Skip to content

Documentation

Everything you need to secure your AI-built projects

Compliance

Features

Compliance reports

Map your scan findings to industry compliance frameworks. Generate audit-ready reports for PCI DSS 4.0, GDPR, SOC 2, HIPAA, and ISO 27001.

Supported frameworks

PCI DSS 4.0

Team+

Payment Card Industry Data Security Standard. Required if you process, store, or transmit cardholder data. Our scan maps to PCI DSS 4.0 requirements for web application security.

Checks mapped: SSL/TLS strength, security headers, injection prevention, access controls, secret management

GDPR

Team+

EU privacy evidence mapping for consent, policy disclosures, trackers, public legal surfaces, and bounded accessibility basics. Results are technical observations, not a legal opinion or compliance certification.

Checks mapped: Cookie consent, privacy-policy controller/contact/retention/rights, third-party trackers, same-origin Terms availability, and explicit unavailable/needs-auth states

SOC 2

Team+

Service Organization Control 2. Focuses on security, availability, processing integrity, confidentiality, and privacy. Our report maps scan findings to SOC 2 Trust Services Criteria.

Checks mapped: Access controls, encryption, monitoring, vulnerability management, incident response

HIPAA

Enterprise+

Health Insurance Portability and Accountability Act. Required for handling Protected Health Information (PHI). Our report covers technical safeguards and access controls.

Checks mapped: Encryption at rest/transit, access controls, audit logging, authentication strength

ISO 27001

Enterprise+

International standard for information security management systems (ISMS). Our report maps findings to Annex A controls covering physical, organizational, and technical security.

Checks mapped: Access management, cryptography, operations security, communications security

What's in a report

Each compliance report includes:

Pass/fail count per requirement
Detailed mapping of findings to framework controls
Remediation steps for each failed control
Overall compliance percentage
PDF export for stakeholders Team+
White-label PDF with your branding Enterprise

Generate from the dashboard

From the scan results page

After running a scan, open the results page, click the Compliance tab and select a framework. The report generates instantly from your scan data.

Generate via the API

Request a report for any completed scan by passing the framework as a path segment.

http
GET /api/v1/scans/{scanId}/compliance/GDPR
Authorization: Bearer bsk_your_key
Available frameworks
Pass any of PCI_DSS_4, GDPR, SOC2, HIPAA, or ISO27001 as the framework path segment.

Need compliance reports?

Available on Team (€249/month) and Enterprise (contact sales) plans.