GRC OBSERVABILITY
2 REPOS
CMPL54% NIST67% AI SYS2 THREATS5 LEAKS0
AI INVENTORY →
← REPOS
shipstuff/joeeftekhari.com main · b22bb1a · 2D AGO
  • MACHINE-READABLE
  • JSON (full state)
  • SARIF (code scanning)
  • OSCAL (assessment)
  • CSV
  • NIST CSF controls
  • EU AI Act articles
  • Risk register
  • Vulnerabilities
COMPLIANCE
94%
█████████████ 94%
NIST CSF 2.0
89%
████████████░░ 89%
EU AI ACT
83%
████████████░░ 83%
DATA COLLECTION· 10
Forms 2
public/partials/contact.html, public/retro/partials/contact.html
API endpoints 4
POST /api/report, POST /, POST /reload, POST /generate-style
Cookies 3
cookie_data
Trackers 1
Google Analytics
TRANSPORT
HTTPSenforced
Cert expiry2026-05-29
Headers 6/6
csp ✓, hsts ✓, xFrameOptions ✓, xContentTypeOptions ✓, referrerPolicy ✓, permissionsPolicy ✓
DEPENDENCIES
Critical1
High3
Medium1
Last audit2026-04-20
ACCESS CONTROLS
Branch protectionenabled
Required reviews1
Signed commitsno
AI SYSTEMS· 2
OpenAI · openai LIMITED
.grc-scanner/scanner/ai/provider.ts, src/server.ts
Anthropic · direct API call LIMITED
.grc-scanner/scanner/ai/provider.ts
THIRD-PARTY· 2
Resend DPA ✓
purpose: email delivery, shares: email, name, message_body, DPA: https://resend.com/legal/dpa
Google Analytics NO DPA
purpose: analytics/tracking, shares: ip_address, browsing_behavior, device_info
GOVERNANCE ARTIFACTS
Privacy PolicyGENERATED
└ served
Terms of ServiceGENERATED
└ served
security.txtPRESENT
└ served
Vuln DisclosurePRESENT
└ served
Incident Response PlanPRESENT
└ served
AI Usage PolicyPRESENT
Served state never checked. Click CHECK PRODUCTION above to populate — only URLs declared in policy_urls: are verified.