Evident CI/CD

SOC 2 Type I & II · Open Source

SOC 2 evidence,
collected in minutes

Stop manually hunting through settings pages and exporting audit logs. Evident CI/CD checks 20+ compliance controls across your repositories and produces a timestamped, auditor-ready report — instantly.

Get started for free! Get started for free!

20+ SOC 2 controls · GitHub & GitLab · Cloudflare R2 storage · Open source

Everything your auditor needs

No spreadsheets. No screenshots. One click covers every repository.

⚡

Automated evidence collection

Branch protection, required reviewers, CODEOWNERS, secret scanning, vulnerability alerts, CI health, webhook inventory, and 14+ more controls — checked across every selected repository in one run.

📋

Auditor-ready reports

Every control gets a clear Pass / Warn / Fail verdict with supporting detail. Export as Markdown and hand it directly to your auditor — no extra formatting.

🔒

On-prem and in the cloud

Deploy to your own Cloudflare account — on-prem in spirit, serverless in practice. Evidence reports go straight into your R2 bucket. You own the storage, the keys, and the data.

All the simplicity you desire

Three steps. Zero busywork. Your report is waiting.

Connect your account

→

Select repositories

Choose an organization and pick one or more repositories. Run a single repo or your entire org at once.

→

Download your report

A timestamped, auditor-ready report is generated in seconds and stored in your R2 bucket.

✓

SOC 2 for repositories

Every repository is evaluated against these SOC 2 controls.

✓Branch protection rules

✓Required pull request reviews

✓CODEOWNERS file

✓SECURITY.md present

✓Signed commits enforcement

✓Secret scanning alerts

✓Dependency vulnerability alerts

✓Code scanning (SAST)

✓CI/CD pipeline runs

✓Deployment environments

✓Webhook inventory

✓Outside collaborator access

✓Rules enforced for administrators

✓Repository rulesets

✓Release cadence

✓CI secrets audit