ISO 27001 · NIST CSF · SOC 2 · GDPR · PCI DSS · Essential Eight · NIST AI RMF · EU AI Act · and more
You won't notice Audit Trail working.
Your auditor will.
Connect GitHub once. Audit Trail maps every commit, PR, and deployment to ten frameworks - continuously, silently, invisibly. Daily GRC operations, CISO reporting, and due diligence packages are already there when you need them.
No credit card required · Read-only GitHub access · Setup in 2 minutes
The problem
Compliance is treated as work
- xAuditors ask for change management evidence. You spend hours screenshotting GitHub PRs and commit logs.
- xYour CISO wants a risk posture report. Your GRC team wants ownership of gaps. A partner wants a compliance package. All from different tools, none of them current.
- xMapping your Git workflow to ISO 27001, NIST CSF, GDPR, or SOC 2 requires compliance expertise you don't have time for.
The solution
Compliance infrastructure. Not compliance overhead.
- ✓Install once. Audit Trail watches everything. Webhooks stream commits, PRs, reviews, Dependabot alerts, and deployment approvals in real time. No daily batch lag.
- ✓GRC teams get gap ownership and risk treatment tracking. CISOs get posture trends, breach cost exposure, and board-ready summaries. Partners get a shareable compliance package - all from the same live evidence base.
- ✓Every artifact maps to controls across ISO 27001, NIST CSF, SOC 2, GDPR, PCI DSS, Essential Eight, NIST 800-207, and ASD MDA Foundations - automatically, with AI confidence scoring.
How it works
Compliance as infrastructure - invisible until you need it.
Connects once. Watches everything.
One-click install. Audit Trail gets read-only access to your repos. No code ever stored. Webhooks activate immediately and never need touching again.
Evidence builds itself, automatically.
Every push, PR, review, Dependabot alert, and deployment approval is mapped to compliance controls the moment it happens. No manual tagging, no spreadsheets.
Only surfaces what matters.
Security alerts, unreviewed PRs, and weakened branch protection trigger compliance alerts before your auditor sees them. Everything else runs silently.
Audit-ready, board-ready, deal-ready.
Generate audit packages, CISO board summaries, or partner due diligence reports with timestamped evidence and control mappings. Everything is already there.
Average time from signup to first export: under 5 minutes
Compliance Frameworks
Twelve frameworks. Zero manual work.
We've done the control mapping for you. Twelve frameworks covering global and regional standards - including AI governance (NIST AI RMF, EU AI Act), Zero Trust Architecture, and ASD MDA Foundations. Connect once, evidence them all, invisibly.
| Framework | Controls |
|---|---|
ISO 27001:2022 | 10 |
Essential Eight | 5 |
NIST CSF 2.0 | 7 |
NIST SP 800-53 | 7 |
SOC 2 | 5 |
GDPR | 3 |
SOCI Act | 4 |
PCI DSS 4.0 | 5 |
NIST SP 800-207 | 10 |
ASD MDA Foundations | 10 |
NIST AI RMF | 8 |
EU AI Act | 6 |
Need IRAP, HIPAA, or a custom framework? Contact us for Enterprise
Pricing
Start free, upgrade when you're ready to scale
Free
- Up to 2 repositories
- 3 compliance frameworks
- Live compliance scoring & evidence dashboard
- Gap analysis with prioritised action steps
- Basic compliance alerts
- Control notes & exceptions
- Exports, auditor portal, or shareable reports
Pro
- Unlimited repositories
- All 8 compliance frameworks
- PDF & CSV exports
- Auditor portal (comments, sign-offs, ZIP)
- Shareable read-only reports
- Full industry benchmark data
- Advanced alerts & full alert history
- Priority support
Need enterprise features? Let's talk
FAQ
Common questions
More questions? Get in touch
Your compliance posture, running in the background.
Connect your repositories and see your compliance score in under 10 minutes. Free to start No credit card required.