Skip to content

feat(security): add compliance report generator (#2224)#3671

Open
kcostell06 wants to merge 2 commits intoIBM:mainfrom
kcostell06:2224-compliance-report-generator-clean
Open

feat(security): add compliance report generator (#2224)#3671
kcostell06 wants to merge 2 commits intoIBM:mainfrom
kcostell06:2224-compliance-report-generator-clean

Conversation

@kcostell06
Copy link
Copy Markdown

@kcostell06 kcostell06 commented Mar 13, 2026
edited
Loading

🔗 Related Issue

Closes #2224

📝 Summary

Implements an automated Compliance Report Generator that produces audit-ready reports for FedRAMP Moderate, FedRAMP High, HIPAA, and SOC2 Type II frameworks. Evidence is collected from user/role inventory, audit logs, and configuration snapshots stored in the gateway, with per-control implementation status, findings, and recommendations.

🏷️ Type of Change

  • Bug fix
  • Feature / Enhancement
  • Documentation
  • Refactor
  • Chore (deps, CI, tooling)
  • Other (describe below)

🧪 Verification

Check Command Status
Lint suite make lint
Unit tests make test
Coverage ≥ 80% make coverage

✅ Checklist

  • Code formatted (make black isort pre-commit)
  • Tests added/updated for changes
  • Documentation updated (if applicable)
  • No secrets or credentials committed

📓 Notes (optional)

PDF export, digital report signing, report scheduling, and Admin UI are not included in this PR and remain open on the issue.

@kcostell06
feat: add compliance report generator for FedRAMP/HIPAA/SOC2
faf4c01 
Implements automated compliance report generation with evidence
collection from audit logs, user/role inventory, and configuration
snapshots. Supports FedRAMP Moderate, FedRAMP High, HIPAA, and SOC2
Type II frameworks.

Closes IBM#2224

Signed-off-by: Kelly Costello <kcostell@tcd.ie>
@kcostell06
Merge branch 'IBM:main' into 2224-compliance-report-generator-clean
1db07ca
@crivetimihai
Copy link
Copy Markdown
Member

crivetimihai commented Mar 14, 2026

Thanks @kcostell06 — compliance report generator (#2224). Targeting 1.2.0.

@crivetimihai crivetimihai added enhancement New feature or request security Improves security labels Mar 14, 2026
@crivetimihai crivetimihai added this to the Release 1.2.0 milestone Mar 14, 2026
@crivetimihai crivetimihai changed the title 2224 compliance report generator clean feat(security): add compliance report generator (#2224) Mar 20, 2026
@crivetimihai crivetimihai added the COULD P3: Nice-to-have features with minimal impact if left out; included if time permits label Mar 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crivetimihai crivetimihai Awaiting requested review from crivetimihai crivetimihai is a code owner

@kevalmahajan kevalmahajan Awaiting requested review from kevalmahajan kevalmahajan is a code owner

@madhav165 madhav165 Awaiting requested review from madhav165 madhav165 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

COULD P3: Nice-to-have features with minimal impact if left out; included if time permits enhancement New feature or request security Improves security

Projects

None yet

Milestone

Release 1.2.0

Development

Successfully merging this pull request may close these issues.

[FEATURE][COMPLIANCE]: Compliance report generator - FedRAMP/HIPAA/SOC2 automation

2 participants

@kcostell06 @crivetimihai