Skip to content

Regulatory scope (PCI / HIPAA / SOC touchpoints)

Full workflow

Complete guide (limitations, CI, published lens): regulatory-scope

Why use CCE

Compliance frameworks require knowing where regulated data flows are touched in code — identity APIs, encryption, payment processors, PII handlers. Manual spreadsheets go stale; auditors need static touchpoints mapped to controls.

CCE scans for compliance-relevant SDK prefixes and produces a structured inventory of call sites per control domain.

Example command

cce -folder . -language AUTO -mapper-file https://releases.stackgen.com/cce/lenses/regulatory-scope/latest/regulatory-scope_lenses.yaml -filter all -format json -output scope.json

Analysis recipe

This use case is registered as recipe regulatory-scope — run with:

cce run -folder . -language AUTO -recipes regulatory-scope -output regulatory-scope.json

Published lens

https://releases.stackgen.com/cce/lenses/regulatory-scope/latest/regulatory-scope_lenses.yaml