strongdm/ comply

(v1.5.1) 6 months ago

Ruby

golang

gdpr

pdf-generation

View on GitHub

Need help with comply?

Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

strongdm

556 Stars

132 Forks

Apache License 2.0

188 Commits

34 Opened issues

Description

Compliance automation framework, focused on SOC2

Services available

Need anything else?

Contributors list

Readme

Comply is a SOC2-focused compliance automation tool:

Policy Generator: markdown-powered document pipeline for publishing auditor-friendly policy documents
Ticketing Integration: automate compliance throughout the year via your existing ticketing system
SOC2 Templates: open source policy and procedure templates suitable for satisfying a SOC2 audit

Installation

Name: comply
Brand: comply
SKU: //strongdm/comply
Rating: 3.112 (556 reviews)

macOS:

brew tap strongdm/comply; brew install comply

Linux:

Download latest release

Go users:

go get github.com/strongdm/comply

Get Started

Start with

comply init

$ mkdir my-company
$ cd my-company
$ comply init

Once

comply init

is complete, just

git init

and

git push

your project to a new repository. You're ready to begin editing the included policy boilerplate text.

Discussion

Join us in Comply Users

Screenshots

Demo video

Start a Project

Build PDFs

Track Policy Coverage

Dashboard

Dependencies

Comply relies on pandoc, which can be installed directly as an OS package or invoked via Docker.

CLI

NAME:
   comply - policy compliance toolkit

USAGE:
   comply [global options] command [command options] [arguments...]
COMMANDS:
     init             initialize a new compliance repository (interactive)
     build, b         generate a static website summarizing the compliance program
     procedure, proc  create ticket by procedure ID
     scheduler        create tickets based on procedure schedule
     serve            live updating version of the build command
     sync             sync ticket status to local cache
     todo             list declared vs satisfied compliance controls
     help, h          Shows a list of commands or help for one command

Running in Docker

Comply is currently only released for Linux and macOS, however from other operating systems it's possible to run using Docker:

# first pull the latest published docker image $ docker pull strongdm/comply

from an empty directory that will contain your comply project

$ docker run --rm -v "$PWD":/source -p 4000:4000 -it strongdm/comply [email protected]:/source# comply init ✗ Organization Name:

serve content live from an established project

$ docker run --rm -v "$PWD":/source -p 4000:4000 -it strongdm/comply [email protected]:/source# comply serve Serving content of output/ at http://127.0.0.1:4000 (ctrl-c to quit)

For Windows users, replace $PWD with the full path to your project directory

Ticketing Integrations:

Jira
Github
Gitlab

Configuring Jira

When comply creates a ticket (through

proc

, for instance), it sets the following fields.

assignee
description
issuetype
labels
project key
reporter
summary

Please make sure that the default Create Screen has all of those fields enabled. Additionally, make sure that there are no other required fields for the issue type you choose.

Forking and local development

Assumes installation of golang and configuration of GOPATH in .bash_profile, .zshrc, etc Inspiration: http://code.openark.org/blog/development/forking-golang-repositories-on-github-and-managing-the-import-path

$ go get github.com/strongdm/comply
$ cd $GOPATH/src/github.com/strongdm/comply ; go get ./...
$ make
$ cd example
$ mv comply.yml.example comply.yml
$ ../comply -h
$ ../comply sync
$ ../comply serve
#
$ make # recompile as needed with in $GOPATH/src/github.com/strongdm/comply