Ankos Documentation

Ankos is two products. Ankos CLI is the free binary that scans your cloud, identity, source-control, and Kubernetes environments and pulls real evidence for ~50 PCI DSS requirement areas — no signup. Ankos Ledger is the paid SaaS that holds everything in one place — automated scan results, manual evidence uploads, narratives, sign-offs — ready to hand to your QSA.

Quick Links

What is Ankos?

Start with the CLI. Install it, run a scan, and in under five minutes you have structured evidence for ~50 PCI requirement areas (IAM, encryption, logging, segmentation, networking, more) plus a SHA-256 integrity manifest you can verify offline. No data leaves your machine.

When you're ready for the rest of the assessment — manual evidence, narratives, sign-offs, team collaboration, QSA hand-off — sign up for the Ankos ledger. The CLI's scan results flow directly into the right entries with one --upload flag.

Ankos prepares the case. Your QSA is the judge.

Key Features

• Free CLI for AWS, GCP, GitHub, Okta, Microsoft Entra ID & Kubernetes — 78 collectors across 6 providers covering ~50 PCI DSS requirement areas, no signup required
• Read-only credentials — the CLI uses your existing cloud credentials, provider tokens, or kubeconfig with read-only access; nothing is transmitted to Ankos
• SHA-256 integrity manifest — every output file hashed, independently verifiable offline
• CI/CD ready — --format json, --dry-run, --fail-on flags for pipeline use
• Ankos Ledger (paid) — every PCI DSS requirement pre-populated, organized by category
• Three evidence sources — automated scans, manual uploads, attested carry-forward
• Quarterly cycles with multi-year history persistence
• QSA evidence export + share portal — ZIP organized by category, plus a hosted read-only portal link your QSA can browse in-browser