evaluate_compliance
Assess project compliance with SOC2, GDPR, or AIUC frameworks by scanning code, SBOMs, vulnerabilities, and hallucination risks, then evaluating controls with optional evidence saving.
Instructions
Evaluate a project against compliance frameworks (SOC2-technical, GDPR-technical, AIUC-1). Collects evidence from code scans, SBOM, vulnerability checks, and hallucination detection, then evaluates controls. Optionally saves timestamped evidence bundle.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| sbom_path | No | Path to existing SBOM file (skips SBOM generation) | |
| verbosity | No | Response detail level (default: compact) | |
| frameworks | No | Compliance frameworks to evaluate (default: ["aiuc-1"]). Options: aiuc-1, soc2-technical, gdpr-technical | |
| baseline_path | No | Path to SBOM baseline file for drift comparison | |
| save_evidence | No | Save evidence bundle to .scanner/evidence/ (default: false) | |
| directory_path | Yes | Path to project root directory to evaluate |