Automated GitHub-based compliance control tracking and auditing for SOC 2 compliance. This action automates the generation of SOC 2 compliance artifacts during your CI pipeline. Integrating the following:
- IaC misconfiguration scanning via Checkov and tfsec
- Dependency scanning (Trivy)
- Secrets scanning (TruffleHog)
- GitHub repo metadata capture
- Policy document generation from structured controls
jobs:
soc2-compliance-audit:
uses: ./.github/actions/soc2-compliance
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}Ensure the following files and folders exist:
/scripts/
validate-dependencies.sh
collect-artifacts.sh
generate-policies.sh
/compliance-config/
controls.yml
This action expects the following tools to be available:
ghdockertrufflehogtfseccheckovpython3npx
This project is licensed under the MIT License.