Module controls 

Modules

agent_spec_conformance

branch_history_integrity

branch_protection_enforcement

build_isolation

build_provenance

change_request_size

code_scanning_alerts_resolved

codeowners_coverage

container_provenance

container_signature

conventional_title

coverage_threshold

dependency_completeness

dependency_provenance

dependency_signature

dependency_signer_verified

description_quality

harness_gate

hosted_build_platform

issue_linkage

license_compliance

mcp_scope_check

merge_commit_policy

network_egress_audit

privileged_operation_audit

privileged_workflow_detection

provenance_authenticity

release_asset_attestation

release_traceability

required_status_checks

review_independence

sbom_completeness

scoped_change

secret_scanning

security_file_change

security_policy

security_test_in_ci

source_authenticity

stale_review

test_coverage

two_party_review

vulnerability_scanning

Functions

aiops_controls

Returns AI-ops agent safety controls (Layers 1, 2, 4).

all_controls

Returns all controls (all SLSA + compliance + aiops).

all_slsa_controls

Returns all SLSA controls (Source L4 + Build L3 + Dependencies L4).

compliance_controls

Returns compliance controls (non-SLSA, SOC2/ASPM mapped).

control_description

Returns the SARIF-friendly description for a built-in control ID. Falls back to “Custom control” for unknown IDs.

posture_controls

Returns repository-posture controls only (no PR-scoped compliance controls).

slsa_controls

Returns all SLSA controls across both tracks up to the given levels.

slsa_controls_for_level

Returns all SLSA controls required for the given track up to the given level.