feature: compliance-as-code — control-to-regulation mapping + ITGC-SE… #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: compliance-gate | |
| # Wires audit control re-performance into CI as a merge gate (mirrors | |
| # audit/ccm/continuous-controls-monitoring.md). Fails the build if a remediated | |
| # control regresses. Currently gates ITGC-SEC-06 (Credential & secrets management): | |
| # PCI DSS 4.0 Req 8.6.2, SOX ICFR, GDPR Art. 32. | |
| on: | |
| push: | |
| branches: ["**"] | |
| pull_request: | |
| jobs: | |
| itgc-sec-06-credentials: | |
| name: ITGC-SEC-06 — no committed credentials | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Fast scan for committed secrets (bash gate) | |
| run: bash audit/compliance/ci/check_committed_secrets.sh | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: "17" | |
| cache: maven | |
| - name: Re-perform control test (CredentialManagementControlTest) | |
| run: ./mvnw -B -ntp -Dtest=CredentialManagementControlTest -DfailIfNoTests=false test |