Skip to content
GESF Logo

GESF — Green Engineering Standard Framework

GESF (pronounced "Gessf") — the framework that helps you "get safe."

Compliance-as-Code framework that automatically enforces GDPR, OWASP, NIST, and CIS engineering standards in any software project — regardless of programming language.

What GESF Does

  • Scans your source code for security vulnerabilities and compliance violations using 6 built-in scanners (language-agnostic pattern matching)
  • Detects your project's ecosystem automatically — Node.js, Python, Rust, Go, Ruby, Java, PHP, .NET — and runs the correct dependency auditor
  • Generates compliance documentation — GDPR, data inventory, retention policies, risk assessments
  • Scores your project against multiple compliance frameworks with severity-weighted grading
  • Creates CI/CD pipelines (5 GitHub Actions workflows including SBOM scanning) that fail the build on critical issues
  • Provides an AI compliance assistant via MCP for Claude, VS Code Copilot, Cursor, and more

What GESF Does NOT Do

  • It does not replace legal counsel for GDPR compliance.
  • It does not automatically fix your code — it identifies issues and suggests fixes.
  • It does not require a running server or database.

Quick Start

brew tap greenarmor/gesf
brew install ges
cd your-project
ges init
ges audit
npm install -g @greenarmor/ges
cd your-project
ges init
ges audit
pnpm add -g @greenarmor/ges
cd your-project
ges init
ges audit
cd your-project
npx @greenarmor/ges init
npx @greenarmor/ges audit

GESF scans any project — Python, Rust, Go, Java, Ruby, PHP, .NET, and more. Homebrew installs Node.js automatically; npm/pnpm/npx require Node.js >= 22.

Key Features

Feature Description
6 Source Code Scanners Secrets, crypto, injection, auth, config, database — scans 20+ file types
Language-Agnostic Scanning Auto-detects your ecosystem and runs the right dependency auditor
8 Supported Ecosystems Node.js (npm/pnpm/yarn/bun), Python (pip/poetry/uv), Rust, Go, Ruby, Java, PHP, .NET
7 Policy Packs GDPR (22 controls), OWASP, CIS, NIST, AI, Blockchain, Government
13 Project Types SaaS, AI, MCP Server, Blockchain, Wallet, Government, Healthcare, and more
MCP AI Assistant Works with Claude, VS Code Copilot, Cursor, OpenCode, Crush, Windsurf
5 CI/CD Workflows Compliance, security, dependency scan, secret scan, SBOM scan (auto-generated)
14 Document Templates Compliance docs, security policies, threat models
Compliance Reports Markdown and HTML reports with executive summary
Compliance Badge SVG badge with letter grade for your README

Architecture

packages/
├── cli/                    # CLI (@greenarmor/ges)
├── core/                   # Types, schemas, constants
├── audit-engine/           # Real source code scanning (6 scanners)
├── compliance-engine/      # GDPR Article 5/25/30/32/33/34 controls
├── policy-engine/          # 7 policy packs (56+ total controls)
├── rules-engine/           # Auth, encryption, secrets, logging standards
├── doc-generator/          # 14 compliance/security document templates
├── cicd-generator/         # 5 GitHub Actions workflow generation
├── scoring-engine/         # Multi-framework severity-weighted scoring
├── scanner-integration/    # External tool integration (Trivy, Gitleaks, Semgrep, SBOM)
├── report-generator/       # Markdown/HTML report generation
└── mcp-server/             # MCP AI compliance assistant (6 tools)

Supported Ecosystems

GESF automatically detects your project's language and package manager from lockfiles:

Ecosystem Package Managers Dependency Auditor
Node.js pnpm, npm, yarn, bun pnpm audit, npm audit, yarn audit, bun audit
Python pip, poetry, pipenv, pdm, uv pip-audit, safety
Rust cargo cargo audit
Go go modules govulncheck
Ruby bundler bundle-audit
Java maven, gradle OWASP Dependency-Check
PHP composer composer audit
.NET nuget dotnet list package --vulnerable

Language-agnostic scanners (Trivy, Gitleaks, Semgrep, Syft, Grype) run regardless of ecosystem.