Evaluating software compliance

The invention claimed is: 1. A software compliance assessment apparatus for determining a level of compliance of a software application in execution in a virtualized computing environment, the apparatus comprising: at least one processor and a memory, the memory comprising instructions executable by the at least one processor to control the apparatus to at least: identify resources instantiated for execution of the application; retrieve a compliance characteristic for the application, the compliance characteristic being retrieved based on the identified resources, and the compliance characteristic having associated a compliance criterion based on a formal parameter; select a software component for providing an actual parameter corresponding to the formal parameter, the actual parameter being based on data concerning at least one of the resources; evaluate the compliance criterion using the actual parameter; and detect a change to one or more of the resources, wherein the identification, selection, and evaluation are operable in response to a determination that one or more resources is changed, wherein the selection is operable to select the software component based on an identification of one or more data items that the software component is operable to provide. 2. The apparatus of claim 1 wherein the software component is a first software component and the first software component is operable to select a second software component, the second software component providing at least some of the data concerning the at least one of the resources. 3. The apparatus of claim 1 wherein the data concerning the at least one of the resources includes at least one of: a measurement of a characteristic of the resource; an indicator of a state of the resource; and indicator of an occurrence of an event associated with the resource. 4. The apparatus of claim 1 wherein the actual parameter is determined based on a transformation of the data concerning the at least one of the resources. 5. The apparatus of claim 1 wherein the compliance criterion is a first criterion in a set of multiple compliance criteria for the compliance characteristic, each of the multiple compliance criteria being based on a formal parameter, wherein selection is further operable to select one or more additional software components for providing an actual parameter corresponding to a formal parameter for each other criterion in the set of multiple compliance criteria, and wherein evaluation is further operable to evaluate each of the compliance criteria using a corresponding actual parameter to determine the level of compliance. 6. The apparatus of claim 1 wherein the software component provides an identification of one or more data items that the software component is operable to provide in response to a request for such identification. 7. The apparatus of claim 2 wherein the second software component provides an identification of one or more data items that the second software component is operable to provide, and the selection of the second software component is based on the identification provided by the second software component. 8. A method of a compliance assessment component for determining a level of compliance of a software application in execution in a virtualized computing environment, the method comprising: identifying resources instantiated for execution of the application; retrieving a compliance characteristic for the application, the compliance characteristic being retrieved based on the identified resources, and the compliance characteristic having associated a compliance criterion based on a formal parameter; selecting a software component for providing an actual parameter corresponding to the formal parameter, the actual parameter being based on data concerning at least one of the resources; evaluating the compliance criterion using the actual parameter; and in response to a determination that one or more resources is changed, repeating at least the identifying, selecting, and evaluating, wherein the selection of the software component is based on an identification of one or more data items that the software component is operable to provide. 9. The method of claim 8 wherein the software component is a first software component and the first software component is operable to select a second software component, the second software component providing at least some of the data concerning the at least one of the resources. 10. The method of claim 8 wherein the data concerning the at least one of the resources includes at least one of: a measurement of a characteristic of the resource; an indicator of a state of the resource; and an indicator of an occurrence of an event associated with the resource. 11. The method of claim 8 wherein the actual parameter is determined based on a transformation of the data concerning the at least one of the resources. 12. The method of claim 8 wherein the compliance criterion is a first criterion in a set of multiple compliance criteria for the compliance characteristic, each of the multiple compliance criteria being based on a formal parameter, wherein the selecting further comprises selecting one or more additional software components for providing an actual parameter corresponding to a formal parameter for each other criterion in the set of multiple compliance criteria, and wherein the evaluating further comprises evaluating each of the compliance criteria using a corresponding actual parameter to determine the level of compliance. 13. The method of claim 8 wherein the software component provides an identification of one or more data items that the software component is operable to provide in response to a request for such identification. 14. The method of claim 9 wherein the second software component provides an identification of one or more data items that the second software component is operable to provide, and the selection of the second software component is based on the identification by the second software component. 15. A non-transitory computer readable storage medium comprising computer program code to, when loaded into a computer system and executed thereon, cause the computer to perform functionality to determine a level of compliance of a software application in execution in a virtualized computing environment by at least: identifying resources instantiated for execution of the application; retrieving a compliance characteristic for the application, the compliance characteristic being retrieved based on the identified resources, and the compliance characteristic having associated a compliance criterion based on a formal parameter; selecting a software component for providing an actual parameter corresponding to the formal parameter, the actual parameter being based on data concerning at least one of the resources; evaluating the compliance criterion using the actual parameter; and in response to a determination that one or more resources is changed, repeating at least the identifying, selecting, and evaluating, wherein the selection of the software component is based on an identification of one or more data items that the software component is operable to provide.