ComplianceView — Compliance Monitoring
📊 Active Project
What is ComplianceView?
ComplianceView is a continuous compliance monitoring platform for financial services. It provides real-time visibility into the status of 96 security controls aligned with NIST SP 800-53r5, ISO 27001:2022, DORA, and FINOS SDLC Controls.
The Problem
Financial organizations must demonstrate to regulators that they maintain active and continuously verified security controls. Manual audit processes and spreadsheets don't scale, produce false positives, and fail to provide real-time visibility into actual compliance status.
Value Proposition
| Feature | Description |
|---|---|
| 📊 Weighted Scoring | Scoring engine weighted by security zone (External 1.4x, Infra 1.2x, SDLC 1.1x) with maturity bonuses |
| 🤖 6 Automated Collectors | Automatic verification against Gitea, Trivy, GCP, Docker, Kubernetes, and NATS |
| 🔐 Built-in RBAC | Role-based access control with Keycloak OIDC (admin / auditor / viewer) |
| 📈 30-Day Trending | SVG sparkline tracking daily compliance score evolution |
| 🕸️ Coverage Radar | Interactive radar chart showing coverage across security zones |
| 🕳️ Zero Trust Native | Accessible as a Dark Service on the NetFoundry overlay (no internet exposure) |
Target Audience
| Role | Description |
|---|---|
| Compliance Officers | Monitor compliance status and generate regulatory reports |
| CISOs | Gain executive visibility into security posture with weighted scoring |
| IT Security | Run automated collectors and manage technical evidence |
| External Auditors | Access the public Trust Center and export PDF/JSON/CSV reports |
Key Features
- Interactive Dashboard — Weighted score ring chart, real-time stats, 30-day sparkline, and zone coverage radar
- 96 Unified Controls — Cybersecurity Framework (84) + FINOS SDLC³ (12), cross-mapped to NIST, ISO 27001, and DORA
- 6 Automated Collectors — Gitea (branches, PRs, webhooks), Trivy (CVEs, SBOM), GCP (IAM, KMS, audit), Docker (root, secrets), Kubernetes (RBAC, network policies), NATS (mTLS, auth)
- Scheduling + Alerts — Configurable scheduling (6h/12h/24h/weekly) with notifications to Slack, Discord, and Microsoft Teams
- Audit Timeline — Immutable record of every status change with attached evidence
- Trust Center — Public transparency page with real-time control status
- Multi-format Export — Professional PDF, structured JSON, and CSV for auditors
Preview
Technology Stack
| Layer | Technology |
|---|---|
| Frontend | React 19, Vite 8, Dark Glassmorphism CSS |
| Backend | Express 5, SQLite, node-cron |
| Auth | Keycloak OIDC (PKCE), JWT/JWKS |
| Infrastructure | Docker, Gitea Actions CI/CD |
| Zero Trust | NetFoundry overlay (Dark Service) |
⚖️ Regulatory Compliance
DORA, NIST SP 800-53r5, ISO 27001:2022, and FINOS SDLC³ — full regulatory coverage. → View compliance
📩 Request a Demo
Personalized 30-minute session for your organization. → Request demo