How it works
Defenses
Attack Patterns MCP Attack Atlas What we catch Hardening manual OWASP LLM Top 10 MITRE ATLAS
Learn
Encyclopedia (new) Agent Security 101 Blog Reports CVP runs Thesis
Resources
Docs GitHub Action (live) vs Lakera vs Promptfoo Team
Theme
Framework Mappings

Compliance & Framework Mappings

Honest principle
sunglasses://compliance
The mapping

How our 65 threat categories and 1089 detection patterns map to the frameworks procurement, compliance, and security teams already trust.

Honest principle

we list what we cover and what we don’t. No fake coverage claims. Where a framework risk falls outside our detection surface, we say so — and link to tools that handle it.

Available mappings

Machine-readable output

Every scan can emit SARIF 2.1.0 — the same format GitHub Advanced Security, Snyk, and Semgrep use for code scanning. Pipe Sunglasses into your CI exactly like you would any other SAST tool.

terminal
# Get SARIF output from any scan
sunglasses scan --file agent_config.json --output sarif > findings.sarif

# Pipe into GitHub Advanced Security
gh code-scanning upload-sarif --file findings.sarif

Why this matters

sunglasses://compliance/why
Common vocabulary

A pattern library only matters if it plugs into how security teams actually work. Framework mappings give buyers, auditors, and CI/CD pipelines a common vocabulary for what Sunglasses catches — without anyone having to read our internal taxonomy.

Keep it sharp

If you spot a mapping that’s wrong, missing, or could be sharper, open an issue. We update these pages as the frameworks evolve.