The Observatory is an automated, event-driven scanning framework for IT product/service endpoints (eg. GitHub repositories, URL, container registries). This is a currently proof-of-concept, and we’re hoping to align the relevant ITSG-33 controls with Observatory’s scanners’ checks, along with GCP metrics - to deliver on-going automated compliance and an ‘Auto-ATO’.
The full list of checks can be found in the scanners section of the docs. Some of these are web accessibility checks, secret scanning, Dockerfile linting, and vulnerability scanning.
See the Architecture page for an overview of the RUOK application architecture.
See the Development Environment page for recommendations on setting up the development environment for this project.
See the Deployment page for instructions on how to deploy the ruok-service-autochecker application.