Everything you need to set up governance scanning, connect your repos, and generate compliance reports.
From zero to first scan in three commands.
go install github.com/gmx3c-org/shiftflowiq@latestshiftflowiq scan --dir . --fail-on-highshiftflowiq scan --upload --api-key $SHIFTFLOWIQ_API_KEYAdd governance scanning to any GitHub repository in one workflow file.
name: ShiftFlowIQ Governance Scan
on:
pull_request:
branches: [main]
jobs:
governance:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: gmx3c-org/shiftflowiq-action@v1
with:
api-key: ${{ secrets.SHIFTFLOWIQ_API_KEY }}
fail-on-high: trueFull REST API. All tiers get API access. OpenAPI spec at /api/docs.
Ingest scan results, list runs, trigger on-demand scans, and retrieve findings.
List, filter, resolve, and exempt governance findings across all repositories.
Create, update, enable/disable, and delete policy rules. Manage custom rule packs.
Generate one-click compliance reports for SOC 2, HIPAA, SOX, FedRAMP, and EU AI Act.
Manage team members, roles, invites, and organization settings.
Connect CI/CD platforms, data warehouses, Slack, PagerDuty, and more.
Register outbound webhook endpoints and receive scan event notifications.
Generate and revoke API keys for scanner and CI/CD authentication.
11 built-in rule packs ship with the scanner. All open source.
Python, TypeScript, YAML · 40+ rules
Terraform · 15 rules
Terraform · 15 rules
YAML workflows · 15 rules
YAML, SQL · 15 rules
Dockerfile · 15 rules
YAML manifests · 15 rules
Python, YAML · 15 rules
SQL, YAML · 15 rules
SQL, Python · 15 rules
YAML playbooks · 15 rules