Real Compliance Automation — scans, remediates, and generates audit-ready evidence
Project description
ComplianceOS
Real Compliance Automation. Scans, remediates, and generates audit-ready evidence.
Vanta and Drata collect evidence. ComplianceOS fixes compliance issues.
Frameworks Supported
| Framework | Controls | Auto-fixable |
|---|---|---|
| SOC 2 Type II | 50+ | 20+ |
| ISO 27001:2022 | 25+ | 15+ |
| GDPR | 22+ | 8+ |
| HIPAA Security Rule | 25+ | 10+ |
| PCI DSS v4.0 | 30+ | 15+ |
Quick Start
pip install autoai-complianceos
# Scan your project against SOC 2
complianceos scan . --framework soc2
# Auto-fix violations
complianceos fix . --framework soc2 --apply
# Collect evidence for auditors
complianceos evidence . --framework soc2
# Generate audit-ready report
complianceos report --framework soc2 --output compliance-report.md
Quick Start -- MCP Server
Add to your Claude Code or Cursor MCP config:
{
"mcpServers": {
"complianceos": {
"command": "uvx",
"args": ["autoai-complianceos-mcp"],
"description": "ComplianceOS — Scan your codebase for SOC2, ISO27001, GDPR, HIPAA, PCI-DSS compliance violations"
}
}
}
That's it. No signup. No API key. No data leaves your machine.
MCP Tools
compliance_scan-- Scan codebase/infra against a frameworkcompliance_status-- Current compliance posture by frameworkcompliance_fix-- Auto-generate and apply fixes for violationscompliance_evidence-- Collect and package evidence for auditorscompliance_report-- Generate audit-ready compliance reportcompliance_map-- Show control overlap across frameworks
CLI Commands
complianceos scan <path> -f <framework> # Scan codebase
complianceos status -f <framework> # Show compliance posture
complianceos fix <path> -f <framework> # Preview fixes
complianceos fix <path> -f <framework> --apply # Apply fixes
complianceos evidence <path> -f <framework> # Collect evidence
complianceos report -f <framework> # Generate report
complianceos map # Control overlap map
complianceos serve # Start MCP server
What Gets Scanned
Code Scanner
- Hardcoded secrets (AWS keys, API tokens, private keys, database URLs)
- SQL injection patterns
- Missing input validation
- XSS vulnerabilities (innerHTML, dangerouslySetInnerHTML)
- Missing dependency scanning (Dependabot/Snyk)
- Missing CI/CD pipeline
- Missing branch protection
- Password policy enforcement
- Session timeout configuration
Infrastructure Scanner
- Public storage buckets/containers
- Encryption at rest disabled
- TLS below 1.2
- Overly permissive IAM policies
- Open security groups (0.0.0.0/0)
- Missing WAF/DDoS protection
- Missing backup configuration
- Dockerfile security (root user, unpinned versions)
Configuration Scanner
- Security policy documents
- Incident response plans
- Risk registers
- Data retention policies
- Business continuity plans
- Training records
- Vendor assessments
API Scanner
- GDPR data subject rights endpoints (DSAR, deletion, export)
- Security headers (HSTS, CSP, X-Frame-Options)
- CORS misconfiguration
- Rate limiting
Architecture
complianceos/
frameworks/ # Real control definitions (SOC2, ISO27001, GDPR, HIPAA, PCI-DSS)
scanners/ # Code, infra, config, and API scanners
remediation/ # Auto-fix engine + PR generator
evidence/ # Evidence collector + audit report generator
store.py # SQLite persistence
server.py # MCP server
cli.py # CLI entry point
License
Apache 2.0
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
autoai_complianceos-0.1.0.tar.gz
(76.4 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file autoai_complianceos-0.1.0.tar.gz.
File metadata
- Download URL: autoai_complianceos-0.1.0.tar.gz
- Upload date:
- Size: 76.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
24eb877c52cad7dc8a9f08d6d377c3658bd094f4c9280fd6274359be5b1d721a
|
|
| MD5 |
b9f09be4fe67245a22008a6a1d77ca30
|
|
| BLAKE2b-256 |
275448ec182e87b8aeffa1112d92efc879655c0b3f640f374aa125b87501ad56
|
File details
Details for the file autoai_complianceos-0.1.0-py3-none-any.whl.
File metadata
- Download URL: autoai_complianceos-0.1.0-py3-none-any.whl
- Upload date:
- Size: 61.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3a7191a83835c1c7d61f73e9c39e1a4efd40c735ddffc79294f34e55ce68d442
|
|
| MD5 |
713a6e96ff1063807e4f63c48958b327
|
|
| BLAKE2b-256 |
efb650580a319ee6a5731c9ad13884085f0d6abcb13ff2927508cb71cb030a3b
|
