This entire platform was produced from a domain spec by the same system described on the homepage.
SSH Compliance Testing

AI-Native SSH Image Testing.

Validates SSH configurations against eight compliance frameworks. Fixture-driven. pytest-powered. Reports your auditors will accept.

compliance-scan
STIG/ CIS Benchmarks/ NIST 800-171/ FIPS 140-3/ PCI DSS/ HIPAA/ SOC 2/ ISO 27001/ Paramiko/ pytest/
STIG/ CIS Benchmarks/ NIST 800-171/ FIPS 140-3/ PCI DSS/ HIPAA/ SOC 2/ ISO 27001/ Paramiko/ pytest/

Frameworks

Eight Standards. One Platform.

Each framework targets a different compliance need. The platform validates all eight from a single pytest run.

Government

DISA STIG

Defense Information Systems Agency Security Technical Implementation Guides. Required for DoD networks.

Industry

CIS Benchmarks

Center for Internet Security consensus-based configuration guidelines. The baseline for hardening.

Federal

NIST 800-171

Protecting Controlled Unclassified Information in nonfederal systems. CMMC requirement.

Cryptography

FIPS 140-3

Federal cryptographic module validation. Ciphers, key exchange, MACs — all validated.

Payment

PCI DSS

Payment Card Industry Data Security Standard. SSH hardening for cardholder data environments.

Healthcare

HIPAA

Health Insurance Portability and Accountability Act. Technical safeguards for PHI access controls.

Audit

SOC 2

Service Organization Control. Trust service criteria for security, availability, and confidentiality.

International

ISO 27001

International information security management standard. Annex A control validation.

How It Works

You Configure. The Agent Validates.

Define your targets in JSON. The AI agent reads your host fixture, selects the right validators for your image variant, connects via SSH, and runs every check. You get the report.

01

Define Your Targets

Add a JSON fixture per host. Hostname, SSH credentials, image variant, expected packages and services. Adding a new target is config, not code.

02

Agent Plans the Run

The AI agent reads your host fixture, identifies the image variant, and selects the right validators. Kernel enforcement prevents architectural drift.

03

Agent Connects and Validates

The agent SSHs into your hosts, executes validation commands through the 5-layer framework, and captures evidence for every check. Retry, timeout, fail-fast built in.

04

Structured Results

Pass/fail per rule, per framework, per host. Command output captured as evidence. Run it in CI/CD or schedule it nightly. Auditor-ready.

Architecture

Five Layers. Strict Separation.


    

  


  

    
Live Scan

    
What a Compliance Check Looks Like

    

      

        sshd_config audit
        complete
      

      

        

          STIG-001
          PermitRootLogin
          grep -i PermitRootLogin /etc/ssh/sshd_config
          PASS
        

        

          STIG-002
          Protocol
          grep -i ^Protocol /etc/ssh/sshd_config
          PASS
        

        

          CIS-001
          LogLevel
          grep -i ^LogLevel /etc/ssh/sshd_config
          PASS
        

        

          NIST-003
          Ciphers
          grep -i ^Ciphers /etc/ssh/sshd_config
          FAIL
        

        

          FIPS-001
          KexAlgorithms
          grep -i ^KexAlgorithms /etc/ssh/sshd_config
          PASS
        

        

          FIPS-002
          MACs
          grep -i ^MACs /etc/ssh/sshd_config
          PASS
        

      

    

  


  

    
Results

    
By The Numbers

    

      

        0
        Compliance Frameworks
      

      

        0
        Purpose-Built Validators
      

      

        0
        Checks Per Host
      

    

  


  

    
Who This Is For

    
Built For Teams That Ship Secure

    

      

        
        
DevSecOps / Fleet / Continuous

        
DevSecOps Teams

        
Maintaining SSH hardening across a fleet of hosts. Run compliance checks in CI/CD. Catch drift before it reaches production.

      

      

        
        
Government / Defense / CMMC

        
Defense Contractors

        
STIG compliance is not optional when your systems sit on a DoD network. Continuous validation replaces the scramble before an audit.

      

      

        
        
Security / Audit / Reporting

        
Security Teams

        
Structured reports with rule IDs, severity levels, and evidence. Designed to hand directly to an auditor.

      

      

        
        
MSP / Multi-Tenant / Scalable

        
Managed Service Providers

        
Each customer gets their own fixture file with their compliance requirements. Scale without writing new code.

      

    

  


  

    View on GitHub