Skip to main content

stave export compliance

Export compliance evidence package

Usage

stave export compliance [flags]

Description

Evaluate a snapshot against a compliance framework profile and export a structured evidence package as JSON.

Runs the full assessment pipeline with evidence generation, evaluates the requested compliance profile, and produces a requirement-centric evidence package with per-requirement scores, gaps, and reasoning traces.

Supported profiles: hipaa HIPAA Security Rule soc2 SOC 2 Trust Service Criteria pci_dss_v4.0 PCI-DSS v4.0 fedramp_moderate FedRAMP Moderate (NIST 800-53 Rev 5) cis_aws_v3.0 CIS AWS Foundations Benchmark v3.0

Exit Codes: 0 All required requirements satisfied 1 One or more required requirements failed 2 Invalid input (bad profile ID, missing snapshot) 4 Internal error

Examples: stave export compliance --snapshot obs.json --profile hipaa

stave export compliance --snapshot obs.json --profile soc2
--include-pass

stave export compliance --snapshot obs.json --profile pci_dss_v4.0
--min-severity high

Flags

FlagTypeDescription
--assessment-uuidstringUUID for this assessment result (for OSCAL)
--assessorstringassessor name (for OSCAL) (default: Stave automated assessment)
--compositeboolforce composite report even for single framework
-f, --formatstringoutput format: json | table | markdown (default: json)
--include-passboolinclude passing evidence records
--min-severitystringminimum severity filter: critical|high|medium|low|all (default: all)
--profilestringcompliance profile ID (required)
--profile-filestringSlicepath to custom profile YAML (can be repeated)
--snapshotstringpath to snapshot file (required)
--system-uuidstringUUID of the System Security Plan (for eMASS/OSCAL)
--verboseboolinclude reasoning traces in table output

Examples

stave export compliance --snapshot obs.json --profile hipaa
stave export compliance --snapshot obs.json --profile soc2