CUE Central Registry

github.com/gemaraproj/gemara@v0.23.0

docs/index.md raw

 1---
 2layout: home
 3title: Home
 4---
 5
 6# Gemara <span class="pronunciation">(Juh-MAH-ruh)</span>
 7
 8<img src="{{ '/assets/gemara-logo.png' | relative_url }}" alt="Gemara Logo" class="gemara-logo" />
 9
10**GRC Engineering Model for Automated Risk Assessment**
11
12Gemara provides a logical model to describe the categories of compliance activities, how they interact, and the schemas to enable automated interoperability between them.
13
14In order to better facilitate cross-functional communication, the Gemara Model seeks to outline the categorical layers of activities related to automated governance.
15
16<!--
17## Quick Start
18
19- **New to Gemara?** Start with our [About page](/about) to understand the model
20- **Want to dive deeper?** Explore the [Seven Layers](/layers) of the model
21- **Ready to build?** Check out our [Tutorial](/tutorial) for a hands-on example
22- **Want to contribute?** See our [Contributing Guide](/contributing)
23-->
24
25## The Three Components
26
27Gemara delivers three core components that work together to support automated GRC:
28
29<div class="component-grid">
30  <a href="./model/" class="component-card">
31      <h2>The Model</h2>
32      <p class="component-description">
33        The foundational layer model that describes the seven categorical layers of GRC activities. 
34        This model is <strong>stable and rarely changes</strong>, as it reflects the longstanding 
35        reality of GRC activity types.
36      </p>
37      <p class="component-content">
38        Provides the conceptual framework for understanding how different types of compliance 
39        activities relate to each other.
40      </p>
41  </a>
42
43  <a href="./schema/" class="component-card">
44      <h2>The Schemas</h2>
45      <p class="component-description">
46        Schemas (CUE format) that standardize the expression of elements in the model.
47      </p>
48      <p class="component-content">
49        Provides CUE schemas for validation across all layers. Enables automated validation and 
50        interoperability between tools.
51      </p>
52  </a>
53
54  <a href="./sdk/" class="component-card">
55     <h2>The SDKs</h2>
56     <p class="component-description">
57        Language-specific SDKs that provide programmatic access to Gemara documents and tooling 
58        to accelerate automated tool development.
59      </p>
60      <p class="component-content">
61        Currently provides Go SDK for reading, writing, and manipulating Gemara documents.
62      </p>
63  </a>
64</div>
65
66
67## Quick Start
68
69Choose your starting point based on your needs:
70
71- **Understanding GRC structure?** Start with **[The Model](./model)** component
72- **Validating documents?** Use **[The Schemas](./schema/)** component
73- **Building tools?** Jump to **[The SDKs](./sdk/)** component
74
75All three components work together - you'll likely use elements from each as you work with Gemara.
76
77## Real-World Usage
78
79Gemara is being used today in production environments:
80
81- **[FINOS Common Cloud Controls](https://www.finos.org/common-cloud-controls-project)** - Layer 2 controls for cloud environments
82- **[Open Source Project Security Baseline](https://baseline.openssf.org/)** - Layer 2 security baseline for open source projects
83- **[Privateer](https://github.com/privateerproj/privateer)** - Layer 5 evaluation framework with plugins like the [OSPS Baseline Plugin](https://github.com/revanite-io/pvtr-github-repo)