01 / Technical architectureThe machine
The machine
behind the scene.
Complimetric pairs a high-performance HCL parser with a YAML-native rules engine. One engine reads your Terraform, Kubernetes, and CloudFormation; another renders verdicts mapped to SOC 2, ISO 27001, and NIST 800-53.
Reel 01 — Engine● Rolling
02 / 04HCL Parser
Reads your Terraform
the way it was written.
Built on hashicorp/hcl/v2, the parser walks every module, resolves every variable, and follows every remote source. No regex shortcuts. No proxy formats. The same AST your provider sees, examined for policy.
- Terraform 1.0+ — module graph, count, for_each, dynamic blocks.
- Cross-provider awareness: AWS, Azure, GCP, OVHCloud, Kubernetes.
- Variable interpolation, locals, outputs all resolved before evaluation.
- Workspace and state file ingestion for actual-vs-declared deltas.
2 000+Resource types parsed
< 8 sMedian scan time
main.tfHCL
12345678910CRITICALSOC 2 / CC6.1
Wildcard Action: "*" on Resource: "*" — least privilege violated. Line 6.
03 / 04Rules Engine
rules/soc2_cc6.1.yamlYAML
123456789101112Rule fileYAML — auditable
Two thousand rules,
readable by any auditor.
Every rule is a YAML file. Security engineers contribute without touching Go. Auditors trace a finding to a rule to a control without leaving the platform. Custom rules land per-org, evaluated synchronously inside the same engine.
- Built-in coverage: SOC 2, ISO 27001, NIST 800-53, HIPAA, PCI-DSS, GDPR, CIS.
- Per-org custom rules — runtime loaded, no redeploy.
- Findings include exact file, exact line, exact remediation diff.
- Rules versioned in git, with change history and rollback.
70 %Audit overhead cut
317 %Average ROI
04 / 04Integrations
Five doorways
into the same scene.
Plug Complimetric where your engineers already work. Webhooks for GitHub, a CLI for local terminals, an Actions runner for PR gates, SSO for the enterprise, and an MCP server for autonomous AI agents.
Cue the auditReady when the