Payment Card Industry Data Security Standard. Required if you process, store, or transmit cardholder data. Our scan maps to PCI DSS 4.0 requirements for web application security.

Checks mapped: SSL/TLS strength, security headers, injection prevention, access controls, secret management

EU General Data Protection Regulation. Covers data processing, consent management, and privacy controls. Our GDPR scanner checks for cookie consent, privacy policy, and third-party tracker behavior.

Checks mapped: Cookie consent banners, privacy policy presence, third-party trackers, data handling practices

Service Organization Control 2. Focuses on security, availability, processing integrity, confidentiality, and privacy. Our report maps scan findings to SOC 2 Trust Services Criteria.

Checks mapped: Access controls, encryption, monitoring, vulnerability management, incident response

Health Insurance Portability and Accountability Act. Required for handling Protected Health Information (PHI). Our report covers technical safeguards and access controls.

Checks mapped: Encryption at rest/transit, access controls, audit logging, authentication strength

International standard for information security management systems (ISMS). Our report maps findings to Annex A controls covering physical, organizational, and technical security.

Checks mapped: Access management, cryptography, operations security, communications security

From the Dashboard

After running a scan, go to the scan results page. Click the "Compliance" tab and select a framework. The report generates instantly from your scan data.

Via API

GET /api/v1/scans/{scanId}/compliance/GDPR
Authorization: Bearer bsk_your_key

Available frameworks: PCI_DSS_4, GDPR, SOC2, HIPAA, ISO27001