pilot-compliance-audit

What problem does it solve?

Pilot needs to produce a structured compliance report for auditors that clearly explains which Kubernetes resources comply with a declared security baseline and includes fingerprint-stable evidence for each finding.

Core Features & Use Cases

• Quarterly/monthly compliance reporting: Generates an auditor-facing report using Pilot’s compliance-report framing and an evidence inventory suitable for long retention windows.
• Source-truth verdicts with receipts: Runs scope-resolved compare source-truth plus scan, then verifies and persists per-resource receipts so violations can be re-validated later.
• Cross-cutting audit evidence: Includes ConfigHub audit-trail entries, scan findings, and (when applicable) fleet outliers to contextualize decisions across the declared scope.
• Compliance vocabulary mapping: Translates cub-scout receipt verdicts (PASS/WATCH/BLOCK/INCONCLUSIVE) into auditor-oriented categories (Compliant / Compliant with caveats / Non-compliant / Insufficient evidence).

Quick Start

Ask Pilot to generate a quarterly compliance report with evidence for a specific baseline View, for example: "Pilot, run the quarterly compliance audit for view prod-baseline-q2-2026 and produce this quarter's policy violations plus their evidence."