LogoLogo
  • Guide
    • Introduction
    • Setup
    • CloudQL
    • Compliance
    • Key Terminology
    • Running Audits
    • Embed Compliance Checks in Pipelines
  • Advanced
    • Controls
      • Controls with Inline Policy
      • Controls with References Policies
      • Policies
      • Summary
    • Control Groups
    • Framework
    • Product Architecture
  • advanced-setup
    • Deploy on DigitalOcean / Linode
    • Deploy to AWS
    • Single Sign-On
    • Production Hardening
  • Platform
    • FAQ
Powered by GitBook

© 2025 open governance Inc.

On this page
  1. advanced-setup

Copy of Compliance

Opencomply allows you to define compliance rules in YAML. Like all configuration, these YAML files can be managed in git.

You can group the rules, audit and review the results.

You can audit the compliance of assets, such as deployments, VMs, and Docker containers (or any asset discovered by the platform), by inspecting their configurations for adherence to specific rules.

With Opencomply, you can:

  • Define Policy as Code:

    Create reusable compliance checks in YAML, ensuring consistent governance within a Git-based workflow.

  • Audit for Compliance:

    Automate recurring checks or run them on-demand through the UI or API, capturing evidence and generating detailed reports. This approach provides flexibility and helps maintain consistent regulatory standards.

  • Govern Across Vendors:

    Evaluate compliance across clouds and platforms with flexible queries, achieving unified strategies without relying on vendor-specific security services.

All Opencomply configurations, including Policies, Controls, Control Groups, and Frameworks, are defined using YAML.

Below is a visual representation of the Compliance Framework’s structure:

Framework
├── Control Group 1
│   ├── Control Group 1.1
│   │   ├── Control 1.1.1
│   │   ├── Control 1.1.2
│   │   └── ...
│   ├── Control 1.2
│   ├── Control 1.3
│   └── ...
├── Control Group 2
│   └── ...
└── Additional Control Groups
    ├── Control Group A
    ├── Control Group B
    └── ...

This hierarchical structure simplifies organization, enhances readability by enabling clear categorization, and simplifies compliance management.

With Opencomply, you can:

  • Define Policy as Code:

    Create reusable compliance checks in YAML, ensuring consistent governance within a Git-based workflow.

  • Audit for Compliance:

    Automate recurring checks or run them on-demand through the UI or API, capturing evidence and generating detailed reports. This approach provides flexibility and helps maintain consistent regulatory standards.

  • Govern Across Vendors:

    Evaluate compliance across clouds and platforms with flexible queries, achieving unified strategies without relying on vendor-specific security services.

Opencomply ships with default Compliance Frameworks, Controls, Queries, and Views, all version-controlled in our GitHub repository. To customize them, clone the repository, then go to Administration → Settings → Platform Configuration in the Opencomply UI to reference a different configuration source or adjust existing settings.

Last updated 22 days ago