PCI-DSS
Kovar maps your security findings against PCI-DSS 4.0 requirements related to web application security.
Basic Usage
Section titled “Basic Usage”import { evaluatePCIDSS, formatComplianceReport } from "@orlalabs/kovar/core";
const report = evaluatePCIDSS(findings);const text = formatComplianceReport(report, "text");console.log(text);Requirements Covered
Section titled “Requirements Covered”PCI-DSS evaluation covers 6 requirements related to:
- XSS prevention
- HTTP security headers
- Content Security Policy
- HSTS (HTTP Strict Transport Security)
- Cookie security
Output Formats
Section titled “Output Formats”Use formatComplianceReport to format the report:
// Markdown for documentationconst markdown = formatComplianceReport(report, "markdown");
// Plain text for terminal outputconst text = formatComplianceReport(report, "text");
// Structured JSON for programmatic useconst json = formatComplianceReport(report, "json");See Report Formats for details on each format.
Integration with Audit
Section titled “Integration with Audit”import { test, expect } from "@orlalabs/kovar";import { evaluatePCIDSS } from "@orlalabs/kovar/core";
test("meets PCI-DSS requirements", async ({ page, security }) => { await page.goto("/checkout"); const report = await security.audit();
const pci = evaluatePCIDSS(report.findings); const failed = pci.requirements.filter((r) => r.status === "fail"); expect(failed).toHaveLength(0);});Related
Section titled “Related”- OWASP ASVS — OWASP ASVS compliance evaluation.
- Report Formats — output format details.
- Full Audit — generate findings for compliance evaluation.
- Standalone API — use
evaluatePCIDSS()in scripts.