{control_id}: {result.get('description', 'N/A')}
{control_id}: {result.get('description', 'N/A')}
Status: FAILED ❌
Resources Affected: {len(result.get('failed_resources', []))}
Remediation Required: {result.get('remediation', 'See compliance documentation')}
Failed Resources: """ for resource in result.get('failed_resources', []): report += f"- {resource['type']}: {resource['name']}\n"
return report
Policy as Code for Compliance
class CompliancePolicyEngine: def init(self, policies_dir: str): self.policies = self._load_policies(policies_dir)
def evaluate_terraform_plan(self, plan_json: Dict) -> Dict[str, Any]:
"""Evaluate Terraform plan against compliance policies."""
violations = []
for resource_change in plan_json.get('resource_changes', []):
if resource_change['change']['actions'] != ['delete']:
resource_type = resource_change['type']
resource_config = resource_change['change']['after']
for policy in self.policies:
if self._policy_applies(policy, resource_type):
violation = self._check_policy(policy, resource_type, resource_config)
if violation:
violations.append({
'resource': resource_change['address'],
'policy': policy['id'],
'severity': policy['severity'],
'message': violation
})
return {
'compliant': len(violations) == 0,
'violations': violations,
'blocked': any(v['severity'] == 'HIGH' for v in violations)
}
Real-time compliance dashboards provide continuous visibility into compliance posture. These dashboards aggregate data from multiple sources - IaC scanners, runtime configuration assessments, and audit logs. Executives see high-level compliance scores while engineers access detailed remediation guidance.