pub/compliance-scan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2 Commits 1 Branch 0 Tags
753c582010fb7eb3c90bc4704e53c999f8028f27
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Heiko 753c582010 feature: IANA update
2025-12-19 20:10:39 +01:00
docs
feature: IANA update
2025-12-19 20:10:39 +01:00
src/sslysze_scan
feature: IANA update
2025-12-19 20:10:39 +01:00
tests
feature: IANA update
2025-12-19 20:10:39 +01:00
.gitignore
feat: initial release
2025-12-18 19:16:04 +01:00
pyproject.toml
feature: IANA update
2025-12-19 20:10:39 +01:00
README.md
feature: IANA update
2025-12-19 20:10:39 +01:00

README.md

compliance-scan

SSL/TLS configuration analysis with automated BSI/IANA compliance checking.

Quick Start

# Install
poetry install

# Scan server
poetry run compliance-scan scan example.com:443,636

# Generate report
poetry run compliance-scan report -t md -o report.md

# Update IANA registry data
poetry run compliance-scan update-iana

Note: SSLyze outputs INFO-level log messages during scanning that cannot be suppressed. These messages are harmless and can be ignored.

Features

  • Multi-port TLS/SSL scanning with SSLyze
  • BSI TR-02102-1/2 compliance validation
  • IANA recommendations checking
  • Vulnerability detection (Heartbleed, ROBOT, CCS Injection)
  • Certificate validation with key size compliance
  • Multiple report formats (CSV, Markdown, reStructuredText)
  • IANA registry updates from official sources

Commands

Scan

compliance-scan scan <hostname>:<port1>,<port2> [options]

# Examples
compliance-scan scan example.com:443,636 --print
compliance-scan scan [2001:db8::1]:443 -db custom.db

Note: SSLyze outputs INFO-level log messages during scanning that cannot be suppressed.

Options:

  • --print - Display scan summary in console
  • -db <path> - Database file path (default: compliance_status.db)

Report

compliance-scan report [scan_id] -t <type> [options]

# Examples
compliance-scan report -t md -o report.md
compliance-scan report 5 -t csv --output-dir ./reports
compliance-scan report --list

Options:

  • -t <type> - Report type: csv, md, markdown, rest, rst
  • -o <file> - Output file for Markdown/reStructuredText
  • --output-dir <dir> - Output directory for CSV files
  • --list - List all available scans
  • -db <path> - Database file path

Update IANA Data

compliance-scan update-iana [-db <path>]

# Example
compliance-scan update-iana -db compliance_status.db

Updates IANA registry data from official sources. Default database contains IANA data as of 12/2024.

Report Formats

CSV: Granular files per port and category for data analysis.

Markdown: Single comprehensive report with all findings.

reStructuredText: Sphinx-compatible report with CSV table includes.

Supported Protocols

Opportunistic TLS: SMTP, LDAP, IMAP, POP3, FTP, XMPP, RDP, PostgreSQL

Direct TLS: HTTPS, LDAPS, SMTPS, IMAPS, POP3S

Compliance Standards

  • BSI TR-02102-1: Certificate requirements
  • BSI TR-02102-2: TLS cipher suites and parameters
  • IANA TLS Parameters: Cipher suites, signature schemes, supported groups

Documentation

Detailed Guide - Complete reference with database schema, compliance rules, and development information.

Requirements

  • Python 3.13+
  • Poetry
  • SSLyze 6.0.0+

Database

Default location: compliance_status.db

Template with reference data: src/sslysze_scan/data/crypto_standards.db

Schema version: 5 (includes optimized views for reporting)

Development

# Run tests
poetry run pytest

# Update IANA reference data in template
python3 -m sslysze_scan.iana_parser

Version Management

Version is maintained in pyproject.toml and read dynamically at runtime.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 1.2 MiB
Languages
Python 96%
Jinja 4%