Regulatory scope (PCI / HIPAA / SOC touchpoints)
Full workflow
Complete guide (limitations, CI, published lens): regulatory-scope
Why use CCE
Compliance frameworks require knowing where regulated data flows are touched in code — identity APIs, encryption, payment processors, PII handlers. Manual spreadsheets go stale; auditors need static touchpoints mapped to controls.
CCE scans for compliance-relevant SDK prefixes and produces a structured inventory of call sites per control domain.
Example command
cce -folder . -language AUTO -mapper-file https://releases.stackgen.com/cce/lenses/regulatory-scope/latest/regulatory-scope_lenses.yaml -filter all -format json -output scope.json
Analysis recipe
This use case is registered as recipe regulatory-scope — run with:
cce run -folder . -language AUTO -recipes regulatory-scope -output regulatory-scope.json
Published lens
https://releases.stackgen.com/cce/lenses/regulatory-scope/latest/regulatory-scope_lenses.yaml