SARIF-to-compliance bridge. Transforms SAST scan results into DISA STIG checklists, ATO evidence artifacts, and compliance-native output.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for rdwj from gravatar.com rdwj

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: rdwj
  • Tags stig , disa , compliance , sarif , sast , ato , nist , security , ckl
  • Requires: Python >=3.10
Classifiers
Report project as malware

Project description

Stigcode

SARIF-to-compliance bridge. Transforms SAST scan results from any scanner into DISA STIG checklists, ATO evidence artifacts, and compliance-native output.

Stigcode is the compliance companion to Sanicode. While Sanicode scans code for vulnerabilities, Stigcode transforms those findings into the formats that ISSOs, assessors, and authorizing officials actually need.

Status

This project is in early development. See the issue tracker for planned work.

Architecture

Source Code → [Any SAST Scanner] → SARIF v2.1.0 → [Stigcode] → CKL / ATO Reports / OSCAL

Stigcode consumes SARIF from any scanner (Sanicode, Semgrep, CodeQL, SonarQube, Bandit, SpotBugs) and produces:

  • DISA STIG Viewer .ckl files — import directly into assessment workflows
  • ATO evidence reports — PDF/Markdown summaries for ATO packages
  • NIST 800-53 coverage matrices — control family coverage with gap identification
  • OSCAL output (future) — for automated ATO pipelines

License

Apache-2.0

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for rdwj from gravatar.com rdwj

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: rdwj
  • Tags stig , disa , compliance , sarif , sast , ato , nist , security , ckl
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

This version

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

stigcode-0.0.1.tar.gz (6.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

stigcode-0.0.1-py3-none-any.whl (7.1 kB view details)

Uploaded Python 3

File details

Details for the file stigcode-0.0.1.tar.gz.

File metadata

  • Download URL: stigcode-0.0.1.tar.gz
  • Upload date:
  • Size: 6.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.12

File hashes

Hashes for stigcode-0.0.1.tar.gz
Algorithm Hash digest
SHA256 57d3f0f050f70f20d4bf575aaaaf76f9502a11a81e38abae285c0dd4a85b9e5a
MD5 7d8cccf255028a1e56eb560590852d14
BLAKE2b-256 318accb7d27516f44b1d01952b3de4a33aa505fc399ea3d8daf8e3f101396c04

See more details on using hashes here.

File details

Details for the file stigcode-0.0.1-py3-none-any.whl.

File metadata

  • Download URL: stigcode-0.0.1-py3-none-any.whl
  • Upload date:
  • Size: 7.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.12

File hashes

Hashes for stigcode-0.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 152a4c25360a6fed343eb69b0832577d073f0844daabf973ef740e1873b045e1
MD5 b889c8dc10e1cbefed39c06ac0762942
BLAKE2b-256 9766ced3eab7c0c074b268028c07b1bb18428f1641d37857673e19be67034dd5

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page