Skip to main content

Multi-framework policy-as-code compliance scanner for infrastructure and application code.

Project description

prodcycle

Multi-framework policy-as-code compliance scanner for infrastructure and application code. Scans Terraform, Kubernetes, Docker, .env, and application source against SOC 2, HIPAA, and NIST CSF policies.

Features

  • 3 compliance frameworks: SOC 2, HIPAA, NIST CSF
  • Automated policy enforcement: Server-side OPA/Rego and Cedar evaluation engines
  • Infrastructure scanning: Terraform, Kubernetes manifests, Dockerfiles, .env files
  • Application code scanning: TypeScript, Python, Go, Java, Ruby
  • CI/CD integration: CLI with SARIF output for GitHub Code Scanning
  • Programmatic API: Full Python API for custom integrations
  • Self-remediation: gate() function returns actionable remediation prompts

Installation

pip install prodcycle

Quick Start

CLI

# Scan current directory against SOC 2 and HIPAA
prodcycle scan . --framework soc2,hipaa

# Output as SARIF for GitHub Code Scanning
prodcycle scan . --framework soc2 --format sarif --output results.sarif

# Set severity threshold (only report HIGH and above)
prodcycle scan . --framework hipaa --severity-threshold high

# Auto-configure compliance hooks/instructions for your coding agents
# (Claude Code, Cursor, Codex, OpenCode, GitHub Copilot, Gemini CLI)
prodcycle init --agent all

Subcommands: scan (full repo scan), gate (JSON payload from stdin), hook (coding-agent post-edit hook), scans (fetch a scan's status + findings by ID), init (coding-agent + CI setup).

Programmatic API

from prodcycle import scan, gate

# Full Repository Scan
response = scan(
    repo_path='/path/to/repo',
    frameworks=['soc2', 'hipaa'],
    options={
        'severityThreshold': 'high',
        'failOn': ['critical', 'high'],
    }
)

print(f"Found {len(response['findings'])} findings")
print(f"Exit code: {response['exitCode']}")

# Gate function (for coding agents)
result = gate(
    files={
        'src/config.ts': 'export const DB_PASSWORD = "hardcoded-secret";',
        'terraform/main.tf': 'resource "aws_s3_bucket" "data" { }',
    },
    frameworks=['soc2', 'hipaa'],
)

if not result['passed']:
    print('Compliance issues found:')
    print(result['prompt'])  # Pre-formatted remediation instructions

API Key

An API key is required for production use to authenticate with ProdCycle. Set it via environment variable:

export PRODCYCLE_API_KEY=pc_your_api_key_here

API keys are created in the ProdCycle dashboard — see https://docs.prodcycle.com to get started. To save a key for agent hooks (no env var needed), run prodcycle init --api-key pc_... (writes ~/.config/prodcycle/config.json, readable only by you).

Exit codes

scan, gate, and hook use exit codes designed for CI gates and agent hooks:

Code Meaning
0 Pass — no findings at or above the --fail-on threshold (default: critical,high).
1 Findings present — code is not clean.
2 Scanner unavailable or usage error — the scan could not be certified either way (fail-closed). Distinguish this from 1 so CI/agents can treat "fix your code" differently from "investigate the scanner."

The Claude Code hook path is special-cased: a missing/rejected API key or a clean result exits 0 so the agent is never blocked on setup; violations are returned to the agent as structured feedback.

Requirements

  • Python >= 3.12

License

MIT — see LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

prodcycle-0.6.17.tar.gz (65.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

prodcycle-0.6.17-py3-none-any.whl (47.4 kB view details)

Uploaded Python 3

File details

Details for the file prodcycle-0.6.17.tar.gz.

File metadata

  • Download URL: prodcycle-0.6.17.tar.gz
  • Upload date:
  • Size: 65.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for prodcycle-0.6.17.tar.gz
Algorithm Hash digest
SHA256 5bdc158f4fbb8c58f059ae61a75ea1e28495fda580bc4abccbdedeae4b1b1c65
MD5 4a4cd37d45e518710975fb8904c337ec
BLAKE2b-256 317834be2781649e0b1f6b0a0d61238950b95c0f65b608b5b2bd45dece46a793

See more details on using hashes here.

Provenance

The following attestation bundles were made for prodcycle-0.6.17.tar.gz:

Publisher: publish.yml on prodcycle/cli

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file prodcycle-0.6.17-py3-none-any.whl.

File metadata

  • Download URL: prodcycle-0.6.17-py3-none-any.whl
  • Upload date:
  • Size: 47.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for prodcycle-0.6.17-py3-none-any.whl
Algorithm Hash digest
SHA256 7bac56ddb8ec5e3d40b6fbb980bb79cff3717376f88f577af1168c358551ce2b
MD5 2a1917215ffdd6637c9c5378dda8acdd
BLAKE2b-256 6dc861337efeb1ddccf2f1e2f30eae02ea48079f813c5d759e632ff3acf71f08

See more details on using hashes here.

Provenance

The following attestation bundles were made for prodcycle-0.6.17-py3-none-any.whl:

Publisher: publish.yml on prodcycle/cli

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page