LogoLogo
  • Guide
    • Introduction
    • Setup
    • CloudQL
    • Compliance
    • Key Terminology
    • Running Audits
    • Embed Compliance Checks in Pipelines
  • Advanced
    • Controls
      • Controls with Inline Policy
      • Controls with References Policies
      • Policies
      • Summary
    • Control Groups
    • Framework
    • Product Architecture
  • advanced-setup
    • Deploy on DigitalOcean / Linode
    • Deploy to AWS
    • Single Sign-On
    • Production Hardening
  • Platform
    • FAQ
Powered by GitBook

© 2025 open governance Inc.

On this page
  • High Level Architecture
  • Core Services
  • Additional Services
  • Data
  • Workers
  1. Advanced

Product Architecture

Understand the architecture of opencomply

PreviousFrameworkNextDeploy on DigitalOcean / Linode

Last updated 3 months ago

High Level Architecture

opencomply is written in Go and runs on Kubernetes.

Core Services

  1. Integration Service: Facilitate the ability for opencomply to connect with external provided

  2. Compliance Service: Responsible for presenting compliance related

  3. Scheduler Service: Responsible for scheduling Inventory and Compliance related Jobs

  4. CloudQL: Enables the ability to run CloudQL Queries

  5. Core: Provide Metadata and key inventory related information

  6. Auth: Responsible for providing Authentication & Authorization

Additional Services

  1. WebUI - UI for the app. Written in ReactJS

  2. Dex - Used by Authentication service to provide OIDC)

  3. Nginx responsible for routing API calls

  4. NATS - The message bus for the whole platform

  5. Vault - HashiCorp Vault for securely storing and retrieving credentials

Data

  1. Postgres: Primary datastore for the entire product

  2. opensearch: All inventory and compliance data are stored

Workers

In opencomply, "Workers" (most of which are implemented as Kubernetes Jobs) handle various scheduled tasks, such as running discovery, checking compliance, and performing housekeeping. KEDA is used to scale these Jobs, along with other opencomply components.

  1. Compliance Workers: Responsible for executing compliance jobs

  2. Describe Workers: Connects to integrations and

  3. Migrator: Responsible for loading product metadata from git