Skip to content

Getting Started: "Your First Compliance Scan" cannot be completed — no policy URL or registry given #62

Description

@trevor-vaughan

Summary

Steps 2–5 of the quick start all depend on a policy that the page never provides. "The OCI
registry" is never named, no example policy URL is given, and <policy-id> is left as an
unresolvable placeholder. A reader following the page in order dead-ends at step 2.

Affected

  • Page: content/docs/getting-started/_index.md (lines 99–102, 113, 120)

Documented steps

"complyctl get … Downloads Gemara policies from the OCI registry into the local
cache"
complyctl generate --policy-id <policy-id>
complyctl scan --policy-id <policy-id>

Steps to reproduce

  1. Run complyctl init and finish the prompt without entering a policy (none is provided
    on the page).
  2. Run the documented get / generate / scan commands in order.

Actual

$ complyctl get
Error: failed to load workspace config: policies: at least one policy is required   (exit 1)
$ complyctl generate --policy-id bogus
Error: failed to load workspace config: policies: at least one policy is required   (exit 1)
$ complyctl scan --policy-id bogus
Error: failed to load workspace config: policies: at least one policy is required   (exit 1)

To proceed, a reader would already have to know a Gemara policy OCI URL, hand-edit
.complytime/complytime.yaml, and only then could get do anything — none of which the
page tells them. The one concrete-looking string on the page
(registry.com/policies/nist-800-53-r5@v1.0) appears only inside the interactive prompt's
"(e.g. …)" hint and is a placeholder domain, not a real registry.

Expected

A page titled "Your First Compliance Scan" produces a first compliance scan.

Suggested fix

Provide one copy-paste-able, real, public policy URL and a complete worked example end to
end: init → enter this URL → getlist shows it → generate --policy-id X
scan --policy-id X, with real output. A working example exists today using
quay.io/complytime/policies-cis-fedora-l1-server (public, signed, anonymous pull). This
issue is best resolved together with the missing profile/datastream configuration so
that a single complete complytime.yaml example covers the whole flow.

If no general public policy registry is intended yet, say so plainly and point readers at a
concrete example repository rather than implying get works with no further setup.


Related: complytime/complyctl#607, complytime/complypack#63, #65, complytime/complyctl#612

Issue created with the help of Claude Opus 4.6

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingdocumentationImprovements or additions to documentation

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Ready 🚀

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions