
GESF β Green Engineering Standard FrameworkΒΆ
GESF (pronounced "Gessf" ) β the framework that helps you "get safe."
Compliance-as-Code framework that automatically enforces GDPR, OWASP, NIST, and CIS engineering standards in any software project β regardless of programming language.
What GESF DoesΒΆ
-
Scans your source code for security vulnerabilities and compliance violations using 6 built-in scanners (language-agnostic pattern matching)
-
Detects your project's ecosystem automatically β Node.js, Python, Rust, Go, Ruby, Java, PHP, .NET β and runs the correct dependency auditor
-
Generates compliance documentation β GDPR, data inventory, retention policies, risk assessments
-
Scores your project against multiple compliance frameworks with severity-weighted grading
-
Creates CI/CD pipelines (5 GitHub Actions workflows including SBOM scanning) that fail the build on critical issues
-
Provides an AI compliance assistant via MCP for Claude, VS Code Copilot, Cursor, and more
What GESF Does NOT DoΒΆ
-
It does not replace legal counsel for GDPR compliance.
-
It does not automatically fix your code β it identifies issues and suggests fixes.
-
It does not require a running server or database.
Key FeaturesΒΆ
Feature Description 6 Source Code Scanners Secrets, crypto, injection, auth, config, database β scans 20+ file types Language-Agnostic Scanning Auto-detects your ecosystem and runs the right dependency auditor 8 Supported Ecosystems Node.js (npm/pnpm/yarn/bun), Python (pip/poetry/uv), Rust, Go, Ruby, Java, PHP, .NET 7 Policy Packs GDPR (22 controls), OWASP, CIS, NIST, AI, Blockchain, Government 13 Project Types SaaS, AI, MCP Server, Blockchain, Wallet, Government, Healthcare, and more MCP AI Assistant Works with Claude, VS Code Copilot, Cursor, OpenCode, Crush, Windsurf 5 CI/CD Workflows Compliance, security, dependency scan, secret scan, SBOM scan (auto-generated) 14 Document Templates Compliance docs, security policies, threat models Compliance Reports Markdown and HTML reports with executive summary Compliance Badge SVG badge with letter grade for your README
ArchitectureΒΆ
packages/ βββ cli/ # CLI (@greenarmor/ges) βββ core/ # Types, schemas, constants βββ audit-engine/ # Real source code scanning (6 scanners) βββ compliance-engine/ # GDPR Article 5/25/30/32/33/34 controls βββ policy-engine/ # 7 policy packs (56+ total controls) βββ rules-engine/ # Auth, encryption, secrets, logging standards βββ doc-generator/ # 14 compliance/security document templates βββ cicd-generator/ # 5 GitHub Actions workflow generation βββ scoring-engine/ # Multi-framework severity-weighted scoring βββ scanner-integration/ # External tool integration (Trivy, Gitleaks, Semgrep, SBOM) βββ report-generator/ # Markdown/HTML report generation βββ mcp-server/ # MCP AI compliance assistant (6 tools)
Supported EcosystemsΒΆ
GESF automatically detects your project's language and package manager from lockfiles:
Ecosystem Package Managers Dependency Auditor Node.js pnpm, npm, yarn, bun pnpm audit, npm audit, yarn audit, bun audit Python pip, poetry, pipenv, pdm, uv pip-audit, safety Rust cargo cargo audit Go go modules govulncheck Ruby bundler bundle-audit Java maven, gradle OWASP Dependency-Check PHP composer composer audit .NET nuget dotnet list package --vulnerable
Language-agnostic scanners (Trivy, Gitleaks, Semgrep, Syft, Grype) run regardless of ecosystem.
Quick StartΒΆ
brew tap greenarmor/gesf brew install ges cd your-project ges init ges audit
npm install -g @greenarmor/ges cd your-project ges init ges audit
pnpm add -g @greenarmor/ges cd your-project ges init ges audit
cd your-project npx @greenarmor/ges init npx @greenarmor/ges audit
GESF scans any project β Python, Rust, Go, Java, Ruby, PHP, .NET, and more. Homebrew installs Node.js automatically; npm/pnpm/npx require Node.js >= 22.
No common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.
Licensed under MITβ you can use, modify, and redistribute it under that license's terms.
View the full license file on GitHub β