage(templates []interface{}) (map[OWASPLLMCategory]float64, error)

GetComplianceCoverage calculates compliance coverage for a set of templates

func (*TemplateComplianceValidator) SuggestComplianceMapping

func (v *TemplateComplianceValidator) SuggestComplianceMapping(template map[string]interface{}, templatePath string) (*ComplianceMapping, error)

SuggestComplianceMapping suggests compliance mappings for a template based on its content

func (*TemplateComplianceValidator) ValidateTemplateCompliance

func (v *TemplateComplianceValidator) ValidateTemplateCompliance(template map[string]interface{}) (bool, []string, error)

ValidateTemplateCompliance validates a template's compliance mappings

type TemplateSummary

type TemplateSummary struct {
	ID          string
	Name        string
	Subcategory OWASPLLMSubcategory
	Coverage    CoverageLevel
}

TemplateSummary provides a summary of a template

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL