ComplianceBot Change Risk Analyzer

Version updated for https://github.com/abishekgiri/change-risk-predictor- to version v1.0.0.

• This action is used across all versions by ? repositories.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

ComplianceBot is a GitHub Action designed for deterministic enforcement of security and compliance policies (e.g., SOC 2, ISO 27001, HIPAA) and operational change-risk analysis across pull requests. It automates predictable, transparent decision-making and generates immutable audit evidence to support regulated environments, external audits, and high-risk systems. Its key capabilities include policy-as-code enforcement, full traceability, and the use of AI as a non-enforcing assistant for explanations and remediation suggestions.

Release notes

ComplianceBot v1.0.0

Initial production release of ComplianceBot with secure packaging and CI enforcement.

Highlights

• Dockerized ComplianceBot CLI (python:3.10-slim)
• Runs as non-root user (UID 1000) for security compliance
• GitHub Action for pull request risk and compliance analysis
• Supports report-only and blocking enforcement modes
• Deterministic exit codes for branch protection rules
• Writes auditable evidence bundles to the repository workspace

Use cases

• Enforce code and compliance policies in pull requests
• Block risky or non-compliant changes before merge
• Generate auditable artifacts for SOC2 / ISO workflows

Status

• Stable v1.0.0 release
• Ready for GitHub Marketplace publication

• abishekgiri
• GitHub Actions