JSPM

  • Created
  • Published
  • Downloads 1131
  • Score
    100M100P100Q118736F
  • License MIT

Green Engineering Standard Framework - Compliance-as-Code CLI

Package Exports

  • @greenarmor/ges
  • @greenarmor/ges/dist/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@greenarmor/ges) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

@greenarmor/ges

Green Engineering Standard Framework - Compliance-as-Code CLI

Install

npm install -g @greenarmor/ges

Or use without installing:

npx @greenarmor/ges init

Quick Start

# Navigate to any project
cd my-project

# Initialize compliance framework
ges init

# Run security and compliance audit
ges audit

# View compliance score
ges score

# Generate reports
ges report

# Diagnose configuration
ges doctor

Commands

Command Description
ges init Initialize GESF in the current project
ges audit Scan source code for security and compliance issues
ges score Calculate and display compliance score
ges report Generate compliance reports (Markdown/HTML)
ges doctor Diagnose GESF configuration and health
ges scan Run external security scanners
ges compliance Show compliance status and installed packs
ges validate Validate GESF configuration
ges generate Regenerate documentation and workflows
ges policy list List available policy packs
ges policy install <pack> Install a policy pack
ges policy remove <pack> Remove a policy pack
ges update Check for updates

What It Detects

  • Secrets: Hardcoded passwords, API keys, connection strings, private keys, tokens
  • Weak Crypto: MD5, SHA1, DES, AES-128, disabled TLS verification
  • SQL Injection: String concatenation in SQL queries with user input
  • XSS: innerHTML with user input, document.write, v-html, dangerouslySetInnerHTML
  • Missing Auth: Routes without authentication middleware
  • Missing Security: No helmet, no CORS config, no rate limiting, no MFA
  • Config Issues: Secrets in .env without .gitignore, Docker as root, missing logging
  • Database Issues: Missing audit columns, missing soft delete patterns

Supported Project Types

SaaS, AI Application, MCP Server, Blockchain, Wallet, Government System, Healthcare System, Event Platform, Photo Storage Platform, Vulnerability Scanner, Generic Web Application, API Backend, Mobile Application

Compliance Frameworks

GDPR, OWASP ASVS, CIS Controls, NIST CSF, ISO 27001, ISO 27701