Compliance & Security¶
Repod is designed to meet the requirements of regulated environments. This section provides the documentation and evidence materials you need for audits.
Available resources¶
NIS2 / SecNumCloud compliance¶
Detailed mapping of Repod features against NIS2 Directive (EU 2022/2555) article 21 requirements and ANSSI SecNumCloud guidelines. Includes a checklist you can attach to audit dossiers.
Security dossier (CISO)¶
Full technical security briefing: authentication mechanisms, RBAC matrix, pipeline architecture, infrastructure hardening, HTTP headers, known limitations, and GDPR considerations.
At a glance¶
| Regulation | Coverage | Evidence available |
|---|---|---|
| NIS2 art. 21 — Supply chain security | ✅ | CVE pipeline, SBOM, audit trail |
| NIS2 art. 21 — Access control | ✅ | RBAC matrix, LDAP, API tokens |
| NIS2 art. 21 — Logging & monitoring | ✅ | 18-event audit trail, JSONL export |
| ANSSI SecNumCloud — Software inventory | ✅ | CycloneDX 1.5 + SPDX 2.3 SBOM |
| GDPR — Data minimisation | ✅ | Only email + IP logged |
| GDPR — Retention policy | ✅ | Configurable audit log retention |
| ISO 27001 A.12.6 — Vulnerability mgmt | ✅ | Grype + CISO review queue |
For auditors
The audit log export (GET /artifacts/audit/logs) produces machine-readable JSONL that can be ingested directly into a SIEM. Each event includes timestamp, user, role, source IP, and action details.