{"id":18913543,"url":"https://github.com/complianceascode/auditree-framework","last_synced_at":"2025-04-10T03:51:09.183Z","repository":{"id":43117225,"uuid":"259946750","full_name":"ComplianceAsCode/auditree-framework","owner":"ComplianceAsCode","description":"The Auditree framework tool to run compliance control checks as unit tests.","archived":false,"fork":false,"pushed_at":"2024-08-20T12:48:36.000Z","size":2178,"stargazers_count":63,"open_issues_count":28,"forks_count":23,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-04-03T02:11:14.796Z","etag":null,"topics":["compliance","compliance-as-code","compliance-automation","continuous-compliance","devops","devsecops","python"],"latest_commit_sha":null,"homepage":"https://auditree.github.io/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ComplianceAsCode.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-29T14:21:12.000Z","updated_at":"2025-02-11T05:55:01.000Z","dependencies_parsed_at":"2024-07-29T17:09:10.320Z","dependency_job_id":"66343bdd-a46d-412b-bb31-4bdd51c0232f","html_url":"https://github.com/ComplianceAsCode/auditree-framework","commit_stats":{"total_commits":88,"total_committers":13,"mean_commits":6.769230769230769,"dds":"0.36363636363636365","last_synced_commit":"7ffa114d475f337a75b214e3f3b4811f50dd324d"},"previous_names":[],"tags_count":50,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ComplianceAsCode%2Fauditree-framework","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ComplianceAsCode%2Fauditree-framework/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ComplianceAsCode%2Fauditree-framework/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ComplianceAsCode%2Fauditree-framework/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ComplianceAsCode","download_url":"https://codeload.github.com/ComplianceAsCode/auditree-framework/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248154999,"owners_count":21056542,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["compliance","compliance-as-code","compliance-automation","continuous-compliance","devops","devsecops","python"],"created_at":"2024-11-08T10:08:13.464Z","updated_at":"2025-04-10T03:51:09.126Z","avatar_url":"https://github.com/ComplianceAsCode.png","language":"Python","readme":"[![OS Compatibility][platform-badge]](#prerequisites)\n[![Python Compatibility][python-badge]][python]\n[![pre-commit][pre-commit-badge]][pre-commit]\n[![Code validation](https://github.com/ComplianceAsCode/auditree-framework/workflows/format%20%7C%20lint%20%7C%20security%20%7C%20test/badge.svg)][lint-test]\n[![Upload Python Package](https://github.com/ComplianceAsCode/auditree-framework/workflows/PyPI%20upload/badge.svg)][pypi-upload]\n\n# auditree-framework\n\nTool to run compliance control checks as unit tests and build up a body of evidence.\n\nThis framework gives you the tools you need to create an auditable body of evidence, and is designed to be \"DevSecOps\" friendly. Collection \u0026 validation of evidence is modelled as python unit tests, evidence is stored \u0026 versioned in a git repository, notifications can be configured to send to Slack, create issues, contact PagerDuty, or just write files into git. The goal is to enable the digital transformation of compliance activities, and make these everyday operational tasks for the team managing the system.\n\n## Installation\n\n### Prerequisites\n\n- Supported for execution on OSX and LINUX.\n- Supported for execution with Python 3.6 and above.\n\nIf you haven't already you need to generate a new ssh key for your Github account as per [this guide](https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/)\n\n### Check out the code\n\n```shell\ngit clone git@github.com:ComplianceAsCode/auditree-framework\ncd auditree-framework\n```\n\n### For users\n\n```shell\npython3 -m venv venv\n. venv/bin/activate\nmake install\n```\n\n### For developers\n\n```shell\npython3 -m venv venv\n. venv/bin/activate\nmake develop\n```\n\n#### Code style and formatting\n\nThis repository uses [black][black] for code formatting and [flake8][flake8] for code styling.  It also\nuses [pre-commit][pre-commit] hooks that are integrated into the development process and the CI.  When\nyou run `make develop` you are ensuring that the pre-commit hooks are installed and updated to their\nlatest versions for this repository.  This ensures that all delivered code has been properly formatted\nand passes the linter rules.  See the [pre-commit configuration file][pre-commit-config] for details on\n`black` and `flake8` configurations.\n\nSince `black` and `flake8` are installed as part of the `pre-commit` hooks, running `black` and `flake8`\nmanually must be done through `pre-commit`.  See examples below:\n\n```shell\nmake code-format\nmake code-lint\n```\n\n...will run `black` and `flake8` on the entire repo and is equivalent to:\n\n```shell\npre-commit run black --all-files\npre-commit run flake8 --all-files\n```\n\n...and when looking to limit execution to a subset of files do similar to:\n\n```shell\npre-commit run black --files compliance/*\npre-commit run flake8 --files compliance/*\n```\n\n#### Unit tests\n\nTo run the frameworks test suite, use:\n\n```shell\nmake test\n```\n\n#### Build Documentation\n\nDocumentation sources live in `doc-source`, and are also auto-generated from the source codes doc strings. The auto-generated documentation (`compliance*rst, modules.rst`) is ignored by git \u0026 should not be modified directly - make changes in the python code.\n\nTo build the documentation locally run:\n\n```shell\nmake docs\n```\n\nThis will update the files in `doc` with the latest documentation. These files should not be modified by hand.\n\n## Try it\n\nSuccessfully complete the steps below and you should be able to find your local\nevidence locker in your `$TMPDIR/compliance` folder.  There you will find a `raw`\nfolder that contains all of the raw evidence fetched by the fetchers found in the\n`demo/demo_examples/fetchers` folder along with a `reports` folder that contains\nthe reports generated by the checks found in the `demo/demo_examples/checks` folder.\n\n- Create an empty [credentials][] file:\n\n```shell\n$ touch ~/.credentials\n```\n\n- Set up your environment:\n\n```shell\ncd demo\npython -m venv\n. ./venv/bin/activate\npip install -r requirements.txt\n```\n\n- Run the fetchers:\n\n```shell\ncompliance --fetch --evidence local -C auditree_demo.json -v\n```\n\n- Run the checks:\n\n```shell\ncompliance --check demo.arboretum.accred,demo.custom.accred --evidence local -C auditree_demo.json -v\n```\n\n## Contribute\n\nHelp us to improve the Auditree framework. See [CONTRIBUTING][].\n\n## Ecosystem\n\nWe are building a set of common fetchers/checks in [Arboretum](https://github.com/ComplianceAsCode/auditree-arboretum). If you have a library of checks, please let us know \u0026 we'll link here.\n\nWe have a data gathering and reporting tool called [Harvest](https://github.com/ComplianceAsCode/auditree-harvest) which lets you process your evidence locker and generate reports over the data held.\n\nWe have a tool called [Prune](https://github.com/ComplianceAsCode/auditree-prune) which lets you mark evidence as no longer being collected, in a suitably tracked manner.\n\nWe have a tool called [Plant](https://github.com/ComplianceAsCode/auditree-plant) which lets you add evidence to evidence lockers without the use of fetchers or checks.\n\n[CONTRIBUTING]: https://github.com/ComplianceAsCode/auditree-framework/blob/master/CONTRIBUTING.md\n[credentials file]: https://github.com/ComplianceAsCode/auditree-framework/blob/master/doc/design-principles.rst#credentials\n[flake8]: https://gitlab.com/pycqa/flake8\n[platform-badge]: https://img.shields.io/badge/platform-osx%20|%20linux-orange.svg\n[pre-commit-badge]: https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit\u0026logoColor=white\n[pre-commit]: https://github.com/pre-commit/pre-commit\n[pre-commit-config]: https://github.com/ComplianceAsCode/auditree-framework/blob/master/.pre-commit-config.yaml\n[python-badge]: https://img.shields.io/badge/python-v3.6+-blue.svg\n[python]: https://www.python.org/downloads/\n[quick start guide]: https://github.com/ComplianceAsCode/auditree-framework/blob/master/doc-source/quick-start.rst\n[black]: https://github.com/psf/black\n[lint-test]: https://github.com/ComplianceAsCode/auditree-framework/actions?query=workflow%3A%22format+%7C+lint+%7C+test%22\n[pypi-upload]: https://github.com/ComplianceAsCode/auditree-framework/actions?query=workflow%3A%22PyPI+upload%22\n[credentials]: https://complianceascode.github.io/auditree-framework/design-principles.html#credentials\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcomplianceascode%2Fauditree-framework","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcomplianceascode%2Fauditree-framework","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcomplianceascode%2Fauditree-framework/lists"}