Multi-framework policy-as-code compliance scanner for infrastructure and application code. Scans Terraform, Kubernetes, Docker, .env, and application source (TypeScript, Python, Go, Java, Ruby) against SOC 2, HIPAA, and NIST CSF policies.
This repository hosts both the npm (Node.js) package and the PyPI (Python) package wrappers around the ProdCycle compliance REST API (https://api.prodcycle.com/v1/compliance/validate & https://api.prodcycle.com/v1/compliance/hook).
- 3 compliance frameworks: SOC 2, HIPAA, NIST CSF
- Automated policy enforcement: Server-side OPA/Rego and Cedar evaluation engines
- Infrastructure scanning: Terraform, Kubernetes manifests, Dockerfiles,
.envfiles - Application code scanning: TypeScript, Python, Go, Java, Ruby
- CI/CD integration: CLI with SARIF output for GitHub Code Scanning
- Programmatic API: Full TypeScript and Python API for custom integrations
- Self-remediation:
gate()function returns actionable remediation prompts
npm install -g @prodcycle/prodcycle
If you prefer to install from GitHub Packages, configure your npm to point to the ProdCycle scope:
echo "@prodcycle:registry=https://npm.pkg.github.com" > .npmrc
npm login --scope=@prodcycle --registry=https://npm.pkg.github.com
npm install @prodcycle/prodcycle
pip install prodcycle
# Scan current directory against SOC 2 and HIPAA
prodcycle . --framework soc2,hipaa
# Output as SARIF for GitHub Code Scanning
prodcycle . --framework soc2 --format sarif --output results.sarif
# Set severity threshold (only report HIGH and above)
prodcycle . --framework hipaa --severity-threshold high
import { scan, gate } from '@prodcycle/prodcycle';
// Full Repository Scan
const { report, findings, exitCode } = await scan({
repoPath: '/path/to/repo',
frameworks: ['soc2', 'hipaa'],
options: {
severityThreshold: 'high',
failOn: ['critical', 'high'],
},
});
console.log(`Found ${findings.length} findings`);
console.log(`Exit code: ${exitCode}`);
// Gate function (for coding agents)
const result = await gate({
files: {
'src/config.ts': 'export const DB_PASSWORD = "hardcoded-secret";',
'terraform/main.tf': 'resource "aws_s3_bucket" "data" { }',
},
frameworks: ['soc2', 'hipaa'],
});
if (!result.passed) {
console.log('Compliance issues found:');
console.log(result.prompt); // Pre-formatted remediation instructions
}
from prodcycle import scan, gate
# Full Repository Scan
response = scan(
repo_path='/path/to/repo',
frameworks=['soc2', 'hipaa'],
options={
'severityThreshold': 'high',
'failOn': ['critical', 'high'],
}
)
print(f"Found {len(response['findings'])} findings")
print(f"Exit code: {response['exitCode']}")
# Gate function (for coding agents)
result = gate(
files={
'src/config.ts': 'export const DB_PASSWORD = "hardcoded-secret";',
'terraform/main.tf': 'resource "aws_s3_bucket" "data" { }',
},
frameworks=['soc2', 'hipaa'],
)
if not result['passed']:
print('Compliance issues found:')
print(result['prompt']) # Pre-formatted remediation instructions
An API key is required for production use to authenticate with ProdCycle. Set it via environment variable:
export PC_API_KEY=pc_your_api_key_here
API keys are created through the ProdCycle dashboard.
- Node.js >= 24.0.0
- Python >= 3.12
MIT