Skip to content

feature: compliance-as-code — control-to-regulation mapping + ITGC-SE… #1

feature: compliance-as-code — control-to-regulation mapping + ITGC-SE…

feature: compliance-as-code — control-to-regulation mapping + ITGC-SE… #1

name: compliance-gate
# Wires audit control re-performance into CI as a merge gate (mirrors
# audit/ccm/continuous-controls-monitoring.md). Fails the build if a remediated
# control regresses. Currently gates ITGC-SEC-06 (Credential & secrets management):
# PCI DSS 4.0 Req 8.6.2, SOX ICFR, GDPR Art. 32.
on:
push:
branches: ["**"]
pull_request:
jobs:
itgc-sec-06-credentials:
name: ITGC-SEC-06 — no committed credentials
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Fast scan for committed secrets (bash gate)
run: bash audit/compliance/ci/check_committed_secrets.sh
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: "17"
cache: maven
- name: Re-perform control test (CredentialManagementControlTest)
run: ./mvnw -B -ntp -Dtest=CredentialManagementControlTest -DfailIfNoTests=false test