Compliance as Code

Enriching Connections

Add security requirements or metadata to existing relationships between resource types using control config blocks.

Edit this page on GitHub

Enriching Connections

Use Case: Add security requirements or metadata to existing relationships. This pattern finds all relations between two resource types and adds properties to them from the [control.config] block.

By specifying relation_origin_type and relation_target_type, the engine targets the edges between these resources rather than the resources themselves.

[[control]]
id = "VAIT-7.2-Encryption"
name = "Data Encryption in Transit"

[control.config]
min_tls_version = "1.2"
status = "mandatory"

description = "Enforce TLS 1.2 on all application to database connections."
# Define the source and target of the relation
relation_origin_type = "application"
relation_target_type = "database"

# Add properties from the config block to the relation edge
properties_from_config = ["min_tls_version", "status"]
  • Result: Every relation between an application and database now has a controls array containing an object with the control’s details (ID and description) and the specified config values.
graph LR
    App[application] -- "database<br><b>Enriched with:</b><br>controls: [{ control_id: 'VAIT-7.2', ... }]" --> DB[database]