Skip to main content
complior scan analyzes your code through multiple deterministic layers — from file presence checks to deep AST pattern matching. Result: a compliance score and actionable findings.
Principle: LLM never makes compliance decisions. Layers L1–L4 are fully deterministic (AST + rules). Layer L5 is opt-in and only clarifies uncertain findings.

Analysis layers

Understanding the output

Security Score is only available via complior eval --security <url> against a live endpoint. Scan analyzes code statically — it cannot test runtime behavior.

Understanding findings

Each finding has a severity, layer, EU AI Act article, and a suggested fix:
Critical caps: If prohibited practices score = 0, maximum overall is capped at 29. If transparency = 0, capped at 49.

Scan tiers

Add flags for deeper analysis. Each tier builds on the previous:
Coverage: 60–70% · Time: 2–5 sec · Dependencies: NoneL1–L4 checks plus Rust-native secret detection (37 patterns). Works completely offline.

CI/CD integration

Exits with code 1 if compliance score falls below threshold. Outputs JSON or SARIF for GitHub Actions, GitLab CI, etc.

Next steps

Your First Passport

Generate identity cards for your AI agents.

Scan Tiers Deep Dive

Detailed comparison of all 6 scan tiers.