SWAO (Sovereign Workload Assessment and Onboarding) analyses your cloud workloads against industry compliance frameworks, produces audit-grade evidence, and generates a migration plan -- all in a single command. Community Edition is free and open source.
Traditional cloud compliance assessments take weeks of manual effort across multiple teams. SWAO compresses the entire workflow into a single automated pipeline -- from code to compliance evidence to migration plan.
A full framework evaluation -- source code, infrastructure, dynamic UI -- completes in minutes. What used to require a team of consultants and a spreadsheet now runs from a single command. Re-assess after every change to catch compliance drift early.
Every finding cites the exact file, line number, or screen element that triggered it. SWAO produces HTML evidence packs, Power BI dashboards, and structured JSON that auditors and GRC platforms can consume directly -- no manual transcription.
Runs on your own infrastructure. Choose your LLM provider (Anthropic, Ollama, AWS Bedrock, or Vertex AI). Secret redaction runs before any external call. Built for regulated industries where data residency is non-negotiable.
From the consultant running the assessment on a laptop to the CISO signing off on compliance evidence -- SWAO serves each stakeholder with the output they need.
A 13-pass analysis pipeline reads your workload, evaluates it against compliance frameworks, and produces a single portable artefact -- the Workload Sovereignty Profile -- that drives everything downstream.
Single binary or Docker container. Install and run the first assessment in under 10 minutes. Ideal for discovery workshops and client demos. No infrastructure to provision.
Docker or Kubernetes on the client's own infrastructure. Source code never leaves the client environment. Preferred for regulated industries with strict data residency requirements.
SWAO deployed as a Developer Portal Building Block on meshStack. Application teams self-serve assessments from the platform they already operate -- no consultant needed for each run.
Five compliance frameworks included in every edition -- free, open, and continuously updated. No licence required to run any of them.
The General Data Protection Regulation is the European Union's primary law governing the collection, processing, and storage of personal data for EU residents. It applies to any organisation -- worldwide -- that processes EU citizen data.
The Health Insurance Portability and Accountability Act establishes US federal requirements for protecting Protected Health Information (PHI) in any system that stores, transmits, or processes patient data. Mandatory for all US healthcare entities and their business associates.
Accenture's Responsible AI framework defines ten pillars for building and deploying AI systems that are fair, transparent, and accountable. It covers the full AI lifecycle -- from data sourcing and model design through deployment and monitoring.
Control Objectives for Information and Related Technologies (COBIT 5) is ISACA's globally recognised IT governance and management framework. It maps IT activities to business goals across five domains and 37 processes -- widely used by CISOs and internal audit teams worldwide.
NIST Special Publication 800-66 Revision 2 provides prescriptive implementation guidance for the HIPAA Security Rule. Where HIPAA defines the regulatory requirements, NIST SP 800-66 R2 specifies concrete technical controls -- making it the reference of choice for healthcare organisations seeking NIST alignment alongside HIPAA compliance.
Not covered by the five community frameworks? SWAO's framework format is a plain YAML file -- no TypeScript, no compilation, no specialist tooling required. Define your own controls, risk levels, remediation guidance, and regime metadata. Point SWAO at your YAML file and it runs immediately alongside the community frameworks.
Custom frameworks are ideal for internal security policies, client-specific contractual requirements, sector-specific regulations not yet in the community catalogue, or proprietary control frameworks. Contribute your framework back to the community via a GitHub pull request and help the ecosystem grow.
From a fresh install to a full compliance report in under 15 minutes.
Download the SWAO binary and run swao init to configure your workspace, LLM provider, and target compliance frameworks via a guided wizard.
Point SWAO at your application repository. Static code analysis, dynamic UI crawling (Playwright), SBOM generation, and secret detection run automatically across 13 passes.
Explore results in the interactive TUI or HTML evidence report. Filter by severity, framework control, or file path. Every finding links back to the exact source that triggered it.
Export a migration runbook, risk register, and Terraform landing-zone scaffold. Re-assess after remediation to track compliance improvement over time.
Community Edition is free and Apache 2.0 licensed. Consultant and Enterprise editions add production outputs, portal integration, and programme-scale capabilities via Accenture Professional Services.
| Feature | Community | Consultant | Enterprise |
|---|---|---|---|
| Assessment Types | |||
| Application Assessment (AI-assisted: static, dynamic, SBOM) | Yes | Yes | Yes |
| Audit Assessment (human checklist-driven, no LLM required) | Yes | Yes | Yes |
| Landing Zone Assessment (fit/gap vs. your existing LZ) | Yes | Yes | Yes |
| Portfolio Assessment (100+ apps, wave planning) | - | - | Yes |
| Tools and Interface | |||
| CLI and interactive TUI | Yes | Yes | Yes |
| LLM integration (Anthropic, Ollama, AWS Bedrock, Vertex AI) | Yes | Yes | Yes |
| MCP server (Claude Code, Cursor, and other AI tools) | - | Yes | Yes |
| Frameworks | |||
| 5 Community Frameworks (GDPR, HIPAA, AI 10 Pillars, COBIT 5, NIST SP 800-66 R2) | Yes | Yes | Yes |
| Reports and Outputs | |||
| HTML evidence report | Yes | Yes | Yes |
| Portal and programme dashboard | - | Yes | Yes |
| PDF report (branded with licensee details) | - | Yes | Yes |
| Power BI export (.pbit template for dashboards and trends) | - | Yes | Yes |
| Terraform and landing zone generation | - | - | Yes |
| Licence and Support | |||
| Licence | Apache 2.0 | Proprietary | Proprietary |
| Support | GitHub Discussions | Accenture PS | Accenture PS |
SWAO is open source. Whether you are building with SWAO, contributing frameworks, or exploring an Accenture-led migration engagement, there is a path for you.
Ask questions, share custom frameworks, report issues, and follow release announcements on GitHub Discussions. The SWAO development team monitors this channel and welcomes community contributions.
Open DiscussionsFor Consultant or Enterprise Edition licences, programme-scale deployments, meshStack integration, or a guided cloud migration engagement, reach out via GitHub Discussions or your Accenture account team.
Contact via Discussions