SOC 2 · ISO 27001 · NIST CSF · NIST SP 800-53 · Essential Eight · PCI DSS

Ship code.
Build compliance.

Built for SaaS teams. Connect your GitHub repos once and Audit Trail maps your GitHub activity to six compliance frameworks, automatically and continuously. When your enterprise prospect asks for SOC 2 or ISO 27001, the technical controls are already documented.

Start free See how it works →

No credit card required · Read-only GitHub access · Setup in 2 minutes · $5/mo after trial

Compliance controls

Compliance frameworks

<2 min

Setup time

Read-only

GitHub access

The problem

Your enterprise prospect wants compliance evidence. You have no compliance team.

xEnterprise prospects ask for compliance evidence. You spend hours screenshotting GitHub PRs and writing up change management narratives.
xMapping your Git workflow to SOC 2, ISO 27001, or NIST CSF requires compliance expertise you don't have and can't afford to hire for.
xYou're already doing the right things in GitHub: code reviews, branch protection, dependency updates. But none of it is captured as compliance evidence.

The solution

Turn your GitHub activity into compliance evidence. Automatically.

✓Install once. Audit Trail watches commits, PRs, reviews, Dependabot alerts, branch protection, and deployments, mapping them to 39 controls across 6 frameworks.
✓Not just checkboxes. Audit Trail measures control effectiveness using NIST SP 800-53A methodology. Are your PR reviews substantive or rubber stamps? Are dependency patches applied in days or weeks?
✓Covers the technical SDLC controls that live in your repos. For HR policies, vendor risk, and physical security, Audit Trail tells you exactly what's missing so you know where to focus.

How it works

Compliance as infrastructure. Invisible until you need it.

Connects once. Watches everything.

One-click install. Audit Trail gets read-only access to your repos. No code ever stored. Webhooks activate immediately and never need touching again.

Evidence builds itself, automatically.

Every push, PR, review, Dependabot alert, and deployment approval is mapped to compliance controls the moment it happens. No manual tagging, no spreadsheets.

Only surfaces what matters.

Security alerts, unreviewed PRs, and weakened branch protection trigger compliance alerts so you can fix them before audit day. Everything else runs silently.

Audit-ready and deal-ready.

Generate audit packages, partner due diligence reports, and shareable compliance packages with timestamped evidence and control mappings. The GitHub-evidenceable controls are already documented.

Average time from signup to first compliance score: under 5 minutes

Compliance Frameworks

Six frameworks. Zero manual work.

We have done the control mapping for you. All 39 controls cover the technical SDLC activity that lives in your GitHub repos: change management, access control, vulnerability management, and security testing.

Framework	Coverage	Controls
Primarystrongest GitHub evidence coverage, most auditor-accepted
SOC 22022	Trust Services Criteria: change management, access control, monitoring	5
ISO 270012022	Annex A technological controls: secure development and access management	10
NIST CSF2.0	Govern, Protect, and Detect functions: partial adoption is by design	7
Extendedspecific regulatory contexts
NIST SP 800-53Rev 5	Selected SDLC controls: CM-3, SI-2, CA-7, SA-10, SA-11, AC-2, CM-4	7
ACSC Essential Eight2023	5 of 8 strategies with GitHub-evidenceable activity. Evidence-based, not maturity-level assessed.	5
PCI DSS4.0	Requirements 6, 7, 8: secure development, access control, and authentication	5

Need IRAP, HIPAA, or a custom framework? Contact us for Enterprise

Pricing

14-day Pro trial included. No credit card required.

Every account starts with full Pro access. Downgrade to free or subscribe when you're ready.

Free

$0/month

Up to 2 repositories
2 compliance frameworks
Live compliance scoring & evidence dashboard
Gap analysis with prioritised action steps
Basic compliance alerts
Control notes & exceptions
Exports, auditor portal, or shareable reports

Get started

Pro

$5/month

14-day free trial · 3 exports · 1 auditor session

Unlimited repositories
All 6 frameworks (SOC 2, ISO 27001, NIST CSF, NIST 800-53, Essential Eight, PCI DSS)
PDF & CSV compliance exports
Auditor portal with comments, sign-offs, and evidence ZIP
Shareable read-only reports for due diligence
Security posture trends and readiness scoring
Advanced alerts & full alert history
Control effectiveness analysis (NIST SP 800-53A methodology)

Start Pro trial

Covers SDLC controls evidenced by GitHub activity: change management, access control, vulnerability management, and security testing. For HR policies, vendor risk, and physical security, Audit Trail tells you what's missing.

Need enterprise features like SSO, IRAP, or HIPAA? Let's talk

FAQ

Common questions

SaaS companies that use GitHub and need compliance evidence for enterprise deals, SOC 2 or ISO 27001 audits, or security questionnaires. Especially teams of 5-50 engineers with no dedicated compliance person. If your product lives in GitHub repos, Audit Trail turns your existing developer activity into compliance evidence automatically.

Your compliance posture, running in the background.

Connect your repositories and see your compliance score in under 10 minutes. Free to start. No credit card required.

Get started free Questions? Get in touch

Ship code.Build compliance.