Compliance Reports
The Compliance Report provides detailed insights into your organization's compliance status. Reports are generated for each compliance standard, including Top 10 OWASP CI/CD and CIS Benchmarks, helps you identify repository-level security gaps. The dashboard supports multiple filters to help narrow down and analyze specific subsets of data. You can download or email the report for further analysis. After applying any filter, click Reload icon at the top right of the dashboard for the changes to take effect.
You can generate the compliance report for a single repository, or summary report for all repositories within a project or organization of your choice
Compliance Report (Repo)
This dashboard provides a centralized view of repository-level compliance evaluations against widely accepted security benchmarks such as Top 10 OWASP CI/CD and CIS Benchmarks.
Repo URL: Select the repository to view its compliance report.
Rules Evaluated: Total number of compliance rules evaluated for the selected repository.
Rules Passed: Number of rules the repository complies with.
Rules Failed: Number of rules the repository fails to meet.
Scan Status: Pie chart showing the percentage of passed vs failed rules.
Detailed Repo Summary:
Rule ID: Unique identifier of the compliance rule.
Rule Name: Name/summary of the compliance check.
Remediation: Recommended fix or policy to meet the rule.
Status: PASS or FAIL status of the rule.
Severity: Criticality of the rule (CRITICAL, HIGH, MEDIUM, LOW).
Standards: Compliance standards the rule maps to (e.g., CIS, OWASP).
Failed Issues Trend by Severity
Tracks the daily count of failed compliance checks by severity, helps you to quickly spot spikes, regressions, and assess repository risk posture over time.
Rules Evaluation Trend
Tracks the total number of passed vs failed rule evaluations over time, helps you to visualize changes in compliance posture across scans.
Compliance Report (Summary)
The Compliance Report (Summary) aggregates compliance status across multiple repositories.
Organization: Filter data by selected Harness Organization.
Project: Limit results to a specific Project within the Organization.
Scan Time: Filter using predefined presets (e.g., Last 7 Days) or a custom date range.
Standards: Filter by compliance standards such as CIS or OWASP.
Repos Evaluated: Total number of repositories scanned.
Repos Passed: Repositories that are fully compliant.
Repos Failed: Repositories with one or more violations.
Latest Repositories Status: Lists recently evaluated repositories, including branch names and compliance status.
Scan Status: Pie chart showing the percentage of passed vs failed repositories.
Detailed Rule Analysis
Rule ID: Unique identifier of the compliance rule.
Rule Name: Summary of the compliance check.
Remediation: Recommended fix to meet the rule.
Severity: Rule severity (CRITICAL, HIGH, MEDIUM, LOW).
Repos Passed: Number of repositories that passed this rule.
Repos Failed: Number of repositories that failed this rule.
List of Failed Repos: Names of failed repositories.
Rules Summary
Provides a breakdown of all evaluated compliance rules, showing the number of repositories that passed or failed each rule which helps to pinpoint compliance gaps across standards like CIS and OWASP.
You can also view the Failed Issues Trend by Severity and Rules Evaluation Trend graphs in the compliance Report Summary dashboard for all repositories within the organization or project.