Add Compliance Scanning to Your Pipeline

Catch EU AI Act compliance gaps before they reach production. GitHub Actions, pre-commit hooks, or GitLab CI - set up in 2 minutes.

๐Ÿ”„

Every Push

Compliance scans run automatically on every push and PR - no manual steps.

๐Ÿšซ

Block Violations

Fail the build when HIGH-severity gaps are detected. Catch issues before merge.

๐Ÿ“‹

Audit Trail

Every scan generates .air.json records with HMAC-SHA256 chain hashes.

โšก

Fast

Scans complete in under 30 seconds. Runs locally - no code leaves your environment.

GitHub Actions Recommended

Drop this file into your repo and every push + PR gets a compliance scan automatically.

.github/workflows/compliance.yml
name: EU AI Act Compliance

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

jobs:
  compliance-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.11"

      - name: Install AIR Compliance Scanner
        run: pip install air-blackbox

      - name: Run compliance scan
        run: air-blackbox comply --scan . --format json --output compliance-report.json

      - name: Check for HIGH severity gaps
        run: |
          HIGH_COUNT=$(python3 -c "
          import json
          with open('compliance-report.json') as f:
              report = json.load(f)
          highs = [g for g in report.get('gaps', []) if g.get('severity') == 'HIGH']
          print(len(highs))
          ")
          echo "HIGH severity gaps found: $HIGH_COUNT"
          if [ "$HIGH_COUNT" -gt 0 ]; then
            echo "::error::Found $HIGH_COUNT HIGH severity compliance gaps"
            exit 1
          fi

      - name: Upload compliance report
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: compliance-report
          path: compliance-report.json

What This Does

On every push to main or develop (and every PR into main), this workflow installs the scanner, runs 51 gap analysis checks against your Python AI code, and fails the build if any HIGH-severity issues are found. The full report is uploaded as a build artifact you can download anytime.

PR Status Check (Optional)

To require compliance scans to pass before merging, go to your repo's Settings โ†’ Branches โ†’ Branch protection rules โ†’ Require status checks, and add "EU AI Act Compliance" as a required check.

Pre-Commit Hook

Scan before the code even leaves your machine. Uses the pre-commit framework.

.pre-commit-config.yaml
repos:
  - repo: local
    hooks:
      - id: air-blackbox
        name: EU AI Act Compliance Scan
        entry: air-blackbox comply --scan
        language: system
        types: [python]
        pass_filenames: true
        always_run: false

Setup

Terminal
# Install pre-commit and the scanner
pip install pre-commit air-blackbox

# Install the hooks into your repo
pre-commit install

# Test it manually
pre-commit run air-blackbox --all-files

Now every git commit that touches Python files will run the compliance scan first. If HIGH-severity gaps are found, the commit is blocked until you fix them.

GitLab CI

.gitlab-ci.yml
compliance-scan:
  stage: test
  image: python:3.11-slim
  script:
    - pip install air-blackbox
    - air-blackbox comply --scan . --format json --output compliance-report.json
    - |
      HIGH_COUNT=$(python3 -c "
      import json
      with open('compliance-report.json') as f:
          report = json.load(f)
      highs = [g for g in report.get('gaps', []) if g.get('severity') == 'HIGH']
      print(len(highs))
      ")
      echo "HIGH severity gaps: $HIGH_COUNT"
      if [ "$HIGH_COUNT" -gt 0 ]; then
        echo "FAILED: $HIGH_COUNT HIGH severity compliance gaps"
        exit 1
      fi
  artifacts:
    paths:
      - compliance-report.json
    when: always
  only:
    - main
    - merge_requests

Configuration Options

Terminal - common flags
# Scan entire project
air-blackbox comply --scan .

# Scan specific files
air-blackbox comply --scan agent.py pipeline.py

# JSON output for CI parsing
air-blackbox comply --scan . --format json --output report.json

# Only fail on HIGH severity (skip MEDIUM/LOW)
air-blackbox comply --scan . --min-severity HIGH

# Include GDPR and bias checks
air-blackbox comply --scan . --gdpr --bias

# Scan with trust layer verification
air-blackbox comply --scan . --verify-trust-layers

Environment Variables

Supported environment variables
# Custom audit chain signing key (for tamper-evident logs)
TRUST_SIGNING_KEY=your-secret-key

# Custom output directory for .air.json audit records
AIR_RUNS_DIR=./audit-logs

# Skip specific checks
AIR_SKIP_CHECKS=art9_risk_categorization,art15_prompt_injection

What Gets Checked

Every scan runs 51 automated gap analysis checks across 6 EU AI Act articles + GDPR:

Article 9 - Risk Management

Risk categorization, mitigation measures, residual risk documentation

Article 10 - Data Governance

Training data documentation, PII detection, data quality measures

Article 11 - Technical Docs

Model cards, system architecture, performance metrics documentation

Article 12 - Record-Keeping

Audit trail presence, HMAC chain verification, log completeness

Article 14 - Human Oversight

Human-in-the-loop checkpoints, override mechanisms, delegation logging

Article 15 - Robustness

Prompt injection scanning, error handling, fallback mechanisms

Plus optional GDPR data flow scanning, bias/fairness checks, and ISO 42001 + NIST AI RMF crosswalk mapping.

Start scanning in 10 seconds

4 PyPI packages. 51 checks. 6 EU AI Act articles + GDPR. Runs locally.

pip install air-blackbox
GitHub PyPI Live Demo Blog