Show HN: Built a verifiable, open-source SoC 2 readiness scanner
A new open-source tool has been developed to assist with SOC 2 audits by providing verifiable evidence directly from AWS. The tool offers a fast and private scanning process, allowing users to generate a gap report in under five minutes. It includes features like a compliance copilot named Gideon, which provides tailored remediation advice based on the user's specific findings.
- ▪The tool allows for a quick SOC 2 audit preparation with a gap report generated in under five minutes.
- ▪It uses SHA-256 verification for every finding, ensuring tamper-evident evidence sourced directly from AWS APIs.
- ▪The service is offered at a flat fee of $99 with no subscription required, providing a straightforward pricing model.
Opening excerpt (first ~120 words) tap to expand
The AWS evidence layerfor your SOC 2 audit. Walk through your SOC 2 audit with an evidence package your auditor can independently verify, every finding traced to the exact AWS API call that produced it. No surprises. No scrambling. Hand your auditor something they can actually verify. See a live demo → Run your free scan → How it works SHA-256 verified · read-only IAM · no persistent access · delete anytime · auditor-submittable report What's different 01 / VERIFIABLE SHA-256 Every finding hashed. Every finding includes the AWS API endpoint, timestamp, and SHA-256 hash of the raw response. Your auditor can re-run the call themselves. 02 / FAST 5 min Not 30 days. Provision a read-only role, paste the ARN, get a gap report before your coffee gets cold.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Loxeai.
Discussion
0 commentsMore from Loxeai
