SOC 2 · ISO 27001 · NIST CSF · NIST SP 800-53 · Essential Eight · PCI DSS

You won't notice Audit Trail working.
Your auditor will.

Built for SaaS teams. Connect your GitHub repos once and Audit Trail maps every commit, PR, and deployment to six compliance frameworks, automatically and continuously. When your enterprise prospect asks for SOC 2, you're already ready.

Start free See how it works →

No credit card required · Read-only GitHub access · Setup in 2 minutes · $5/mo after trial

Compliance controls

Compliance frameworks

<2 min

Setup time

Read-only

GitHub access

The problem

Your enterprise deal needs SOC 2. You have 6 engineers.

xEnterprise prospects ask for compliance evidence. You spend hours screenshotting GitHub PRs and writing up change management narratives.
xMapping your Git workflow to SOC 2, ISO 27001, or NIST CSF requires compliance expertise you don't have and can't afford to hire for.
xYou're already doing the right things in GitHub: code reviews, branch protection, dependency updates. But none of it is captured as compliance evidence.

The solution

Turn your GitHub activity into compliance evidence. Automatically.

✓Install once. Audit Trail watches commits, PRs, reviews, Dependabot alerts, branch protection, and deployments, mapping them to 39 controls across 6 frameworks.
✓Not just checkboxes. Audit Trail measures control effectiveness using NIST SP 800-53A methodology. Are your PR reviews substantive or rubber-stamps? Are dependency patches applied in days or weeks?
✓Covers the technical SDLC controls that live in your repos. For HR policies, vendor risk, and physical security, Audit Trail tells you exactly what's missing so you know where to focus.

How it works

Compliance as infrastructure - invisible until you need it.

Connects once. Watches everything.

One-click install. Audit Trail gets read-only access to your repos. No code ever stored. Webhooks activate immediately and never need touching again.

Evidence builds itself, automatically.

Every push, PR, review, Dependabot alert, and deployment approval is mapped to compliance controls the moment it happens. No manual tagging, no spreadsheets.

Only surfaces what matters.

Security alerts, unreviewed PRs, and weakened branch protection trigger compliance alerts before your auditor sees them. Everything else runs silently.

Audit-ready, board-ready, deal-ready.

Generate audit packages, CISO board summaries, or partner due diligence reports with timestamped evidence and control mappings. Everything is already there.

Average time from signup to first export: under 5 minutes

Compliance Frameworks

Twelve frameworks. Zero manual work.

We've done the control mapping for you. Twelve frameworks covering global and regional standards - including AI governance (NIST AI RMF, EU AI Act), Zero Trust Architecture, and ASD MDA Foundations. Connect once, evidence them all, invisibly.

Framework	Coverage	Controls
ISO 27001:2022	Annex A secure development & access controls	19
Essential Eight	ACSC maturity model (November 2023)	13
NIST CSF 2.0	NIST Cybersecurity Framework (2024)	7
NIST SP 800-53	Security & privacy controls for federal systems	7
SOC 2	Trust Services Criteria for service organisations	5
GDPR	EU General Data Protection Regulation	3
SOCI Act	Australian critical infrastructure security obligations	4
PCI DSS 4.0	Payment Card Industry Data Security Standard	5
NIST SP 800-207	Zero Trust Architecture: identity, device, network, visibility pillars	10
ASD MDA Foundations	Modern Defensible Architecture (October 2025)	10
NIST AI RMF	AI Risk Management Framework: Govern, Map, Measure, Manage	8
EU AI Act	EU AI Act (2024): risk management, data governance, transparency	6

Need IRAP, HIPAA, or a custom framework? Contact us for Enterprise

Pricing

14-day Pro trial included. No credit card required.

Every account starts with full Pro access. Downgrade to free or subscribe when you're ready.

Free

$0/month

Up to 2 repositories
2 compliance frameworks
Live compliance scoring & evidence dashboard
Gap analysis with prioritised action steps
Basic compliance alerts
Control notes & exceptions
Exports, auditor portal, or shareable reports

Get started

Pro

$5/month

14-day free trial · 3 exports · 1 auditor session

Unlimited repositories
All 6 frameworks (SOC 2, ISO 27001, NIST CSF, NIST 800-53, Essential Eight, PCI DSS)
PDF & CSV compliance exports
Auditor portal with comments, sign-offs, and evidence ZIP
Shareable read-only reports for due diligence
Security posture trends and readiness scoring
Advanced alerts & full alert history
Control effectiveness analysis (NIST SP 800-53A methodology)

Start Pro trial

Covers SDLC controls evidenced by GitHub activity: change management, access control, vulnerability management, and security testing. For HR policies, vendor risk, and physical security, Audit Trail tells you what's missing.

Need enterprise features like SSO, IRAP, or HIPAA? Let's talk

FAQ

Common questions

SaaS companies that use GitHub and need compliance evidence for enterprise deals, SOC 2 audits, or security questionnaires. Especially teams of 5-50 engineers with no dedicated compliance person. If your product lives in GitHub repos, Audit Trail turns your existing developer activity into compliance evidence automatically.

Your compliance posture, running in the background.

Connect your repositories and see your compliance score in under 10 minutes. Free to start - no credit card required.

Get started free Questions? Get in touch

You won't notice Audit Trail working.Your auditor will.