Compliance Dashboard
Monitor your organization's compliance posture, run scans, view control coverage, and share reports with stakeholders. The compliance dashboard provides a centralized view across all projects, frameworks, and policy groups.
Dashboard Layout
The compliance page uses a three-panel layout:
| Panel | Content |
|---|---|
| Left | Policy Group Tree for browsing policy groups and frameworks |
| Center | Detail view for the selected group's policies, controls, and violation details |
| Right | Project coverage for the projects mapped to the selected group |
Compliance Header
The header bar shows organization-wide compliance metrics:
| Metric | Description |
|---|---|
| Posture Score | Percentage of passing policy checks on a 0 to 100 scale |
| Risk Rating | low, medium, high, or critical based on violation severity |
| Control Coverage | Percentage of framework controls with mapped policies |
| Compliant Projects | Count of projects with no violations vs total projects |
Executive Dashboard
The Executive Dashboard provides a high-level overview for leadership and auditors:
- Organization-wide compliance posture score
- Risk rating with trend direction
- Control coverage by framework
- Cloud provider breakdown
- Top violated policies
- Project compliance rankings
Access from the compliance header or Compliance → Executive Dashboard.
Compliance Scanning
Trigger scans to evaluate policies against project state.
Scan Types
| Type | Description |
|---|---|
| Manual | Triggered on demand from the compliance page |
| Auto Sync | Runs automatically when project state changes |
| Scheduled | Runs on a configured schedule |
Running a Scan
Navigate to Compliance
Open the Compliance page from the main sidebar.
Select Scope
Choose a specific project or scan all projects.
Trigger Scan
Click Run Scan to evaluate all mapped policies against current project state.
View Results
Results appear in the dashboard with updated posture score and violation details.
Scan History
View past scans for any project at Compliance → [Project] → Scan History. Each scan record includes:
- Scan type (manual, auto_sync, scheduled)
- Timestamp and duration
- Results summary (pass/fail counts)
- Detailed violation list
Violation Management
Severity Levels
| Severity | Priority |
|---|---|
| Critical | Immediate action required |
| High | Urgent attention needed |
| Medium | Should address soon |
| Low | Informational |
Violation Status
| Status | Description |
|---|---|
| Open | Not yet addressed |
| Acknowledged | Team is aware |
| In Progress | Being remediated |
| Resolved | Fixed (auto or manual) |
| Suppressed | Intentionally ignored with justification |
Filtering Violations
| Filter | Options |
|---|---|
| Severity | Critical, High, Medium, Low |
| Status | Open, Acknowledged, In Progress, Resolved, Suppressed |
| Project | Select specific project |
| Policy | Select specific policy |
| Date Range | Last 24h, 7d, 30d, custom |
Trend Analytics
The Trend Analytics modal shows compliance metrics over time:
- Posture score trend line
- Violation count by severity over time
- Project compliance improvements/regressions
- Framework coverage changes
Access from the compliance header by clicking the trend icon.
Reports
Report Types
| Report | Scope | Contents |
|---|---|---|
| Project Report | Single project | Posture score, violations, remediation steps |
| Organization Report | All projects | Executive summary, risk assessment, per-project breakdown |
Both report types generate as PDF documents with professional formatting including headers, footers, and page numbers.
Generating a Report
Select Scope
Choose Project Report or Organization Report.
Configure Options
For project reports, select the target project.
Download PDF
The report generates and downloads as a PDF file.
Report Sharing
Share compliance reports with external stakeholders through secure, password-protected links.
Creating a Share Link
Click "Share Report"
From the compliance page, click the share button.
Configure Access
Set the following options:
| Option | Description |
|---|---|
| Password | Required to protect access to the report |
| Password Hint | Optional hint shown on the access page |
| Expiration | When the link expires |
| Max Views | Maximum number of times the report can be viewed |
Select Data to Include
Choose which sections to include in the shared report:
- Projects and compliance status
- Violations and details
- Framework coverage
- Recommendations
Share the Link
Copy the generated URL and send to stakeholders.
Shared Report Access
Recipients visit the share URL and enter the password. The shared view shows a read-only snapshot of the compliance data at the time the link was created. Access is logged with IP tracking.
Managing Share Links
View and manage all active share links at Compliance → Share → Manage Links:
- View access count and last access time
- Revoke share links
- Update expiration or max views
Evidence Artifacts
The Evidence Artifacts panel collects supporting documentation for compliance audits:
- Policy evaluation results as evidence
- Scan results with timestamps
- Violation resolution history
- Configuration snapshots
Suppressing Violations
For intentional exceptions, suppress violations with documented justification:
| Field | Description |
|---|---|
| Reason | Accepted Risk, False Positive, Not Applicable |
| Justification | Required explanation |
| Expires | Optional auto-unsuppress date |
| Approved By | Who approved the exception |
Suppressed violations do not affect the compliance score until the suppression expires.
Supported Compliance Frameworks
ops0 includes built-in compliance frameworks that map policies to industry standards.
CIS Benchmarks
| Platform | Description |
|---|---|
| AWS | CIS Amazon Web Services Foundations Benchmark |
| Azure | CIS Microsoft Azure Foundations Benchmark |
| GCP | CIS Google Cloud Platform Foundations Benchmark |
| Kubernetes | CIS Kubernetes Benchmark |
| Ansible | CIS Ansible Benchmark for configuration hardening |
| Oracle Cloud | CIS Oracle Cloud Infrastructure Benchmark |
Regulatory Frameworks
| Framework | Providers |
|---|---|
| SOC 2 | AWS, GCP, Azure, Oracle Cloud |
| HIPAA | AWS, GCP, Azure, Oracle Cloud |
| GDPR | AWS, GCP, Azure, Oracle Cloud |
| ISO 27001 | AWS, GCP, Azure, Oracle Cloud |
| ISO 27002 | AWS, GCP, Azure, Oracle Cloud |
| PCI-DSS | AWS, GCP, Azure, Oracle Cloud |
Kubernetes-Specific Standards
| Standard | Description |
|---|---|
| NSA Kubernetes Hardening | NSA/CISA Kubernetes Hardening Guidance controls |
| Pod Security Standards | Kubernetes Pod Security Standards enforcement |
Configuration Management
| Standard | Description |
|---|---|
| STIG Ansible | DISA STIG compliance checks for Ansible configurations |
Troubleshooting
Violation Not Resolving
Make sure the fix was actually deployed, then trigger a manual scan or wait for the next auto-sync. Confirm the resource address still matches.
Score Not Updating
Run a fresh scan from the compliance page. If the score still lags, check the scan history for failed or partial evaluations.
False Positive
Review the policy logic and suppress the finding with a documented reason only if the result is genuinely expected.
Shared Report Expired
Create a new share link with updated expiration or max views. Existing links cannot be reactivated after they expire.