LogoLogo
  • Guide
    • Introduction
    • Setup
    • CloudQL
    • Compliance
    • Key Terminology
    • Running Audits
    • Embed Compliance Checks in Pipelines
  • Advanced
    • Controls
      • Controls with Inline Policy
      • Controls with References Policies
      • Policies
      • Summary
    • Control Groups
    • Framework
    • Product Architecture
  • advanced-setup
    • Deploy on DigitalOcean / Linode
    • Deploy to AWS
    • Single Sign-On
    • Production Hardening
  • Platform
    • FAQ
Powered by GitBook

© 2025 open governance Inc.

On this page
  1. Guide

Embed Compliance Checks in Pipelines

This guide provides the essential steps to integrate opencomply into your CI/CD pipeline.

1

API Keys

Navigate to Administration > API > Generate API. Follow the on-screen instructions to create a new API key. Give the key a descriptive name (e.g., "CI/CD Integration").

2

Run Compliance Job

To run a compliance assessment, determine the Integration ID and Compliance ID, then trigger the job.

curl -X POST "https://$DOMAIN/main/schedule/api/v3/compliance/framework/baseline_security/run" \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "integration_info": [
      {
        "integration_type": "aws_cloud_account",
        "provider_id": "122814690049"
      },
      {
        "integration_type": "azure_subscription",
        "provider_id": "f8b4c7a2-d9e3-4b1a-9f50-2c8d17e65a3b"
      }
    ]
  }'
3

Track Jobs

Track the progress of triggered compliance jobs.

curl -X GET "https://$DOMAIN/main/schedule/api/v3/job/compliance/{job-id}" \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json"

Examine the response (similar to below) for the job_status 

{
  "job_id": "...",
  // ... other fields
  "job_status": "SUCCEEDED",
  "start_time": "...",
  "end_time": "...",
  // ... more fields
}
4

Get Results

After, Job is completed, you will see incidents

{
  "job_id": 136,
  "job_status": "SUCCEEDED",
  "frameworks": [
    {
      "framework_id": "baseline_security",
      "framework_name": "Security"
    }
  ],
   "...": "...",
  "incidents": {
    "summary": {
      "ok": 409,
      "alarm": 152
    },
    "alarms_breakdown": {
      "high": 119,
      "medium": 27,
      "low": 6,
      "...": "..."
    },
    "...": "..."
  },
  "...": "..."
}
5

Analyzing Results

The incidents section has two parts:

  • summary: A quick overview of the incidents:

    • ok: Number of checks that passed.

    • alarm: Number of checks that triggered an alert (potential problem).

  • alarms_breakdown: Details the severity of each alert (these may vary depending on the compliance framework):

    • critical: Number of critical violations.

    • high: Number of high-severity violations.

    • medium: Number of medium-severity violations.

    • low: Number of low-severity violations.

Decide on Success: Fail the pipeline if the alarm count is > 0 or there are any critical/high violations (adjust based on your policies).

PreviousRunning AuditsNextControls

Last updated 3 months ago

Page cover image