Overview
Knowledge Tree includes a compliance engine that evaluates every discovered resource against built-in rules. The compliance API returns an overall score (0-100), a letter grade (A-F), and detailed findings with remediation steps.
curl http://localhost:8080/api/v1/compliance
Compliance Score
The score starts at 100 and is reduced by findings:
| Severity | Deduction | Criteria |
|---|
| Critical | -15 | Data exposure, public databases, unencrypted secrets |
| High | -10 | Missing encryption, open management ports, single-AZ databases |
| Medium | -5 | Missing logging, no backup, idle resources, missing tags |
| Low | -2 | Naming violations, non-critical config drift |
Built-in Rules
Security
| Rule ID | Name | Severity | Checks |
|---|
| SEC-001 | Unencrypted EBS Volume | High | EBS volumes should be encrypted at rest |
| SEC-002 | Publicly Accessible RDS | Critical | RDS instances should not be publicly accessible |
| SEC-003 | S3 Bucket Public Access | Critical | S3 buckets should block public access |
| SEC-004 | Security Group Open Ingress | High | Security groups should not allow 0.0.0.0/0 on SSH/RDP/DB ports |
Cost Optimization
| Rule ID | Name | Severity | Checks |
|---|
| COST-001 | Idle EC2 Instance | Medium | Running instances with low CPU utilization |
| COST-002 | Unattached EBS Volume | Medium | Volumes not attached to any instance |
Reliability
| Rule ID | Name | Severity | Checks |
|---|
| REL-001 | Single-AZ RDS | High | Production databases should use Multi-AZ |
| REL-002 | No Backup Retention | High | Databases should have backup retention configured |
Governance
| Rule ID | Name | Severity | Checks |
|---|
| GOV-001 | Missing Required Tags | Medium | Resources should have environment and owner tags |
{
"score": 72,
"grade": "C",
"resource_count": 150,
"findings_count": 12,
"by_category": [
{"category": "security", "score": 60, "finding_count": 5},
{"category": "cost", "score": 85, "finding_count": 3},
{"category": "reliability", "score": 70, "finding_count": 2},
{"category": "governance", "score": 65, "finding_count": 2}
],
"by_severity": [
{"severity": "critical", "count": 1},
{"severity": "high", "count": 4},
{"severity": "medium", "count": 7}
],
"coverage_percent": 98.5
}