https://complytime.dev/Recent content in Cloud Native Compliance. Reimagined. on ComplyTimeHugoen-USCopyright (c) 2024-2025 ComplyTimeMon, 13 Apr 2026 02:36:36 +0000https://complytime.dev/docs/projects/complytime-collector-components/overview/Mon, 13 Apr 2026 02:36:36 +0000https://complytime.dev/docs/projects/complytime-collector-components/overview/<p><strong>ComplyBeacon</strong> is an open-source observability toolkit designed to collect, normalize, and enrich compliance evidence, extending the OpenTelemetry (OTEL) standard.</p> <p>By bridging the gap between raw policy scanner output and modern logging pipelines, it provides a unified, enriched, and auditable data stream for security and compliance analysis.</p>https://complytime.dev/docs/projects/complyctl/overview/Mon, 13 Apr 2026 01:10:00 +0000https://complytime.dev/docs/projects/complyctl/overview/<p>A lightweight compliance runtime that pulls <a href="https://gemara.openssf.org/">Gemara</a> policies from an OCI registry and executes scans via plugins.</p> <h3 id="architecture">Architecture<a class="anchor" href="#architecture" aria-label="Anchor">#</a> </h3> <div class="expressive-code"> <figure class="frame not-content"> <figcaption class="header"> <span class="title"></span> </figcaption> <pre tabindex="0"><code>┌──────────────────────────────────────────────────────────────────┐ │ Host │ │ │ │ ┌──────────────┐ complyctl get ┌───────────────────────┐ │ │ │ OCI Registry │ ◄────────────────── │ │ │ │ │ │ ───────────────────►│ complyctl CLI │ │ │ │ Gemara │ catalog + policy │ │ │ │ │ policies │ layers (YAML) │ init / get / list │ │ │ └──────────────┘ │ generate / scan │ │ │ │ doctor / providers │ │ │ │ version │ │ │ └─────┬────────┬────────┘ │ │ │ │ │ │ ┌────────────┘ │ │ │ │ │ │ │ ▼ ▼ │ │ ┌──────────────┐ ┌────────────────┐ │ │ │ Cache │ │ Providers │ │ │ │ │ │ │ │ │ │ ~/.complytime│ │ ~/.complytime/ │ │ │ │ /policies/ │ │ providers/ │ │ │ │ state.json │ │ │ │ │ │ │ │ complyctl- │ │ │ │ OCI Layout │ │ provider-* │ │ │ │ per policy │ │ │ │ │ └──────────────┘ │ gRPC: Describe │ │ │ │ Generate, Scan │ │ │ ┌──────────────┐ └────────────────┘ │ │ │ Workspace │ │ │ │ │ complytime.yaml defines: │ │ │ ./complytime │ - registry URL │ │ │ .yaml │ - policy IDs + versions │ │ │ │ - targets + variables │ │ │ ./.comply- │ │ │ │ time/scan/ │ │ │ │ (output) │ Scan output (EvaluationLog, OSCAL, │ │ └──────────────┘ SARIF, Markdown) written to workspace │ └──────────────────────────────────────────────────────────────────┘</code></pre> </figure> </div> <p><strong>Components:</strong></p>https://complytime.dev/docs/projects/gemara-content-service/overview/Fri, 10 Apr 2026 15:55:45 +0000https://complytime.dev/docs/projects/gemara-content-service/overview/<p>An OCI-compliant content delivery and enrichment service for <a href="https://github.com/ossf/gemara">Gemara</a> compliance artifacts. Clients can discover and download Gemara content (L1 guidance, L2 catalogs, L3 policies) as OCI artifacts using standard tooling.</p>https://complytime.dev/docs/projects/complyscribe/overview/Wed, 08 Apr 2026 07:59:35 +0000https://complytime.dev/docs/projects/complyscribe/overview/<p>ComplyScribe is a CLI tool that assists users in leveraging <a href="https://github.com/oscal-compass/compliance-trestle">Compliance-Trestle</a> in CI/CD workflows for <a href="https://github.com/usnistgov/OSCAL">OSCAL</a> formatted compliance content management.</p> <blockquote> <p>WARNING: This project is currently under initial development. APIs may be changed incompatibly from one commit to another.</p>https://complytime.dev/docs/projects/complytime/overview/Wed, 25 Mar 2026 06:57:47 +0000https://complytime.dev/docs/projects/complytime/overview/<p><em>No README available.</em> Visit the <a href="https://github.com/complytime/complytime">repository on GitHub</a> for more information.</p>https://complytime.dev/docs/projects/complytime-collector-components/attributes/compliance/Mon, 13 Apr 2026 02:36:36 +0000https://complytime.dev/docs/projects/complytime-collector-components/attributes/compliance/<!-- synced from complytime/complytime-collector-components/docs/attributes/compliance.md@main (d6842ba62f96) --> <!-- NOTE: THIS FILE IS AUTOGENERATED. DO NOT EDIT BY HAND. --> <!-- see templates/registry/markdown/attribute_namespace.md.j2 --> <h2 id="compliance">Compliance<a class="anchor" href="#compliance" aria-label="Anchor">#</a> </h2> <h3 id="compliance-assessment-attributes">Compliance Assessment Attributes<a class="anchor" href="#compliance-assessment-attributes" aria-label="Anchor">#</a> </h3> <p>Attributes added by compliance assessment tools to map policy results to compliance frameworks. Provides compliance context, risk assessment, and regulatory mapping for audit and reporting. Maps to GEMARA Layer 5 (Enforcement) for Policy-as-Code workflows.</p>https://complytime.dev/docs/projects/complytime-collector-components/design/Mon, 13 Apr 2026 02:36:36 +0000https://complytime.dev/docs/projects/complytime-collector-components/design/<!-- synced from complytime/complytime-collector-components/docs/DESIGN.md@main (bd0ad6159834) --> <h3 id="key-features">Key Features<a class="anchor" href="#key-features" aria-label="Anchor">#</a> </h3> <ul> <li><strong>OpenTelemetry Native</strong>: Built on the OpenTelemetry standard for seamless integration with existing observability pipelines.</li> <li><strong>Automated Enrichment</strong>: Enriches raw evidence with risk scores, threat mappings, and regulatory requirements via the Compass service.</li> <li><strong>Composability</strong>: Components are designed as a toolkit; they are not required to be used together, and users can compose their own pipelines.</li> <li><strong>Compliance-as-Code</strong>: Leverages the <code>gemara</code> model for a robust, auditable, and automated approach to risk assessment.</li> </ul> <h3 id="architecture-overview">Architecture Overview<a class="anchor" href="#architecture-overview" aria-label="Anchor">#</a> </h3> <h4 id="design-principles">Design Principles<a class="anchor" href="#design-principles" aria-label="Anchor">#</a> </h4> <ul> <li> <p><strong>Modularity:</strong> The system is composed of small, focused, and interchangeable services.</p>https://complytime.dev/docs/projects/complytime-collector-components/development/Mon, 13 Apr 2026 02:36:36 +0000https://complytime.dev/docs/projects/complytime-collector-components/development/<!-- synced from complytime/complytime-collector-components/docs/DEVELOPMENT.md@main (33bc511c1043) --> <p>This guide provides comprehensive instructions for setting up, building, and testing the ComplyBeacon project. It complements the <a href="https://github.com/complytime/complytime-collector-components/blob/main/docs/DESIGN.md">DESIGN.md</a> document by focusing on the practical aspects of development.</p>https://complytime.dev/docs/projects/complytime-collector-components/attributes/policy/Mon, 13 Apr 2026 02:36:36 +0000https://complytime.dev/docs/projects/complytime-collector-components/attributes/policy/<!-- synced from complytime/complytime-collector-components/docs/attributes/policy.md@main (6ccd9e8264d2) --> <!-- NOTE: THIS FILE IS AUTOGENERATED. DO NOT EDIT BY HAND. --> <!-- see templates/registry/markdown/attribute_namespace.md.j2 --> <h2 id="policy">Policy<a class="anchor" href="#policy" aria-label="Anchor">#</a> </h2> <h3 id="policy-engine-attributes">Policy Engine Attributes<a class="anchor" href="#policy-engine-attributes" aria-label="Anchor">#</a> </h3> <p>Attributes emitted by policy engines (OPA, Gatekeeper, etc.) during policy evaluation and enforcement. Maps to GEMARA Layer 4 (Evaluation) for Policy-as-Code workflows.</p>https://complytime.dev/docs/projects/complytime-collector-components/publish_image/publish-image/Mon, 13 Apr 2026 02:36:36 +0000https://complytime.dev/docs/projects/complytime-collector-components/publish_image/publish-image/<!-- synced from complytime/complytime-collector-components/docs/publish_image/publish_image.md@main (560d3f05d68e) --> <p>This guide explains how to publish in GHCR and promote in Quay for container images by using the org-infra reusable workflows.</p>