Compliance
Inkog maps every finding to industry compliance frameworks, enabling automated compliance reporting for audits and security reviews.
Supported Frameworks
| Framework | Description | Coverage |
|---|---|---|
| OWASP LLM Top 10 | AI-specific vulnerability taxonomy | Full |
| EU AI Act | European AI regulation | Articles 13-15 |
| NIST AI RMF | AI risk management framework | MAP, MEASURE |
| CWE | Common Weakness Enumeration | 20+ mappings |
How It Works
Every Inkog finding includes compliance metadata:
{
"id": "finding_001",
"pattern": "infinite_loop_semantic",
"severity": "critical",
"compliance": {
"cwe": ["CWE-835", "CWE-400"],
"owasp_llm": ["LLM10"],
"eu_ai_act": ["Article 15"],
"nist_ai_rmf": ["MAP 1.3", "MEASURE 2.4"]
}
}Compliance Reports
Generate compliance-focused reports:
# JSON with compliance data
inkog -output json . > compliance-report.json
# Extract OWASP violations
cat compliance-report.json | jq '.compliance_report.owasp_llm_top_10'Framework Coverage
OWASP LLM Top 10
| Category | Inkog Rules |
|---|---|
| LLM01: Prompt Injection | prompt_injection, sql_injection_via_llm |
| LLM02: Insecure Output | output_validation_failures, tainted_eval |
| LLM04: Model DoS | infinite_loop, context_exhaustion, token_bombing |
| LLM06: Sensitive Info | logging_sensitive_data, hardcoded_credentials |
| LLM08: Excessive Agency | infinite_loop, missing_human_oversight |
| LLM10: Unbounded Consumption | context_exhaustion, missing_rate_limits |
EU AI Act
| Article | Focus | Inkog Rules |
|---|---|---|
| Article 13 | Data Governance | hardcoded_credentials, prompt_injection |
| Article 14 | Human Oversight | infinite_loop, tainted_eval, sql_injection_via_llm |
| Article 15 | Accuracy & Cybersecurity | hardcoded_credentials, output_validation_failures |
NIST AI RMF
| Category | Focus | Inkog Rules |
|---|---|---|
| MAP 1.1 | Input/Output Validation | prompt_injection, output_validation_failures |
| MAP 1.2 | Data Governance | logging_sensitive_data, unsafe_env_access |
| MAP 1.3 | System Reliability | infinite_loop, context_exhaustion |
| MEASURE 2.2 | Security Risk | hardcoded_credentials |
| MEASURE 2.4 | AI System Risks | tainted_eval, sql_injection_via_llm |
Audit Trail
For compliance audits, save scan reports with timestamps:
# Timestamped compliance report
inkog -output json . > "reports/inkog-$(date +%Y%m%d-%H%M%S).json"Store reports in version control or a compliance management system for audit trails.
CI/CD Integration
Fail builds on compliance violations:
# GitHub Actions
- name: Compliance Check
run: |
inkog -output json . > report.json
# Check for EU AI Act violations
VIOLATIONS=$(jq '.compliance_report.eu_ai_act | add' report.json)
if [ "$VIOLATIONS" -gt 0 ]; then
echo "EU AI Act compliance violations detected"
exit 1
fiCustom Compliance Policies
Enterprise customers can define custom compliance policies mapping findings to internal security standards.
Contact support@inkog.io for custom compliance integration.
Last updated on