Compliance
Features
Compliance reports
Map your scan findings to industry compliance frameworks. Generate audit-ready reports for PCI DSS 4.0, GDPR, SOC 2, HIPAA, and ISO 27001.
Supported frameworks
PCI DSS 4.0
Team+Payment Card Industry Data Security Standard. Required if you process, store, or transmit cardholder data. Our scan maps to PCI DSS 4.0 requirements for web application security.
Checks mapped: SSL/TLS strength, security headers, injection prevention, access controls, secret management
GDPR
Team+EU privacy evidence mapping for consent, policy disclosures, trackers, public legal surfaces, and bounded accessibility basics. Results are technical observations, not a legal opinion or compliance certification.
Checks mapped: Cookie consent, privacy-policy controller/contact/retention/rights, third-party trackers, same-origin Terms availability, and explicit unavailable/needs-auth states
SOC 2
Team+Service Organization Control 2. Focuses on security, availability, processing integrity, confidentiality, and privacy. Our report maps scan findings to SOC 2 Trust Services Criteria.
Checks mapped: Access controls, encryption, monitoring, vulnerability management, incident response
HIPAA
Enterprise+Health Insurance Portability and Accountability Act. Required for handling Protected Health Information (PHI). Our report covers technical safeguards and access controls.
Checks mapped: Encryption at rest/transit, access controls, audit logging, authentication strength
ISO 27001
Enterprise+International standard for information security management systems (ISMS). Our report maps findings to Annex A controls covering physical, organizational, and technical security.
Checks mapped: Access management, cryptography, operations security, communications security
What's in a report
Each compliance report includes:
Generate from the dashboard
From the scan results page
After running a scan, open the results page, click the Compliance tab and select a framework. The report generates instantly from your scan data.
Generate via the API
Request a report for any completed scan by passing the framework as a path segment.
GET /api/v1/scans/{scanId}/compliance/GDPR
Authorization: Bearer bsk_your_keyPCI_DSS_4, GDPR, SOC2, HIPAA, or ISO27001 as the framework path segment.Need compliance reports?
Available on Team (€249/month) and Enterprise (contact sales) plans.