Security policy content in SCAP, Ansible, Bash, and CEL for compliance automation
- Stars2.7k
- Forks804
- Open Issues202
Other
- Shell
- Python
- Jinja
About ComplianceAsCode
ComplianceAsCode produces security policy content for platforms including Red Hat Enterprise Linux, Fedora, Ubuntu, Debian, SUSE Linux Enterprise Server, Firefox, and Kubernetes. Teams use it to evaluate systems against security baselines and bring them into compliance using widely supported formats.
It generates SCAP content in XCCDF, OVAL, and source data stream formats, plus Ansible playbooks, Bash fix scripts, and CEL content for Kubernetes and OpenShift. A single YAML rule format feeds the build, so CCE, NIST, STIG, and other identifiers map across every output without duplicating rule logic.
Known earlier as SCAP Security Guide, it covers bare-metal machines, virtual machines, images, containers, and container images. The generated content drops straight into scanners like OpenSCAP, or remediates hosts directly through the Ansible and Bash output.
Key features
- SCAP content in XCCDF, OVAL, and source data stream formats
- Ansible playbooks generated from security profiles
- Bash fix files generated from security profiles
- CEL content for Kubernetes and OpenShift
- Scan bare-metal machines, VMs, images, containers, and container images
Details
- On GitHub since
- 2014
- Platforms
- Linux
- Deployment
- self-hostable
- Formats
- SCAP · Ansible · Bash · CEL
- Targets
- Machines · images · containers
- Former name
- SCAP Security Guide