GitHub Marketplace

HAIEC PR Compliance

Compliance readiness, explained directly in pull requests.

See your SOC 2, ISO 27001, and NIST compliance readiness directly in pull requests. No noise, no CVE spam.

Install from GitHub MarketplaceSee How It Works
Pull Request #42

## HAIEC Audit Readiness: 60 -> 80 (+20)

### Blocking Controls Resolved

Branch protection enabled, SECURITY.md added

### Remaining Items

- SOC2 CC7.1 - Dependabot not enabled

---

[Fix in HAIEC] | [View Report]

Know your SOC 2 readiness before your auditor does

Compliance feedback, where developers already work: pull requests.

Single Readiness Score

Instead of hundreds of security findings, you get one clear score that auditors understand.

Exact Blocking Controls

See exactly which controls are blocking your audit, mapped to SOC 2, ISO 27001, and NIST.

Clear Fix Actions

Every blocking control comes with a specific fix that takes 5 minutes or less.

How It Works

Install once, get compliance feedback on every pull request.

Step 1

Install

One-click install from GitHub Marketplace

Step 2

Scan

Runs automatically on every pull request

Step 3

Report

Posts a single, updated PR comment (no spam)

Step 4

Fix

Clear actions to improve your score

10 Checks That Matter to Auditors

Every check maps directly to SOC 2 and ISO 27001 controls. No noise, no CVE spam.

  • Security Policy (SECURITY.md)
    SOC2 CC1.15 min
  • Code Owners (CODEOWNERS)
    SOC2 CC6.12 min
  • Branch Protection
    SOC2 CC6.13 min
  • PR Reviews Required
    SOC2 CC6.21 min
  • Dependabot Enabled
    SOC2 CC7.15 min
  • CI Workflow Present
    SOC2 CC8.15 min
  • Force Push Disabled
    SOC2 CC6.11 min
  • License File
    SOC2 CC1.21 min
  • Changelog Present
    SOC2 CC6.23 min
  • Recent Activity (90 days)
    SOC2 CC8.1N/A

What We Do NOT Do

Privacy and security by design. We only read what we need.

Does not block PRs

Does not store your code

Does not scan secrets

Does not require write access

Who It's For

Startups Preparing for SOC 2

Auditors ask "are you SOC 2 ready?" Now you can show it, directly from your repos.

Engineering Managers

Need evidence for security questionnaires? Generate shareable reports in seconds.

Security Teams

Get compliance evidence without chasing developers. It comes to them.

Frequently Asked Questions

No. HAIEC PR Compliance helps you prepare for audits by showing your readiness. It does not certify compliance. You still need a qualified auditor for certification.

Read access to repository contents and metadata. Write access to pull request comments only. We do not need write access to your code.

No. We post a single comment per PR and update it in place. No duplicate comments, no noise.

Currently SOC 2, ISO 27001, and NIST CSF. The 10 checks we run map to controls in all three frameworks.

No. We only check for the presence of specific files (like SECURITY.md) and repository settings. We do not read, store, or analyze your source code.

Each of the 10 checks contributes equally. Pass all 10 = 100%. The score is deterministic: same repo state = same score.

Ready to see your compliance readiness?

Install in 30 seconds. First scan runs on your next PR.

Install from GitHub Marketplace

HAIEC PR Compliance is part of the HAIEC compliance platform. For full compliance assessments, visit SOC 2 Wizard.