LogoLogo
  • Guide
    • Introduction
    • Setup
    • CloudQL
    • Compliance
    • Key Terminology
    • Running Audits
    • Embed Compliance Checks in Pipelines
  • Advanced
    • Controls
      • Controls with Inline Policy
      • Controls with References Policies
      • Policies
      • Summary
    • Control Groups
    • Framework
    • Product Architecture
  • advanced-setup
    • Deploy on DigitalOcean / Linode
    • Deploy to AWS
    • Single Sign-On
    • Production Hardening
  • Platform
    • FAQ
Powered by GitBook

© 2025 open governance Inc.

On this page
  1. Guide

Compliance

Compliance assessments check your resources against established rules (called "controls") and report any problems. The process involves three key steps:

  1. Defining the rules (controls): Establishing the specific checks your resources must meet.

  2. Running the checks (assessments): Performing the automated checks to determine compliance.

  3. Reviewing the evidence: Analyzing the assessment results to identify any issues.

Resources, which can be virtually anything OpenComply discovers, include cloud servers, Jira issues, software deployments, and GitHub repositories.

Controls specify the "OK/not OK" criteria for discovered configurations. Controls can be defined for any discovered resource and its available attributes. Examples of controls include:

  • "All servers must have encryption enabled on storage disks." (checking a server attribute for encryption)

  • "Every Jira issue needs to have a priority level set." (checking a Jira issue attribute)

Customization

OpenComply uses YAML files (stored in GitHub) for all configurations, including Policies, Controls, Control Groups, and Frameworks.To customize these, clone the repository and then in the OpenComply user interface, go to Administration → Settings → Platform Configuration.

OpenComply comes with 45+ pre-built frameworks and 1000+ controls, queries, and views.

PreviousCloudQLNextKey Terminology

Last updated 3 months ago