Summary
The getting-started page (and the rest of the site) never states the concrete problem
ComplyTime solves, what a scan produces, who consumes it, or when a simpler tool would do.
A reader deciding whether the tool is worth their time cannot answer that from the page.
Affected
- Page:
content/docs/getting-started/_index.md
- Site content tree:
content/
Evidence
A search of the whole content/ tree for the terms a compliance user would look for:
$ grep -rniE 'audit|evidence|FedRAMP|FISMA|continuous compliance|OSCAL' content
content/docs/getting-started/_index.md:125:# OSCAL assessment-results
content/docs/getting-started/_index.md:126:complyctl scan --policy-id <policy-id> --format oscal
audit, evidence, FedRAMP, FISMA, continuous compliance: zero hits anywhere on the
site. OSCAL appears only as a --format value. The page's one gesture at purpose is the
intro (_index.md:15), which is a tagline ("automate compliance workflows in cloud native
environments … engineering-first approach"), not a use case. It never says what a scan
produces, who consumes it (an auditor? a CI gate? a GRC platform?), which framework or
benchmark it maps to, or why a reader would run this instead of oscap directly.
The project does have excellent purpose documentation — the complytime/docs/problems/
write-ups — but it lives one or two repositories away from the front door.
Suggested fix
Open the page with a one-line value proposition and three beats:
- The concrete thing you get — e.g. "Scan a host against a benchmark (CIS, STIG, …) and
get an OSCAL/SARIF evidence file."
- Who it is for — "compliance/platform engineers who want that evidence in their
pipeline, mapped to controls, in a format their GRC/scanner tooling already ingests."
- When plain
oscap is enough — "if you just need to check one host against one
benchmark and read the result yourself, oscap does that; ComplyTime earns its weight
with multiple frameworks/providers/targets and machine-readable, control-mapped
evidence."
Link the existing docs/problems/ material for readers who want the deeper rationale, but
make the opening sentence the fix.
Issue created with the help of Claude Opus 4.6
Summary
The getting-started page (and the rest of the site) never states the concrete problem
ComplyTime solves, what a scan produces, who consumes it, or when a simpler tool would do.
A reader deciding whether the tool is worth their time cannot answer that from the page.
Affected
content/docs/getting-started/_index.mdcontent/Evidence
A search of the whole
content/tree for the terms a compliance user would look for:audit,evidence,FedRAMP,FISMA,continuous compliance: zero hits anywhere on thesite.
OSCALappears only as a--formatvalue. The page's one gesture at purpose is theintro (
_index.md:15), which is a tagline ("automate compliance workflows in cloud nativeenvironments … engineering-first approach"), not a use case. It never says what a scan
produces, who consumes it (an auditor? a CI gate? a GRC platform?), which framework or
benchmark it maps to, or why a reader would run this instead of
oscapdirectly.The project does have excellent purpose documentation — the
complytime/docs/problems/write-ups — but it lives one or two repositories away from the front door.
Suggested fix
Open the page with a one-line value proposition and three beats:
get an OSCAL/SARIF evidence file."
pipeline, mapped to controls, in a format their GRC/scanner tooling already ingests."
oscapis enough — "if you just need to check one host against onebenchmark and read the result yourself,
oscapdoes that; ComplyTime earns its weightwith multiple frameworks/providers/targets and machine-readable, control-mapped
evidence."
Link the existing
docs/problems/material for readers who want the deeper rationale, butmake the opening sentence the fix.
Issue created with the help of Claude Opus 4.6