What is grclanker

grclanker is a collection of open-source spec files for building GRC compliance automation tools. Each spec describes a Go CLI tool that connects to a vendor's API, pulls security configuration data, and maps findings to compliance frameworks — FedRAMP, CMMC, SOC 2, CIS, PCI-DSS, and STIG.

The idea: take a spec, feed it to your AI coding agent, get a working compliance automation tool. No agents to install. No SaaS platform to buy. Just a file that tells the machine what to build.

Every spec follows the same 10-section structure: overview, APIs, authentication, security controls, framework mappings, existing tools, architecture, CLI interface, build sequence, and status. This consistency means agents can reliably parse and implement them.

Specs cover 31 FedRAMP Marketplace services across cloud infrastructure, identity management, security tooling, vulnerability management, monitoring, SaaS, and DevOps platforms.