Project: 5C: Continuous Code Compliance Control Center #291
Description
This project is tracked at 00-AboutCodePlanner (view)
5C: Continuous Code Compliance Control Center
Modern software products routinely include over 10,000 packages. Smaller teams often do not have the bandwidth to evaluate everything for cybersecurity and CRA compliance, and do not have the budget or resources for proprietary tools or complicated processes. Continuous Code Compliance Control Center (5C) is a new DejaCode and AboutCode app that will provide an accessible overview dashboard, necessary for teams to focus on critical cybersecurity and compliance issues, and track security and compliance at scale with less effort. 5C will continuously monitor and aggregate events, from AboutCode tools and other FOSS tools integrated in AboutCode, to provide a visual compliance observability.
The goals are to provide key features such as: actionable insights, shareable across stakeholders, drill-down from summary to investigate issue details and on-demand workflows for teams to resolve issues. 5C will facilitate proactive risk management with aggregated data and "Key Compliance Indicators", using a set of predefined and customizable rules for policies and thresholds to trigger alerting and reporting noncompliance and cybersecurity issues as events when needed. 5C plans to deliver the top layer for a FOSS solution to simplify meeting complex regulatory requirements and cybersecurity technical data management for effective and efficient automated compliance operations, across engineering, security, legal, and business teams.