SDK Integration Guide

Integrate AegisComply into your development workflow in minutes. Catch hardcoded secrets, unencrypted PII, and compliance violations before they reach production — directly in your IDE, CI pipeline, and code review process.

1 Overview

The AegisComply SDK is a compliance-as-code layer that runs wherever your developers write code. It ships as two components:

• IDE Plugin Real-time scanning as you type in VS Code or any JetBrains IDE.
• CLI / CI Scanner Scriptable scan command for pipelines, pre-commit hooks, and pull-request gates.

Both read from the same shared rule set, so a rule added once surfaces in every channel.

2 Prerequisites

• 1An AegisComply account — create one free.
• 2Node.js 18+ (for the CLI scanner) or your JetBrains / VS Code IDE.
• 3An API key from your dashboard (Settings → API Keys). Required only if you want findings synced to the platform.
• 4Git installed and a project repository to scan.

3 Installation

Choose the installation path that matches your workflow:

Option A — VS Code Extension

Open the Extensions panel in VS Code, search for AegisComply Compliance Scanner, and click Install. Alternatively, run:

code --install-extension aegiscomply.compliance-scanner

Option B — JetBrains Plugin

Go to Settings → Plugins → Marketplace, search for AegisComply Compliance Scanner, and install. Restart the IDE when prompted.

Option C — CLI (npm)

Install the CLI globally or as a dev dependency in your project:

# Install as a dev dependency
npm install --save-dev @aegiscomply/scanner

yarn add --dev @aegiscomply/scanner

pnpm add -D @aegiscomply/scanner

4 API Key Setup

Your API key authenticates the scanner with your AegisComply workspace and syncs findings to the dashboard.

• 1Log in to your dashboard and navigate to Settings → API Keys.
• 2Click Generate New Key, give it a descriptive name (e.g. CI Pipeline), and copy the value.
• 3Store the key as an environment variable — never commit it to source control.

AEGISCOMPLY_API_KEY=ac_live_xxxxxxxxxxxxxxxxxxxx

5 Configuration

Create an aegiscomply.config.json file in the root of your repository. Both the IDE plugin and the CLI scanner read from this file automatically.

{
  "frameworks": ["soc2", "gdpr"],
  "severityThreshold": "medium",
  "apiKey": "${AEGISCOMPLY_API_KEY}",
  "enableRealtime": true,
  "scanOnSave": true,
  "exclude": ["node_modules", "dist", "*.test.*"]
}

6 IDE Plugins

After installing the plugin and adding your config file, the scanner activates automatically. No extra setup is needed.

VS Code — extension settings

Open Settings → Extensions → AegisComply or add directly to your workspace settings:

{
  "aegiscomply.frameworks":        ["soc2", "gdpr"],
  "aegiscomply.severityThreshold": "medium",
  "aegiscomply.enableRealtime":    true,
  "aegiscomply.scanOnSave":        true
}

JetBrains — plugin settings

Navigate to Settings → Tools → AegisComply. The plugin reads aegiscomply.config.json from the project root; individual fields can be overridden in the IDE settings panel.

7 CI/CD Pipeline Integration

Run aegiscomply scan as a pipeline step to block PRs that introduce compliance violations above your configured threshold.

name: Compliance Scan
on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: "20"
      - run: npm install --save-dev @aegiscomply/scanner
      - run: npx aegiscomply scan --fail-on high
        env:
          AEGISCOMPLY_API_KEY: ${{ secrets.AEGISCOMPLY_API_KEY }}

compliance-scan:
  stage: test
  image: node:20
  script:
    - npm install --save-dev @aegiscomply/scanner
    - npx aegiscomply scan --fail-on high
  variables:
    AEGISCOMPLY_API_KEY: $AEGISCOMPLY_API_KEY

repos:
  - repo: local
    hooks:
      - id:    aegiscomply
        name:  AegisComply Compliance Scan
        entry: npx aegiscomply scan --staged
        language: node
        pass_filenames: false

CLI flags

8 Supported Frameworks & Languages

The scanner works across all major languages and compliance frameworks out of the box.

Languages

Compliance Frameworks

9 How Scanning Works

The scanner runs entirely locally using a pattern-matching engine. Three categories of rules are evaluated on every file:

SECRETS — Hardcoded credentials

Detects credentials that should never appear in source code: AWS keys, GitHub tokens, Stripe keys, JWT secrets, database connection strings, private keys, and more.

PII — Personal & sensitive data

Flags PII fields (SSN, email, phone, date of birth), PHI fields (diagnosis, patient ID, prescriptions), and payment card data (card number, CVV, PAN) that are stored, transmitted, or handled without encryption or masking.

LOG — Sensitive data in logs

Catches PII, PHI, secrets, and raw request/response bodies passed to any logging function (console.log, logger.*, print, etc.).

10 Suppressing Warnings

Some findings are intentional (test fixtures, local dev passwords). Suppress them with an inline comment on the line before the flagged code.

// aegiscomply-disable-next-line LOG-001
console.log(user.email)

// Suppress all rules on the next line
// aegiscomply-disable-next-line all
const config = loadLegacyConfig()

# aegiscomply-disable-next-line SECRETS-006
password = "dev-only-password"

# aegiscomply-disable-next-line all
config = load_legacy_config()

// aegiscomply-disable-next-line PII-001
String ssn = record.getSsn();

11 Compliance Framework Mapping

Every rule maps to one or more specific control IDs across all supported frameworks. When a finding is surfaced, the SDK includes the exact controls violated — making it directly actionable for auditors and compliance managers.

Click any control ID in your dashboard findings to open the full control detail page, including remediation guidance and evidence requirements.

12 Configuration Reference

13 Rule Reference

SECRETS — Hardcoded Credentials

PII — Personal & Sensitive Data

LOG — Sensitive Data in Logs