Is your feature request related to a problem? Please describe.
SailPoint customers are required to produce evidence for compliance frameworks (e.g., NIST 800-53, ISO 27001, SOC 2). Today, this evidence is frequently collected manually via screenshots, ad-hoc API queries, or spreadsheet exports which is slow, inconsistent, and not machine-readable. While the SailPoint CLI offers primitives like search, api, spconfig export, and report, it does not provide a unified way to collect and evaluate all governance and configuration data necessary for repeatable compliance evidence.
Describe the solution you'd like.
Introduce a new top-level command: sail compliance. This would offer:
sail compliance collect: Gathers compliance-relevant tenant data (such as AUTH_ORG config, password policies, SOD policies, certifications/access reviews, identity/role/source summaries, lifecycle states, and workflows) into a structured evidence JSON file.sail compliance evaluate: Applies a set of control definitions (starting with NIST 800-53, but extensible) to the evidence, producing pass/fail findings mapped to controls, with links to the supporting data. Users can select different control packs for other frameworks if desired.- Output formats: JSON for programmatic downstream use, with optional Markdown/HTML for audit evidence.
- Supports both point-in-time and scheduled collection (for CI/CD).
Describe alternatives you've considered.
- Building a standalone SailPoint compliance adapter tool (external project)
- Cherry-picking from
report or search commands (not unified or scalable)
- Keeping manual evidence processes (error-prone, non-repeatable)
Additional context
- Technically, this would be implemented as a new directory:
cmd/compliance/
- Follows established CLI architectural patterns (like
cmd/report/)
- Schema and control packs would be community-extensible
- This feature would greatly reduce manual effort and speed up responses to auditors and customer requests
- An initial implementation is being developed in a fork and can be contributed as a PR
Thanks for considering!
Is your feature request related to a problem? Please describe.
SailPoint customers are required to produce evidence for compliance frameworks (e.g., NIST 800-53, ISO 27001, SOC 2). Today, this evidence is frequently collected manually via screenshots, ad-hoc API queries, or spreadsheet exports which is slow, inconsistent, and not machine-readable. While the SailPoint CLI offers primitives like
search,api,spconfig export, andreport, it does not provide a unified way to collect and evaluate all governance and configuration data necessary for repeatable compliance evidence.Describe the solution you'd like.
Introduce a new top-level command:
sail compliance. This would offer:sail compliance collect: Gathers compliance-relevant tenant data (such as AUTH_ORG config, password policies, SOD policies, certifications/access reviews, identity/role/source summaries, lifecycle states, and workflows) into a structured evidence JSON file.sail compliance evaluate: Applies a set of control definitions (starting with NIST 800-53, but extensible) to the evidence, producing pass/fail findings mapped to controls, with links to the supporting data. Users can select different control packs for other frameworks if desired.Describe alternatives you've considered.
reportorsearchcommands (not unified or scalable)Additional context
cmd/compliance/cmd/report/)Thanks for considering!