Skip to content

Code examples for automating security and compliance tests. Covers CIS, NIST, PCI, and GDPR to streamline workflows and generate audit reports. Essential for DevSecOps and maintaining high security standards.

Notifications You must be signed in to change notification settings

vectorc0de/compliance-automation-examples

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 

Repository files navigation

Containerdevs Compliance Automation Examples

This repository provides a collection of scripts and examples to automate security and compliance testing. It covers major standards like CIS, NIST, PCI, and GDPR, with a focus on Linux and Cloud environments.

The goal is to offer practical, ready-to-use code for DevSecOps workflows, streamlining compliance checks and audit reporting.

Project Structure

The repository is organized by compliance standard and then by environment:

/
├── cis/
│   ├── linux/              # CIS benchmark scripts for Linux
│   └── cloud/              # CIS controls for Cloud environments
│       ├── aws/
│       ├── azure/
│       └── gcp/
├── nist/
│   ├── linux/              # NIST guidelines for Linux
│   └── cloud/              # NIST controls for Cloud
│       ├── ...
├── pci/
│   ├── linux/              # PCI-DSS checks for Linux
│   └── cloud/              # PCI-DSS controls for Cloud
│       ├── ...
├── gdpr/
│   ├── linux/              # GDPR data protection checks for Linux
│   └── cloud/              # GDPR considerations for Cloud
│       ├── ...
├── scripts/                # Common scripts for reporting and automation
├── reports/                # Generated compliance reports
├── .gitignore
└── README.md

Getting Started

  1. Clone the repository:

    git clone https://github.com/vectorc0de/compliance-automation-examples.git
    cd compliance-automation-examples
  2. Explore the directories: Navigate to the standard and environment you are interested in (e.g., cd cis/linux).

  3. Run a script: The scripts are designed to be run from the command line. Ensure they have execute permissions.

    # Example: Make a script executable
    chmod +x ./containerdevs-cis-benchmark.sh
    
    # Run the script
    ./containerdevs-cis-benchmark.sh

Usage

The scripts in this repository are intended as a starting point. You can customize them to fit the specific needs of your environment.

  • Check Scripts: The core logic for compliance checks is within the standard-specific directories (e.g., cis/linux).
  • Reporting: The scripts/ directory contains tools to generate reports from the output of the check scripts.

Example: Generating a Report

# First, run a compliance check and save the output
./cis/linux/containerdevs-cis-benchmark.sh > ./reports/cis-linux-raw.txt

# Then, generate a formatted report
./scripts/containerdevs-generate-report.sh ./reports/cis-linux-raw.txt > ./reports/cis-linux-report.md

Contributing

Contributions are welcome! Please feel free to submit a pull request with new scripts, improvements, or bug fixes.

License

This project is licensed under the MIT License.

About

Code examples for automating security and compliance tests. Covers CIS, NIST, PCI, and GDPR to streamline workflows and generate audit reports. Essential for DevSecOps and maintaining high security standards.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages