Skip to content

pesach/connectors

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GRC Oversight — Connectors

Open, public-domain evidence connectors for governance, risk, and compliance (GRC) tooling. Each connector reads a customer system you've authorized — a GitHub org, an AWS account, an Okta tenant, a Postgres database — and returns normalized, compliance-graded assets. No database, no framework, no vendor lock-in: just the read-and-normalize logic, free for anyone to take.

License: The Unlicense — public domain. Copy it, fork it, ship it in your product, sell it. No attribution required.

What's a connector?

Every connector is a pure function of the shape:

(credentials) => Promise<{ assets: DiscoveredAsset[] }>

A DiscoveredAsset is a normalized record with a compliance verdict:

interface DiscoveredAsset {
  externalId: string;              // stable id in the source system (ARN, repo id, user id…)
  name: string;                    // human label
  type: string;                    // asset class, e.g. "S3_BUCKET", "OKTA_USER"
  rawConfig: Record<string, unknown>; // sanitized snapshot (no secrets) for evidence
  complianceOk: boolean;           // true when the asset passes all checks
  issues: string[];                // machine-readable failure codes, e.g. ["MFA_DISABLED"]
}

Connectors are read-only, single-tenant (they only ever see the credentials for the one system being synced), and never touch a database — they hand back plain objects for your app to persist however it likes.

See src/types.ts for the full contract and per-provider credential shapes.

What's included

  • Native connectors — provider-specific readers with real client libraries or REST calls: GitHub, GitLab, AWS, GCP, Google Workspace, Okta, Auth0, Datadog, PagerDuty, CrowdStrike, Snyk, plus HRIS (Deel, Rippling, HiBob, Personio, Justworks, BambooHR-style, Greenhouse, Lever, Ashby, BreezyHR, Omni), ticketing (Asana, ClickUp, Trello, Shortcut, YouTrack, Zoho Desk), and data stores (Postgres, Redis, Oracle, CouchDB, CrateDB, QuestDB, SurrealDB, TimescaleDB, DuckDB).
  • Tier 1 REST definitions (src/tier1-rest.ts) — declarative, read-only REST evidence definitions for dozens more providers.
  • Generic templates (src/generic/) — reusable HTTP, OAuth, and webhook building blocks for wiring up a provider that isn't here yet.
  • Registry (src/register.ts) — registers every connector against the lightweight SDK in src/sdk.ts.

Using it

These are TypeScript source files, meant to be read, copied, and adapted. Point them at your own persistence and scheduling — there's no runtime here.

npm install
npx tsc --noEmit   # type-check the connectors
import { collectGithub } from "./src/github";

const { assets } = await collectGithub({ token: process.env.GH_TOKEN!, org: "acme-inc" });
const failing = assets.filter((a) => !a.complianceOk);

Dependencies

Most connectors use only Node built-ins and fetch. A few native ones pull in official client libraries:

  • @octokit/rest — GitHub
  • @aws-sdk/client-iam, @aws-sdk/client-s3 — AWS
  • pg — Postgres

They're listed in package.json; install only what you use.

Contributing a connector

  1. Copy the closest existing connector (a REST one like src/datadog.ts is a good template).
  2. Define its credential shape in src/types.ts.
  3. Return DiscoveredAsset[] with honest issues codes.
  4. Register it in src/register.ts.

Keep it read-only, keep it single-tenant, and never log or return raw secrets.


Extracted from the GRC Oversight platform and released to the public domain so the compliance community can build on it freely.

About

Public-domain, read-only GRC evidence connectors — normalize posture from GitHub, AWS, Okta, Datadog & dozens more into compliance-graded assets. Free for anyone to take.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors