Skip to main content

Skillber v1.0 is here!

Learn more

Compliance Automation

Checking access...

Policy-as-Code

Write policies as machine-enforceable rules:

# AWS Config rule as code (Python + c7n)
from c7n_resources import resources
from c7n import policy
@resources('aws.s3')
class S3PublicAccessBlock(policy.Policy):
name = 's3-public-access-block'
resource = 'aws.s3'
def process(self, resources):
for bucket in resources:
result = self.client.get_public_access_block(Bucket=bucket['Name'])
if not result['PublicAccessBlockConfiguration']['BlockPublicAcls']:
self.deny(bucket, "BlockPublicAcls not enabled")

Automated Evidence Collection

# Compliance evidence pipeline (GitHub Actions)
name: Compliance Evidence Collection
on:
schedule:
- cron: '0 6 * * 1' # Every Monday
workflow_dispatch:
jobs:
collect-evidence:
runs-on: ubuntu-latest
steps:
- name: Collect AWS evidence
run: |
aws iam list-users > evidence/iam-users.json
aws configservice describe-config-rules > evidence/config-rules.json
- name: Collect Azure evidence
run: |
az policy state list > evidence/azure-policy-compliance.json
az role assignment list > evidence/azure-role-assignments.json
- name: Upload to evidence repository
uses: actions/upload-artifact@v4
with:
name: compliance-evidence-$(date +%Y-%m-%d)
path: evidence/

Compliance Monitoring Tools

ToolPurposeType
AWS ConfigAWS resource configuration monitoringManaged
Azure PolicyAzure resource policy enforcementManaged
GCP Org PoliciesGCP organisation-wide constraintsManaged
Cloud CustodianMulti-cloud policy engineOpen-source
OpenPolicyAgentGeneral-purpose policy engine (Rego)Open-source
StrongDMDatabase access complianceCommercial
VantaAutomated SOC 2 evidenceCommercial
DrataAutomated SOC 2 + compliance monitoringCommercial

Sample Compliance Dashboard

-- Compliance status query
SELECT
framework,
COUNT(*) as total_controls,
SUM(CASE WHEN status = 'passing' THEN 1 ELSE 0 END) as passing,
SUM(CASE WHEN status = 'failing' THEN 1 ELSE 0 END) as failing,
ROUND(100.0 * SUM(CASE WHEN status = 'passing' THEN 1 ELSE 0 END) / COUNT(*), 1) as pass_rate
FROM compliance_controls
GROUP BY framework;
FrameworkTotalPassingFailingPass Rate
SOC 2120115595.8%
PCI DSS256249797.3%
ISO 27001114112298.2%