49ce417428
All checks were successful
CI/CD / go-lint (push) Has been skipped
CI/CD / python-lint (push) Has been skipped
CI/CD / nodejs-lint (push) Has been skipped
CI/CD / test-go-ai-compliance (push) Successful in 32s
CI/CD / test-python-backend-compliance (push) Successful in 34s
CI/CD / test-python-document-crawler (push) Successful in 23s
CI/CD / test-python-dsms-gateway (push) Successful in 21s
CI/CD / validate-canonical-controls (push) Successful in 11s
CI/CD / Deploy (push) Successful in 2s
Module 2: Extended Compliance Dashboard with roadmap, module-status, next-actions, snapshots, score-history Module 3: 7 German security document templates (IT-Sicherheitskonzept, Datenschutz, Backup, Logging, Incident-Response, Zugriff, Risikomanagement) Module 4: Compliance Process Manager with CRUD, complete/skip/seed, ~50 seed tasks, 3-tab UI Module 5: Evidence Collector Extended with automated checks, control-mapping, coverage report, 4-tab UI Also includes: canonical control library enhancements (verification method, categories, dedup), control generator improvements, RAG client extensions 52 tests pass, frontend builds clean. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
63 lines
2.6 KiB
SQL
63 lines
2.6 KiB
SQL
-- Evidence Checks: Automated compliance verification
|
|
-- Migration 053
|
|
|
|
CREATE TABLE compliance_evidence_checks (
|
|
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
|
tenant_id UUID NOT NULL,
|
|
project_id UUID,
|
|
check_code VARCHAR(50) NOT NULL,
|
|
title VARCHAR(500) NOT NULL,
|
|
description TEXT,
|
|
check_type VARCHAR(30) NOT NULL
|
|
CHECK (check_type IN ('tls_scan','header_check','certificate_check',
|
|
'config_scan','api_scan','dns_check','port_scan')),
|
|
target_url TEXT,
|
|
target_config JSONB DEFAULT '{}',
|
|
linked_control_ids JSONB DEFAULT '[]',
|
|
frequency VARCHAR(20) DEFAULT 'monthly'
|
|
CHECK (frequency IN ('daily','weekly','monthly','quarterly','manual')),
|
|
last_run_at TIMESTAMPTZ,
|
|
next_run_at TIMESTAMPTZ,
|
|
is_active BOOLEAN DEFAULT TRUE,
|
|
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
UNIQUE (tenant_id, project_id, check_code)
|
|
);
|
|
|
|
CREATE TABLE compliance_evidence_check_results (
|
|
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
|
check_id UUID NOT NULL REFERENCES compliance_evidence_checks(id) ON DELETE CASCADE,
|
|
tenant_id UUID NOT NULL,
|
|
run_status VARCHAR(20) NOT NULL DEFAULT 'running'
|
|
CHECK (run_status IN ('running','passed','failed','warning','error')),
|
|
result_data JSONB NOT NULL DEFAULT '{}',
|
|
summary TEXT,
|
|
findings_count INTEGER DEFAULT 0,
|
|
critical_findings INTEGER DEFAULT 0,
|
|
evidence_id UUID,
|
|
duration_ms INTEGER,
|
|
run_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
|
|
);
|
|
|
|
CREATE TABLE compliance_evidence_control_map (
|
|
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
|
|
tenant_id UUID NOT NULL,
|
|
evidence_id UUID NOT NULL,
|
|
control_code VARCHAR(50) NOT NULL,
|
|
mapping_type VARCHAR(20) DEFAULT 'supports'
|
|
CHECK (mapping_type IN ('supports','partially_supports','required')),
|
|
verified_at TIMESTAMPTZ,
|
|
verified_by VARCHAR(255),
|
|
notes TEXT,
|
|
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
|
|
UNIQUE (tenant_id, evidence_id, control_code)
|
|
);
|
|
|
|
CREATE INDEX idx_evidence_checks_tenant ON compliance_evidence_checks(tenant_id);
|
|
CREATE INDEX idx_evidence_checks_type ON compliance_evidence_checks(check_type);
|
|
CREATE INDEX idx_evidence_checks_active ON compliance_evidence_checks(is_active);
|
|
CREATE INDEX idx_check_results_check ON compliance_evidence_check_results(check_id);
|
|
CREATE INDEX idx_check_results_status ON compliance_evidence_check_results(run_status);
|
|
CREATE INDEX idx_evidence_control_map_tenant ON compliance_evidence_control_map(tenant_id);
|
|
CREATE INDEX idx_evidence_control_map_control ON compliance_evidence_control_map(control_code);
|