Best Compliance Software for GitHub
View:
Compare the Top Compliance Software that integrates with GitHub as of July 2025
Sort By:
This a list of Compliance software that integrates with GitHub. Use the filters on the left to add additional filters for products that have integrations with GitHub. View the products that work with GitHub in the table below.
What is Compliance Software for GitHub?
Compliance software helps organizations ensure that their operations, processes, and reporting adhere to regulatory standards and internal policies. It centralizes compliance management by tracking regulatory changes, automating audits, and managing documentation to reduce the risk of non-compliance. Many compliance tools include features for risk assessment, incident tracking, and policy enforcement, helping businesses identify and address compliance gaps proactively. By automating compliance workflows, the software saves time and minimizes human error, ensuring more consistent and reliable compliance practices. Compliance software is essential in highly regulated industries such as finance, healthcare, and manufacturing, where adherence to standards is critical to avoid penalties and maintain trust. Compare and read user reviews of the best Compliance software for GitHub currently available using the table below. This list is updated regularly.
-
1
HSI Donesafe
Donesafe
Empower your team with HSI Donesafe's Compliance Software, crafted to simplify safety and accountability processes for your people. Automate tracking, reporting, and regulatory needs to reduce admin burdens and ensure compliance at every level. With intuitive tools designed to minimize errors, you’ll never miss a critical detail. From the frontline to leadership, every team member stays aligned and supported in creating a safer, more efficient workplace. Discover true configurability with our no-code platform. Simply change what you need when you need with our easy-to-use drag and drop function. Plus, create automated, customized compliance reports that get sent directly to those who need them. Reclaim valuable time to focus on what truly matters—protecting your people and fostering a culture of accountability and trust. -
2
Carbide
Carbide
Carbide empowers organizations to meet complex compliance requirements through automation, continuous monitoring, and expert-backed guidance. Our hybrid SaaS platform supports SOC 2, ISO 27001, GDPR, HIPAA, and more, helping teams streamline audit preparation and maintain ongoing readiness. Carbide automates evidence collection across 100+ integrations, embeds pre-built policies, and maps controls across frameworks to eliminate duplicate effort. With built-in workflows and Carbide Academy, your team stays informed and compliant as your environment evolves.Starting Price: $7,500 annually -
3
Hyperproof
Hyperproof
Hyperproof makes building out and managing your information security frameworks easy by automating repetitive compliance operation tasks so your team can focus on the bigger things. The Hyperproof solution also offers powerful collaboration features that make it easy for your team to coordinate efforts, collect evidence, and work directly with auditors in a single interface. Gone are the days of uncertainty around audit preparation and compliance management process. With Hyperproof you get a holistic view of your compliance programs with progress tracking, program health monitoring, and risk management. -
4
Global App Testing
Global App Testing
Global App Testing (GAT) enables tech teams to conduct testing across 189+ countries with a network of over 60,000 professional testers, using real devices and environments. By leveraging the GAT platform, you can streamline your testing process, boost release quality, and accelerate time-to-market while optimizing budget efficiency. The platform is fully integrated to seamlessly work with your existing DevOps or CI/CD tools. Whether you need ongoing QA support or additional resources to manage peak release cycles, GAT’s integration-driven approach allows you to manage your entire testing workflow—from test initiation to results analysis—without leaving your familiar tools like GitHub, Jira, and TestRail. With our integrated platform, both unscripted exploratory testing and scripted functional test execution can be embedded into your CI/CD and SDLC processes, ensuring perfect alignment with your automation testing tools. -
5
Titan
Titan
Bend, don’t break with Titan’s flexible business solutions and forms for Salesforce. Our scalable Salesforce Forms and software is rapidly developing a reputation as the gold-standard in Salesforce integration, and it’s easy to see why. Slash time to market, nuke code, and tackle any use case on a single platform. Our best-of-breed forms in Salesforce and applications cater to any industry and it’s our mission to provide custom solutions for difficult problems. Build web portals, sign documents, generate docs, send surveys, automate contracts, fill out forms in Salesforce, and so much more in just a few simple clicks. No code required and AI assisted! This is all 100% Salesforce integrated, empowering you to send data to the #1 CRM and pull it back in real-time. No other product on the market does it better or faster. Our customers and partners are the heartbeat of Titan. If you need a feature, simply request it via our Titan X Lab and we will consider it for our roadmap!Starting Price: $12 per month -
6
Modern Requirements4DevOps
Modern Requirements
Modern Requirements4DevOps turns Azure DevOps into a full-featured Requirements Management tool. Microsoft calls MR4DevOps its go-to partner for requirements management. Bring your teams together under one platform to create a true single source of truth model where requirements live next to your Test Cases and code repositories. MR4DevOps is designed to bring many new features to Azure DevOps including: • Robust requirements management, including curation, collaboration, and communication • Authoring tools within ADO like SmartDocs and SmartReports • Reviews • End-to-end traceability • Reporting • Modelling Modern Requirement4DevOps supports agile, waterfall, and hybrid requirements approaches. It includes an industry-leading feature set with complete project auditability. -
7
SkyPrep
SkyPrep
SkyPrep is an intuitive online training software that helps organizations deliver, track, and optimize training to employees, customers, and partners with ease. Whether you are looking to onboard employees, train customers on your products, or keep up with compliance requirements, SkyPrep makes learning easy and effortless with its fully customizable and intuitive platform, along with its best-in-class customer support. Course delivery is quick and easy to set up by just dragging and dropping your content, and building the assessments that go with it. Everything is then tracked in real-time, and your users are self-guided with our automated emails and reminder system. All user scores, progress reports, and how their time is spent are consolidated into reports available to access at any time. Certification is also automated for bookkeeping. Other key features include Content Authoring Tool, Gamification, Knowledge Checks, AI-Like Chatbot, Skills Tracking. -
8
Egnyte
Egnyte
Egnyte provides a unified content security and governance solution for collaboration, data security, compliance, and threat detection for multicloud businesses. More than 16,000 organizations trust Egnyte to reduce risks and IT complexity, prevent ransomware and IP theft, and boost employee productivity on any app, any cloud, anywhere.Starting Price: $10 per user per month -
9
SaltStack
SaltStack
SaltStack is an intelligent IT automation platform that can manage, secure, and optimize any infrastructure—on-prem, in the cloud, or at the edge. It’s built on a unique and powerful event-driven automation engine that detects events in any system and reacts intelligently to them, making it an extremely effective solution for managing large, complex environments. With the newly launched SecOps offering, SaltStack can detect security vulnerabilities and non-compliant, mis-configured systems. As soon as an issue is detected, this powerful automation helps you and your team remediate it, keeping your infrastructure securely configured, compliant, and up-to-date. The SecOps suite includes both Comply and Protect. Comply scans and remediates against CIS, DISA-STIG, NIST, PCI, HIPAA compliance standards. And Protect scans for vulnerabilities and patches and updates your operating systems. -
10
Mend.io
Mend.io
Trusted by the world's leading companies, including IBM, Google, and Capital One, Mend.io's enterprise suite of application security tools is designed to help you build and manage a mature, proactive AppSec program. Mend.io understands the different AppSec requirements of developers and security teams. Unlike other AppSec solutions that force everyone to use a single tool, Mend.io helps them work in harmony by giving each team different, but complementary, tools - enabling them to stop chasing vulnerabilities and start proactively managing application risk.Starting Price: $1,000 per developer, per year -
11
Jit
Jit
DevOps ain’t easy! We are hearing more and more about the breakdown and friction where Dev meets Ops, so let’s not even talk about all the other shift-left domains that add another layer of complexity in the middle like DevSecOps. Where this comes with the need to implement and integrate dozens of security tools in their SDLC. But what if it doesn’t have to be difficult? Jit's DevSecOps Orchestration Platform allows high-velocity Engineering teams to own product security while increasing dev velocity. With a unified and friendly developer experience, we envision a world where every cloud application is born with Minimal Viable Security (MVS) embedded and iteratively improves by adding Continuous Security into CI/CD/CS. -
12
Delve
Delve
Delve lets fast-growing companies build security in days, not months. An AI-driven compliance platform designed to streamline and simplify the compliance process. Built with an intuitive, modern UX, Delve tailors a custom compliance program without using one-size-fits-all checklists, helping companies achieve SOC 2, HIPAA, and other regulatory standards quickly, often within a week. The platform’s AI features include automated code scanning on every git push to ensure ongoing security and real-time infrastructure monitoring. Delve also offers seamless onboarding, personalized strategy sessions, and 24/7 support via Slack and Zoom, eliminating the need for external consultants. With integrated tools for vulnerability management, audit preparation, and trust reports, Delve helps maintain compliance and security transparency year-round. This approach empowers companies to focus on growth without the complexity of traditional compliance processes. -
13
Intact Platform
Intact
The Intact Platform is the leading cloud and on-premise Enterprise Resource Planning (ERP) solution for audits, assessments, certification, accreditation, and standards worldwide. It goes beyond other audit collection tools on the market with a full solution approach that helps you manage communications, business goals, and personnel. The Intact Platform is unsurpassed in functionality and features a fully modular end-to-end workflow that is easily scalable. ✓ 34% increase in efficiency on average (up to 60+%) ✓ Unmatched modularity, flexibility, and scalability ✓ All standards and audit services ✓ Digital workflow – no paper ✓ On-site and remote auditing ✓ Non-conformities & corrective actions ✓ Risk-based auditing & planning ✓ Easy client communication ✓ Reporting & business intelligence (BI) ✓ Central data and management hub (incl. full audit trail) ✓ Nonstop innovationStarting Price: On request -
14
Allstacks
Allstacks
Allstacks uses machine learning models to analyze SDLC data for delivery risks and projected outcomes for engineering leaders. Our value stream intelligence platform illuminates insights across all your projects and tools. We gather and analyze past work data and behavior from the tools your team is already using, like Jira, GitHub, and Bitbucket. Getting started takes less than two minutes. Allstacks aggregates all of your tools and data into a single platform so you can accelerate your engineering team’s ability to ship great software.Starting Price: $400/per contributor per year -
15
Microsoft Purview
Microsoft
Microsoft Purview is a unified data governance service that helps you manage and govern your on-premises, multicloud, and software-as-a-service (SaaS) data. Easily create a holistic, up-to-date map of your data landscape with automated data discovery, sensitive data classification, and end-to-end data lineage. Empower data consumers to find valuable, trustworthy data. Automated data discovery, lineage identification, and data classification across on-premises, multicloud, and SaaS sources. Unified map of your data assets and their relationships for more effective governance. Semantic search enables data discovery using business or technical terms. Insight into the location and movement of sensitive data across your hybrid data landscape. Establish the foundation for effective data usage and governance with Purview Data Map. Automate and manage metadata from hybrid sources. Classify data using built-in and custom classifiers and Microsoft Information Protection sensitivity labels.Starting Price: $0.342 -
16
Axonius
Axonius
Axonius gives customers the confidence to control complexity by providing a system of record for all digital infrastructure. With a comprehensive understanding of all assets including devices, identities, software, SaaS applications, vulnerabilities, security controls, and the context between all assets, customers are able to mitigate threats, navigate risk, decrease incident response time, automate action, and inform business-level strategy — all while eliminating manual, repetitive tasks. Recognized as creators of the Cyber Asset Attack Surface Management (CAASM) category and innovators in SaaS Management Platform (SMP) and SaaS Security Posture Management (SSPM), Axonius is deployed in minutes and integrates with hundreds of data sources to provide a comprehensive asset inventory, uncover gaps, and automatically enforce policies and automate action. -
17
CTX
Cohesive Technology
Search Trello, Slack, Google Drive, Github and JIRA. Search, data exploration and GDPR compliance tools for digital companies. Save time every day by always being able to find that email, JIRA issue or Slack message. You're busy, and it's hard to remember whether that crucial bit of info was in a JIRA issue, in Slack or emailed in. Now it doesn't matter. Get a Slack message whenever anyone mentions your project (or your name, or anything you like really) in any of your tools. ctx dynamically stays up to date. We make sure that every time you change data in a source, they tell us about it, giving you a timely and consistent view of your data. We use advanced search techniques to drill down into your data. Slice and dice by date, type and more. Filter or page through results. Add your team - we'll take care of inviting and signing them up so they can search all the same data as you.Starting Price: £20 per month -
18
JupiterOne
JupiterOne
JupiterOne is a cyber asset analysis platform every modern security team needs to collect and transform asset data into actionable insights to secure their attack surface. JupiterOne was created to make security as simple as asking a question and getting the right answer back, with context, to make the right decision. With JupiterOne, organizations are able to see all asset data in a single place, improve confidence in choosing their priorities and optimize the deployment of their existing security infrastructure.Starting Price: $2000 per month -
19
FOSSA
FOSSA
Scalable, end-to-end management for third-party code, license compliance, and Open Source has become the critical supplier for modern software companies, changing everything about how people think about their code. FOSSA builds the infrastructure for modern teams to be successful with open source. FOSSA's flagship product helps teams track the open source used in their code and automate license scanning and compliance. Since then, over 7,000 open source projects (Kubernetes, Webpack, Terraform, ESLint) and companies ( Uber, Ford, Zendesk, Motorola) rely on FOSSA's tools to ship software. If you are in the software industry today, you're now using code that runs FOSSA. FOSSA is a venture-funded company backed by Cosanoa Ventures, Bain Capital Ventures, etc. with affiliate angels including Marc Benioff (Salesforce), Steve Chen (YouTube), Amr Awadallah (Cloudera), Jaan Tallin (Skype), and Justin Mateen (Tinder).Starting Price: $230 per month -
20
Polymer
Polymer Data Security
Polymer DLP is a comprehensive data governance and remediation platform that integrates with your SaaS applications. We use machine learning and natural language processing to automatically detect and stop sensitive information like PII or business-critical data from going to the wrong people in real time. In addition, we offer real time feedback and training to stop future incidents before they happen. Try for free today and set up a custom policy in minutes. Polymer is constantly expanding, currently we integrate with Slack, Google Drive, Microsoft Teams, One Drive, Bitbucket, Github and Box.Starting Price: $4/month/user -
21
IriusRisk
IriusRisk
IriusRisk is the industry's leading threat modeling and secure design solution in Application Security. With enterprise clients including Fortune 500 banks, payments, and technology providers, it empowers security and development teams to ensure applications have security built-in from the start - using its powerful threat modeling platform. Whether teams are implementing threat modeling from scratch, or scaling-up their existing operations, the IriusRisk approach results in improved speed-to-market, collaboration across security and development teams, and the avoidance of costly security flaws. -
22
Tenon
Tenon.io
Every user should have equal access to your website. Tenon's tools, testing and training fix accessibility for your entire organization. Need an automated accessibility testing tool? Our API integrates into your development pipeline. Need an accessible website asap? Tenon's testers, developers and auditors fix accessibility fast. Need to fix accessibility forever? Tenon can help you to become an accessible organization. Tenon doesn't just make the best automated accessibility testing tools on the market; we can solve any accessibility problem. Tenon has produced hundred of VPATs and accessibility audits. Our rapid remediation service fixes accessibility issues on your website while testing is ongoing. Our developers can train your dev team to write accessible code and help you to define the KPIs and processes you need to become a truly accessible organization. Tenon can ensure your latest pull request is approved or crawl your project weekly and send you a report by e-mail.Starting Price: $82 per month -
23
Vanta
Vanta
Thousands of fast-growing companies trust Vanta to help build, scale, manage and demonstrate their security and compliance programs and get ready for audits in weeks, not months. By offering the most in-demand security and privacy frameworks such as SOC 2, ISO 27001, HIPAA, and many more, Vanta helps companies obtain the reports they need to accelerate growth, build efficient compliance processes, mitigate risks to their business, and build trust with external stakeholders. Simply connect your existing tools to Vanta, follow the prescribed guidance to fix gaps, and then work with a Vanta-vetted auditor to complete audit. -
24
AlphaMED
Alpha Software
AlphaMed Solutions include electronic healthcare records, customized solutions, and modern healthcare and business apps that collect and analyze real-time critical patient data. These HIPAA-compliant solutions combine the expertise of software engineers and practicing physicians using cutting-edge medical protocols The apps can collect and access medical data at high speed, integrate with virtually any healthcare system, and work with or without a WIFI or cell signal. Through daily input of current symptoms and temperature readings, the AlphaMED Workplace Wellness app and AlphaMED COVIDCare Back to School App guides employees through a quarantine or illness period. Using established criteria, test results, and the illness cycle, the app determines when key milestones have been reached and alerts employees when they can safely return to work or school.Starting Price: $30 per user per month -
25
HoundDog.ai
HoundDog.ai
AI-powered code scanner designed to implement a proactive, shift-left strategy for sensitive data protection and privacy compliance. Product development outpaces privacy teams, leading to a constant need to update outdated data maps, which consumes much of their workload. Use HoundDog.ai’s AI-powered code scanner to continuously detect vulnerabilities (currently overlooked by SAST scanners) where sensitive data is exposed in plaintext through mediums such as logs, files, tokens, cookies, or third-party systems. Get essential context and remediation strategies, such as omitting sensitive data, applying masking or obfuscation, or using UUIDs instead of PII. Receive alerts when new data elements are introduced, based on their sensitivity levels, and prevent out-of-scope product changes from going live to avoid privacy incidents. Eliminate the manual and highly error-prone processes typically associated with security tasks.Starting Price: $200 per month -
26
Uptycs
Uptycs
Uptycs is the first unified CNAPP and XDR platform. Reduce risk by prioritizing responses to threats, vulnerabilities, misconfigurations, sensitive data exposure, and compliance mandates. With Uptycs, you can protect your entire enterprise, from laptops and servers to public and private cloud infrastructure. The platform streamlines your response to threats and offers a single UI and data model for easy management. Uptycs ties together threat activity as it traverses on-prem and cloud boundaries, delivering a more cohesive security posture. If you're looking for a powerful security solution that eliminates silos and tool sprawl, Uptycs is the answer. Looking for acronym coverage? We have you covered, including CNAPP, CWPP, CSPM, KSPM, CIEM, CDR, and XDR. Start with your Detection Cloud, Google-like search, and the attack surface coverage you need today. Be ready for what’s next. Shift up with Uptycs. -
27
Torii
Torii Labs
Torii is a SaaS management platform. It transforms the way companies operate by creating an Autonomous IT, enabling IT to increase velocity, agility and efficiency, using a SW that manages SW automatically. With the growing usage of SaaS tools within organizations, Torii enables IT professionals to discover, optimize and control the organization SaaS usage and cost and make better use of Software. Torii gives instant visibility and control, of all company-wide SaaS apps (across G Suite, Okta, Dropbox, and more), giving control over SaaS back to IT. -
28
SD Elements
Security Compass
Security Compass, a pioneer in application security, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows. Its flagship product, SD Elements, helps organizations accelerate software time to market and reduce cyber risks by taking an automated, developer-centric approach to threat modeling, secure development, and compliance. Security Compass is the trusted solution provider to leading financial and technology organizations, the U.S. Department of Defense, government agencies, and renowned global brands across multiple industries. -
29
Sophos Cloud Optix
Sophos
Asset and network traffic visibility for AWS, Azure, and Google Cloud. Risk-based prioritization of security issues with guided remediation. Optimize spend for multiple cloud services on a single screen. Get automatic identification and risk-profiling of security and compliance risks, with contextual alerts grouping affected resources, detailed remediation steps, and guided response. Track cloud services side by side on a single screen for improved visibility, receive independent recommendations to reduce spend, and identify indicators of compromise. Automate compliance assessments, save weeks of effort mapping Control IDs from overarching compliance tools to Cloud Optix, and produce audit-ready reports instantly. Seamlessly integrate security and compliance checks at any stage of the development pipeline to detect misconfigurations and embedded secrets, passwords, and keys. -
30
anecdotes
anecdotes
Now you can collect hundreds of pieces of evidence in minutes, utilizing unlimited plugins to comply with various frameworks, including SOC 2, PCI, ISO, SOX ITGC, customised internal audits and more to meet your compliance requirements with ease. The platform continuously collects and maps relevant data into normalized, credible evidence and offers advanced visibility to ensure the best cross-team collaboration. Our platform is fast, intuitive and you can start your free trial today. Eliminate compliance legwork and enjoy a SaaS platform that automates evidence collection and scales with you. For the first time, get ongoing visibility into your compliance status and track audit processes in real time. Use anecdotes' innovative audit platform to offer your customers the best audit experience on the market.