run_compliance_check
Run a complete software compliance assessment in one call. Scans for licenses, checks vulnerabilities, validates policies, and returns an approve or reject decision with full documentation.
Instructions
UNIVERSAL COMPLIANCE WORKFLOW: One-shot compliance check for ANY project type.
This is a convenience tool that runs the complete standard compliance workflow:
Scan for licenses and packages (scan_directory)
Generate legal notices with purl2notices (generate_legal_notices)
Validate against policy using ospac (validate_policy or default policy)
Generate SBOM for documentation (generate_sbom)
Check for vulnerabilities (if enabled)
Return comprehensive summary with APPROVE/REJECT decision
This tool works for ANY distribution type (mobile, desktop, embedded, SaaS, etc.) - no specialized tools needed. Distribution type is used for policy validation context.
WHEN TO USE:
You want a complete compliance assessment in one call
Starting a new project compliance review
Need approve/reject decision with full documentation
Don't want to orchestrate multiple tool calls manually
Want standardized compliance workflow
WHEN NOT TO USE:
You need fine-grained control over each step → call individual tools
You only need specific information → use targeted tools (scan_directory, etc.)
You want to customize the workflow → use individual tools in your preferred sequence
WORKFLOW EXECUTED:
scan_directory(path, identify_packages=True, check_licenses=True)
generate_legal_notices(purls, output_file=NOTICE.txt)
validate_policy(licenses, policy_file or default_policy)
generate_sbom(purls, output_file=sbom.json)
check vulnerabilities (if check_vulnerabilities=True)
Aggregate results → FINAL DECISION: approved/rejected + risk level
Args: path: Directory or project to analyze distribution_type: Optional - mobile, desktop, saas, embedded, etc. (for policy context) policy_file: Optional - Path to custom ospac policy. Uses default if not specified. check_vulnerabilities: Check for security vulnerabilities (default: True) output_dir: Optional - Directory to save outputs (NOTICE.txt, sbom.json). Uses path if not specified.
Returns: Dictionary containing: - decision: "APPROVED" or "REJECTED" - risk_level: "LOW", "MEDIUM", or "HIGH" - summary: Human-readable summary of findings - licenses: List of detected licenses - packages: List of identified packages (PURLs) - vulnerabilities: List of vulnerabilities (if checked) - policy_violations: List of policy violations (if any) - artifacts_created: List of files generated (NOTICE.txt, sbom.json) - recommendations: Actionable next steps
Example: # Complete compliance check with default settings result = run_compliance_check("/path/to/project")
# Mobile app compliance with custom policy
result = run_compliance_check(
path="/path/to/mobile/app",
distribution_type="mobile",
policy_file="/policies/mobile_policy.json"
)
# Check decision
if result["decision"] == "APPROVED":
print("✓ Ready to ship!")
else:
print("✗ Issues found:", result["policy_violations"])
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| path | Yes | ||
| output_dir | No | ||
| policy_file | No | ||
| distribution_type | No | ||
| check_vulnerabilities | No |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |