Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.lintliot.com/llms.txt

Use this file to discover all available pages before exploring further.

LintLiot maps every security event — a blocked WAF request, an encrypted database write, a brute force detection — to specific compliance controls automatically. By the time you run a compliance report, most of the evidence has already been collected. You fill in the remaining policy-level details (cookie consent, breach notification procedures, data retention policies) and LintLiot generates a scored report with per-control findings and remediation guidance.

Supported frameworks

SOC 2 Type II

AICPA TSC controls covering security, availability, and confidentiality. Required for SaaS companies selling to enterprise customers.

GDPR

EU Regulation 2016/679 controls covering lawful basis, data subject rights, encryption, breach notification, and retention. Required for any app with EU users.

HIPAA

45 CFR Parts 160 and 164 controls covering PHI access, audit logging, encryption at rest and in transit, and incident response. Required for health-adjacent SaaS.

PCI-DSS v4.0

PCI SSC requirements covering cardholder data protection, WAF, MFA, vulnerability management, and audit logging. Required for any app handling payments.

ISO 27001

ISO/IEC 27001:2022 information security management controls. Required for enterprise international sales.

Generating a compliance report

Call lintliot.compliance.generate() with the frameworks you want to evaluate and the policy-level settings your application has configured: 
const report = lintliot.compliance.generate({
  frameworks: ['soc2', 'gdpr'],

  // Policy-level settings you configure
  encryptionAtRest: true,
  auditLogging: true,
  tlsEnforced: true,
  accessControlConfigured: true,
  mfaRequired: true,
  cookieConsent: true,
  privacyPolicy: true,
  dsrHandling: true,
  breachNotification: true,
  dataRetentionDays: 365,
  vulnerabilityScanning: true,
})

console.log(`Compliance score: ${report.score}/100`)
console.log(`Controls passing: ${report.passingControls}/${report.totalControls}`)
The function returns a ComplianceReport synchronously — no waiting, no server roundtrip. The report is also pushed asynchronously to the LintLiot API where the dashboard renders it.

ComplianceCheckOptions fields

interface ComplianceCheckOptions {
  frameworks?: ('gdpr' | 'soc2' | 'hipaa' | 'pci-dss')[]
  encryptionAtRest?: boolean       // Vault or equivalent encryption active
  auditLogging?: boolean           // Security events are being logged
  tlsEnforced?: boolean            // HTTPS enforced on all endpoints
  accessControlConfigured?: boolean // RBAC is in place
  mfaRequired?: boolean            // MFA required for admin accounts
  dataRetentionDays?: number        // Days before data is deleted
  cookieConsent?: boolean          // Cookie consent banner implemented
  privacyPolicy?: boolean          // Privacy policy published
  dsrHandling?: boolean            // Data subject request process exists
  breachNotification?: boolean     // Breach notification runbook exists
  phiEncrypted?: boolean           // PHI fields specifically encrypted (HIPAA)
  cardDataStored?: boolean         // Card data is NOT stored (PCI: should be false)
  cardDataMasked?: boolean         // Card data masked in logs
  vulnerabilityScanning?: boolean  // Regular vulnerability scanning in CI
  changeManagement?: boolean       // Change management process documented
  vendorRiskManagement?: boolean   // Vendor risk assessments conducted
}

The compliance score

The overall score is weighted by control severity — failing a critical control costs more than failing a low-severity one:
SeverityWeight
Critical4
High3
Medium2
Low1
The score is calculated as: (sum of weights for passing controls) / (sum of all control weights) × 100. Each framework also gets an individual score in the breakdown field. For per-framework breakdowns, the score is the percentage of controls passing within that framework (unweighted).

Per-control findings

Every finding in the report includes:
  • controlId — the specific control identifier (e.g. SOC2-CC6.1, GDPR-3)
  • title — the control name
  • description — what the control requires
  • passing — whether the control is currently satisfied
  • severity — how much the control affects your score
  • remediation — exactly what to do to fix a failing control
  • evidence — what LintLiot observed that determined the pass/fail status

Automatic evidence mapping

LintLiot maps security events to compliance controls continuously. You don’t need to collect evidence manually for controls that the SDK can verify:
LintLiot activityControls automatically satisfied
WAF blocking requestsSOC2-CC6.6, PCI-6.4
Vault encrypting fieldsGDPR-3, HIPAA-164.312(a)(2)(iv), SOC2-C1.1, PCI-3.4
Auth failure loggingHIPAA-164.312(b), PCI-10.2
Brute force blockedSOC2-CC6.1, ISO 27001/A.9.4.2
MFA verifiedSOC2-CC6.3, PCI-8.3
Admin route checkSOC2-CC6.2, GDPR-7
When lintliot.protect() is running on your requests, shieldActive is automatically set to true in the compliance context. When the Vault has encrypted at least one field, vaultActive becomes true. These context flags are checked by the compliance controls that depend on them — you don’t need to set them manually.

The Security Certificate page

Every LintLiot app gets a public-facing Security Certificate page at: 
https://lintliot.com/verify/[your-app-slug]
This page shows:
  • Your current Security Score (updates live)
  • Last scan date
  • Active protections
  • Compliance frameworks currently passing
  • A “Verified by LintLiot” badge
The page requires no authentication to view. You can share it in sales emails, pitch decks, and enterprise procurement questionnaires. When a prospect asks “are you SOC 2 compliant?”, you send them this link.
The Security Certificate page is available on Pro and above plans. The public link is always accessible regardless of plan.

The “Secured by LintLiot” badge

Embed a live security badge on your marketing site, landing page, or GitHub README: 
<a href="https://lintliot.com/verify/your-app-slug">
  <img
    src="https://lintliot.com/badge/your-app-slug.svg"
    alt="Secured by LintLiot"
    width="180"
  />
</a>
The badge SVG shows your live Security Score. It’s cached at edge with a 5-minute TTL, so it reflects your current score without impacting page load performance.

Compliance PDF download

From the Compliance page in the dashboard, you can download a formatted PDF of the compliance report. The PDF is generated entirely in-browser — no data is sent to a server for PDF rendering, and generation takes under 3 seconds. The PDF includes:
  • Executive summary with overall score and framework breakdown
  • Full control list with pass/fail status and evidence
  • Remediation guidance for all failing controls
  • Audit trail reference
PDF download is available on Pro and above plans.
Run lintliot.compliance.generate() on a schedule (every 6 hours is the default for the dashboard sync) to keep your compliance score current. Failing controls that get fixed should be reflected in the next report automatically.

Viewing failing controls

To quickly identify what to fix without processing the full report: 
const failures = lintliot.compliance.getFailures({
  frameworks: ['soc2'],
  encryptionAtRest: true,
  auditLogging: true,
  tlsEnforced: true,
})

for (const control of failures) {
  console.log(`FAIL [${control.severity}] ${control.controlId}: ${control.title}`)
  console.log(`     Fix: ${control.remediation}`)
}
Controls are sorted in the report with failing controls first, then by severity (critical before high before medium before low) — so the most impactful items to fix appear at the top.