Framework Compliance
Framework Compliance
"""
for framework, score in self.metrics['framework_scores'].items():
status = "✅ PASS" if score >= 0.95 else "⚠️ NEEDS ATTENTION" if score >= 0.80 else "❌ FAIL"
report += f"- **{framework.upper()}**: {score*100:.1f}% {status}\n"
report += "\n## Top Compliance Violations\n"
violations = self.get_top_violations()
for i, violation in enumerate(violations[:10], 1):
report += f"{i}. **{violation['rule']}** ({violation['count']} occurrences)\n"
report += f" - Framework: {violation['framework']}\n"
report += f" - Severity: {violation['severity']}\n"
report += f" - Description: {violation['description']}\n\n"
report += "## Vulnerability Summary\n"
vuln_summary = self.aggregate_vulnerabilities()
total_vulns = sum(vuln_summary.values())
report += f"- **Total Vulnerabilities**: {total_vulns}\n"
for severity, count in vuln_summary.items():
percentage = (count / total_vulns * 100) if total_vulns > 0 else 0
report += f"- **{severity.capitalize()}**: {count} ({percentage:.1f}%)\n"
report += "\n## Recommendations\n"
recommendations = self.generate_recommendations()
for rec in recommendations:
report += f"- {rec}\n"
return report
def generate_recommendations(self) -> List[str]:
"""Generate actionable recommendations based on compliance data"""
recommendations = []
# Check overall compliance score
if self.metrics['current_compliance_score'] < 0.95:
recommendations.append(
"Overall compliance score is below 95% target. "
"Focus on remediating high-severity violations."
)
# Check for critical vulnerabilities
critical_vulns = sum(
scan['vulnerabilities']['critical']
for scan in self.scan_data
)
if critical_vulns > 0:
recommendations.append(
f"Found {critical_vulns} critical vulnerabilities across all images. "
"These must be remediated immediately."
)
# Check for unsigned images
unsigned_images = [
scan['image'] for scan in self.scan_data
if not scan.get('signed', False)
]
if unsigned_images:
recommendations.append(
f"Found {len(unsigned_images)} unsigned images. "
"Implement image signing for supply chain security."
)
# Check for root containers
root_containers = [
scan['image'] for scan in self.scan_data
if scan['configuration'].get('runs_as_root', False)
]
if root_containers:
recommendations.append(
f"Found {len(root_containers)} images running as root. "
"Configure containers to run as non-root users."
)
return recommendations
Generate compliance artifacts
def generate_compliance_artifacts(scan_results: Dict, output_dir: str): """Generate all compliance artifacts for audit"""
os.makedirs(output_dir, exist_ok=True)
# 1. Generate PDF report
dashboard = ComplianceDashboard(scan_results)
# Save dashboard as HTML
fig = dashboard.generate_compliance_scorecard()
fig.write_html(f"{output_dir}/compliance-dashboard.html")
# 2. Generate detailed text report
detailed_report = dashboard.generate_detailed_report()
with open(f"{output_dir}/compliance-report.md", 'w') as f:
f.write(detailed_report)
# 3. Generate CSV for further analysis
df = pd.DataFrame(scan_results)
df.to_csv(f"{output_dir}/compliance-data.csv", index=False)
# 4. Generate attestation document
attestation = generate_attestation_document(scan_results)
with open(f"{output_dir}/attestation.json", 'w') as f:
json.dump(attestation, f, indent=2)
# 5. Create evidence package
create_evidence_package(output_dir)
print(f"Compliance artifacts generated in {output_dir}")
def generate_attestation_document(scan_results: Dict) -> Dict: """Generate signed attestation for compliance""" return { "attestation": { "version": "1.0", "timestamp": datetime.now().isoformat(), "statement": "Container security compliance scan completed", "results": { "total_images": len(scan_results), "compliant_images": sum(1 for r in scan_results if is_compliant(r)), "frameworks_tested": ["pci_dss", "hipaa", "soc2", "cis_docker"], "scan_tool": "Trivy + Snyk", "scan_version": "1.0.0" }, "signature": generate_signature(scan_results) } }