Compliance Badges

Auto-updated compliance badges you can embed anywhere. After every scan, NAT updates your badge status in real-time.

Badge types

NAT provides shields.io-compatible badges for each supported framework:

Framework	Example badge URL
OWASP API Top 10	`https://img.shields.io/badge/OWASP%20API%20Top%2010-9%2F10%20passing-brightgreen`
PCI-DSS	`https://img.shields.io/badge/PCI--DSS-7%2F8%20passing-brightgreen`
HIPAA	`https://img.shields.io/badge/HIPAA-compliant-blue`
SOC 2	`https://img.shields.io/badge/SOC%202-audit%20ready-blue`

Generate badges via CLI

nat badge --framework owasp --format markdown

Output:

![OWASP API Top 10](https://img.shields.io/badge/OWASP%20API%20Top%2010-9%2F10%20passing-brightgreen)

Available --format values: markdown, html, url

Generate badges via API

GET /api/v1/compliance/badges?framework=owasp

Response:

{
  "framework": "owasp",
  "status": "passing",
  "score": "9/10",
  "badge_url": "https://img.shields.io/badge/OWASP%20API%20Top%2010-9%2F10%20passing-brightgreen",
  "last_updated": "2024-01-15T10:22:00Z"
}

Badge status colors

Color	Meaning
`brightgreen`	All required checks passing
`yellow`	Partial compliance — some checks failing
`red`	Failing — one or more critical requirements not met
`blue`	Informational — status indicator without pass/fail scoring

Dynamic vs static badges

NAT provides dynamic badge URLs that update automatically after each scan. The badge URL stays constant — the score embedded in it updates when you run a new scan.

⚠️

If your badge shows a stale score, run a new scan to refresh it: nat scan --target https://your-api.com

Static badge URLs (generated at report time and never updated) are available via nat badge --static for point-in-time compliance snapshots.

See also: Embedding Badges for step-by-step integration guides.

In a hurry? See Quick Scans

Was this helpful?

Supported Frameworks Compliance Reports