strongdm / comply Goto Github PK
View Code? Open in Web Editor NEWCompliance automation framework, focused on SOC2
Home Page: https://comply.strongdm.com
License: Apache License 2.0
Compliance automation framework, focused on SOC2
Home Page: https://comply.strongdm.com
License: Apache License 2.0
Testing GH issue integration
Insert evidence into the Evidence Vault
Procedure-ID: workstation
Procedure-ID: patch
Insert evidence into the Evidence Vault
Procedure-ID: workstation
Insert evidence into the Evidence Vault
Procedure-ID: workstation
Insert evidence into the Evidence Vault
Process-ID: workstation
Name: Collect Workstation Details
Procedure-ID: workstation
Insert evidence into the Evidence Vault
Procedure-ID: workstation
Running comply scheduler
creates duplicate tickets in jira
Insert evidence into the Evidence Vault
Procedure-ID: workstation
Hi There
I love your code, may I donate a logo for your project?
comply proc
running on mac
version 1.2.3
docker 18.05.0-ce-mac66
$ comply init
company name
none selected for ticketing
$ comply build
panic: (model.TicketSystem) (0x14f9da0,0xc4205acbb0)
goroutine 22 [running]:
github.com/strongdm/comply/internal/model.GetPlugin(0x15f16a9, 0x4, 0x0, 0x0)
/private/tmp/comply-20180605-74529-1jhgc11/comply-1.2.3/src/github.com/strongdm/comply/internal/model/plugin.go:55 +0x213
github.com/strongdm/comply/internal/render.load(0x2, 0x2, 0x10dfaa0, 0xc420215d80)
/private/tmp/comply-20180605-74529-1jhgc11/comply-1.2.3/src/github.com/strongdm/comply/internal/render/controller.go:102 +0x82e
github.com/strongdm/comply/internal/render.loadWithStats(0xc420270d50, 0x9, 0xc420215d80, 0x2)
/private/tmp/comply-20180605-74529-1jhgc11/comply-1.2.3/src/github.com/strongdm/comply/internal/render/controller.go:112 +0x26
github.com/strongdm/comply/internal/render.html(0x15f3134, 0x6, 0x0, 0xc420382300, 0xc4203668d0)
/private/tmp/comply-20180605-74529-1jhgc11/comply-1.2.3/src/github.com/strongdm/comply/internal/render/html.go:42 +0x845
created by github.com/strongdm/comply/internal/render.Build
/private/tmp/comply-20180605-74529-1jhgc11/comply-1.2.3/src/github.com/strongdm/comply/internal/render/site.go:97 +0x1db```
Insert evidence into the Evidence Vault
Procedure-ID: workstation
After init'ing from homebrew and running comply init
and following prompts, running comply build
yields this:
Please install either Docker or the pandoc package and re-run `build`
Both docker and pandoc are installed. Could this be a gopath issue?
https://github.com/strongdm/comply/blob/master/internal/render/controller.go#L82
The sort algorithm in Go library sorting for example:
A1
A11
A111
A2
Instead of:
A1
A2
A11
A111
I think a fix might look something like this: https://softwareengineering.stackexchange.com/questions/127639/why-do-some-sorting-methods-sort-by-1-10-2-3
But not sure, this is low priority, visual only. I am using FISMA NIST 800-53 standards that employ this type of formating: AC-1, AC-1(1), AC-1(2), etc.
It would be most excellent if documents could be viewed in HTML by default, with the option to download to PDF.
Use case: It's much easier for users to access content in HTML than PDF. PDFs are hard to parse and search through imo.
Thank you!
Asking for a friend. ;)
Insert evidence into the Evidence Vault
Procedure-ID: workstation
Roughly:
audit
Assignments, due dates, etc will then be conducted as per usual. Comply Dashboard will update with audit progress as tickets are resolved.
Related: Audit tickets will ideally depend on Evidence Vault (encrypted attachments)
panic: Malformed metadata markdown in /Users/jmccarthy/tmp/will/procedures/offboarding.md, must be of the form: YAML\n---\nmarkdown content
goroutine 25 [running]:
github.com/strongdm/comply/internal/model.loadMDMD(0xc4205c0080, 0x33, 0x4, 0x0, 0x0, 0x20)
/private/tmp/comply-20180615-48154-14fvegh/comply-1.2.5/src/github.com/strongdm/comply/internal/model/fs.go:183 +0x241
github.com/strongdm/comply/internal/model.ReadProcedures(0xc4202ac200, 0x1b, 0x20, 0x0, 0x0)
Procedure-ID: patch
Stuff
Process-ID: Fish
Test
Hey Justin,
Cool project, I'm kicking the tires on using this for an upcoming compliance project.
If I or someone on my team wanted to contribute a gitlab integration, would that be ok? Do you have any contribution guidelines?
We're not a golang shop, but your github/jira implementations (in /internal
) seem straight forward enough to replicate.
I would assume that we'd have to use:
Insert evidence into the Evidence Vault
Procedure-ID: workstation
ok
Workstation Details
Insert evidence into the Evidence Vault
Process-ID: Fish
Stuff
Process-ID: Fish
Insert evidence into the Evidence Vault
Procedure-ID: workstation
Procedure-ID: patch
No evidence beyond activity logs within Slack, Github
Insert evidence into the Evidence Vault
Procedure-ID: workstation
Insert evidence into the Evidence Vault
Process-ID: workstation
Name: Collect Workstation Details
Procedure-ID: workstation
Insert evidence into the Evidence Vault
Procedure-ID: workstation
Rather than including during init
, consider introducing comply standard add
to emit the file at runtime into the standards directory
Insert evidence into the Evidence Vault
Procedure-ID: workstation
Procedure-ID: patch
Risk Process refers to the a. Risk Assessment Report Template reference which does not exists in the repo. Please add.
Insert evidence into the Evidence Vault
Procedure-ID: workstation
Stuff
Process-ID: Fish
I'm wondering why the requirement for Docker in the comply build? I think pandoc is the only requirement being met by Docker? For OS X people you're already doing a homebrew install. Would it be easier to install pandoc instead of requiring gigs and gigs of a docker install to be there already?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.