Compliance Reports — nat ai compliance-report
Quick use:
nat ai compliance-report --framework owasp --output report.pdfWhat it does
nat ai compliance-report takes your scan results and generates an audit-ready narrative report that maps each finding (and each passing check) to the requirements of a compliance framework.
Instead of handing an auditor a raw findings list, you get a structured document that:
- Maps every scan finding to the relevant framework control
- Explains the remediation status of each control
- Includes evidence references (scan IDs, finding IDs, timestamps)
- Summarizes your overall compliance posture with a pass/fail breakdown
Supported frameworks
| Framework | Flag value | Key areas covered |
|---|---|---|
| OWASP API Top 10 | owasp | API1–API10, injection, auth, data exposure |
| PCI-DSS | pci-dss | Requirements 6, 10, 11 — software security, logging, testing |
| HIPAA | hipaa | Technical safeguards: access control, audit controls, integrity, transmission security |
| SOC 2 | soc2 | CC6, CC7 — logical access and system operations |
Command options
| Flag | Description | Default |
|---|---|---|
--framework | Compliance framework: owasp, pci-dss, hipaa, soc2 | Required |
--scan-id | Scan to report on (uses latest if omitted) | latest |
--output | Output file path | stdout |
--format | Output format: pdf, html, markdown | markdown |
Example report excerpt
## OWASP API Security Top 10 — Compliance Report
**Scan:** scan_001 | **Generated:** 2024-01-15 | **Status:** ⚠️ Partial
### API1:2023 — Broken Object Level Authorization
**Status:** ❌ FAIL
NAT identified 1 critical BOLA vulnerability on GET /api/v1/users/{id}.
Authenticated users can retrieve records belonging to other users.
**Evidence:** finding_003 — Scan scan_001 — 2024-01-15T10:22:00Z
**Remediation required before:** This control cannot be marked compliant
until finding_003 is resolved and a clean scan is verified.
---
### API2:2023 — Broken Authentication
**Status:** ✅ PASS
All 12 authentication-related checks passed. Token expiry, refresh token
rotation, and brute-force protection are functioning correctly.
**Evidence:** scan_001 — checks auth_001 through auth_012 — all passed.Embeddable badges
After generating a report, NAT provides shields.io-compatible badge URLs you can embed in your README:
Plan requirements
| Plan | Compliance reports |
|---|---|
| Free | — (not available) |
| Pro | 5 reports / month |
| Team | Unlimited |
⚠️
Compliance reports are available on Pro and Team plans. Free plan users can see a report preview in the dashboard but cannot export or download full reports.
Want to just scan? Quick Scan guide →
Was this helpful?