Multi-framework policy-as-code compliance scanner for infrastructure and application code.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for prodcyclebot from gravatar.com prodcyclebot

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Other/Proprietary License (See LICENSE in LICENSE)
  • Author: ProdCycle, Inc.
  • Tags compliance , soc2 , hipaa , nist , cli , security
  • Requires: Python >=3.12
Classifiers
Report project as malware

Project description

prodcycle

Multi-framework policy-as-code compliance scanner for infrastructure and application code. Scans Terraform, Kubernetes, Docker, .env, and application source against SOC 2, HIPAA, and NIST CSF policies.

Features

  • 3 compliance frameworks: SOC 2, HIPAA, NIST CSF
  • Automated policy enforcement: Server-side OPA/Rego and Cedar evaluation engines
  • Infrastructure scanning: Terraform, Kubernetes manifests, Dockerfiles, .env files
  • Application code scanning: TypeScript, Python, Go, Java, Ruby
  • CI/CD integration: CLI with SARIF output for GitHub Code Scanning
  • Programmatic API: Full Python API for custom integrations
  • Self-remediation: gate() function returns actionable remediation prompts

Installation

pip install prodcycle

Quick Start

CLI

# Scan current directory against SOC 2 and HIPAA
prodcycle . --framework soc2,hipaa

# Output as SARIF for GitHub Code Scanning
prodcycle . --framework soc2 --format sarif --output results.sarif

# Set severity threshold (only report HIGH and above)
prodcycle . --framework hipaa --severity-threshold high

Programmatic API

from prodcycle import scan, gate

# Full Repository Scan
response = scan(
    repo_path='/path/to/repo',
    frameworks=['soc2', 'hipaa'],
    options={
        'severityThreshold': 'high',
        'failOn': ['critical', 'high'],
    }
)

print(f"Found {len(response['findings'])} findings")
print(f"Exit code: {response['exitCode']}")

# Gate function (for coding agents)
result = gate(
    files={
        'src/config.ts': 'export const DB_PASSWORD = "hardcoded-secret";',
        'terraform/main.tf': 'resource "aws_s3_bucket" "data" { }',
    },
    frameworks=['soc2', 'hipaa'],
)

if not result['passed']:
    print('Compliance issues found:')
    print(result['prompt'])  # Pre-formatted remediation instructions

API Key

An API key is required for production use to authenticate with ProdCycle. Set it via environment variable:

export PC_API_KEY=pc_your_api_key_here

API keys are created through the ProdCycle dashboard.

Requirements

  • Python >= 3.12

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for prodcyclebot from gravatar.com prodcyclebot

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Other/Proprietary License (See LICENSE in LICENSE)
  • Author: ProdCycle, Inc.
  • Tags compliance , soc2 , hipaa , nist , cli , security
  • Requires: Python >=3.12
Classifiers

Release history Release notifications | RSS feed

0.5.0

0.4.2

0.4.1

0.4.0

0.3.0

This version

0.2.2

0.2.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

prodcycle-0.2.2.tar.gz (8.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

prodcycle-0.2.2-py3-none-any.whl (9.2 kB view details)

Uploaded Python 3

File details

Details for the file prodcycle-0.2.2.tar.gz.

File metadata

  • Download URL: prodcycle-0.2.2.tar.gz
  • Upload date:
  • Size: 8.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for prodcycle-0.2.2.tar.gz
Algorithm Hash digest
SHA256 50a716ec36222e8f954d477357961b35bd4a0e885d6ce02b90682d5cc3ff3d7c
MD5 9ed41cd10842a3d58d441ce5f3f5296e
BLAKE2b-256 772931ebb5b6f11b297164c1a2bc684ee3dbf4949002520d70402dae20db42dd

See more details on using hashes here.

Provenance

The following attestation bundles were made for prodcycle-0.2.2.tar.gz:

Publisher: publish.yml on prodcycle/cli

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file prodcycle-0.2.2-py3-none-any.whl.

File metadata

  • Download URL: prodcycle-0.2.2-py3-none-any.whl
  • Upload date:
  • Size: 9.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for prodcycle-0.2.2-py3-none-any.whl
Algorithm Hash digest
SHA256 592f4e015d0e96d8389c259f8ffa189967698ff1d87607de7673750cdc5e5c59
MD5 96151432e2ade05adfb20ced4d8ad694
BLAKE2b-256 eac1c6ae07a42cd433a1ebaf673d9f3f0e9952e137f1da6f75b03ed8cbc12b03

See more details on using hashes here.

Provenance

The following attestation bundles were made for prodcycle-0.2.2-py3-none-any.whl:

Publisher: publish.yml on prodcycle/cli

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page