vulkro compliance
Run a compliance evaluation against a profile. Each finding the security engine produced is mapped to the relevant control(s); unmet controls are listed with the citation that flags them, ready for an audit handoff.
Usage
vulkro compliance . --profile soc2
vulkro compliance . --profile pci --format json
Flags
| Flag | Description | Default |
|---|---|---|
--profile <NAME> | One of owasp-asvs, pci, soc2, hipaa, nist-ssdf, iso27001, cis, cwe-top25. | owasp-asvs |
--format <FMT> | Output format. | table |
What's mapped
Every finding category emits a compliance_controls list.
The same finding typically satisfies multiple frameworks - e.g. a CSRF
detection maps to ASVS V13, OWASP A05:2021, PCI 6.5.9, and CIS 16.10
simultaneously.
The desktop console's Compliance tab renders pass/fail per control with direct links to the underlying findings, so an auditor can ask "show me how you meet PCI 6.5.7" and you can answer in one click.
Profiles
| Profile | Coverage |
|---|---|
owasp-asvs | ASVS L1 + L2 chapters V1-V14 |
owasp-top10 | OWASP Top 10:2021 categories A01-A10 |
pci | PCI-DSS 4.0 requirements 6, 11 |
soc2 | Trust Services Criteria CC6 (Logical Access), CC7 (System Operations) |
hipaa | Security Rule Sec.164.312 |
nist-ssdf | SP 800-218 PS, PW, RV practices |
iso27001 | Annex A.5, A.8, A.14 |
cis | CIS Critical Security Controls v8 |
cwe-top25 | CWE Top 25 Most Dangerous |