ISO 27001 · NIST CSF · SOC 2 · GDPR · PCI DSS · Essential Eight · NIST 800-207 · ASD MDA and more
You won't notice Vigil working.
Your auditor will.
Connect GitHub once, then forget about compliance. Vigil silently maps every commit, PR, branch protection, and deployment to ten frameworks — automatically, continuously, invisibly. When audit day arrives, everything is already there.
No credit card required · Read-only GitHub access · Setup in 2 minutes
The problem
Compliance is treated as work
- ×Auditors ask for change management evidence. You spend hours screenshotting GitHub PRs and commit logs.
- ×Branch protection rules, code reviews, and deployment approvals live in different places. Auditors want one package.
- ×Mapping your Git workflow to ISO 27001, NIST CSF, GDPR, or SOC 2 requires compliance expertise you don't have time for.
The solution
Compliance infrastructure. Not compliance overhead.
- ✓Install once. Vigil watches everything. Webhooks stream commits, PRs, reviews, Dependabot alerts, and deployment approvals in real time — no daily batch lag.
- ✓Every artifact maps to specific controls across ISO 27001, NIST CSF, NIST SP 800-53, SOC 2, GDPR, SOCI Act, PCI DSS, Essential Eight, NIST 800-207, and ASD MDA Foundations — automatically.
- ✓Only surfaces what matters. Critical gaps — secret leaks, unreviewed merges, disabled branch protection — trigger alerts so you fix them before the auditor arrives.
How it works
Working silently. Surfacing when it counts.
Connects once. Watches everything.
One-click install. Vigil gets read-only access to your repos — no code ever stored. Webhooks activate immediately and never need touching again.
Evidence builds itself, automatically.
Every push, PR, review, Dependabot alert, and deployment approval is mapped to compliance controls the moment it happens. No manual tagging, no spreadsheets.
Only surfaces what matters.
Security alerts, unreviewed PRs, and weakened branch protection trigger compliance alerts before your auditor sees them. Everything else runs silently.
When auditors arrive, you're already ready.
Generate audit-ready PDFs or CSV files with timestamped evidence, control mappings, and source references. Everything is already there.
Average time from signup to first export: under 5 minutes
Compliance Frameworks
Ten frameworks. Zero manual work.
We've done the control mapping for you. Ten frameworks covering global and regional standards — including Zero Trust Architecture and ASD MDA Foundations. Connect once, evidence them all, invisibly.
| Framework | Controls |
|---|---|
ISO 27001:2022 | 10 |
Essential Eight | 5 |
NIST CSF 2.0 | 7 |
NIST SP 800-53 | 7 |
SOC 2 | 5 |
GDPR | 3 |
SOCI Act | 4 |
PCI DSS 4.0 | 5 |
NIST SP 800-207 | 10 |
ASD MDA Foundations | 10 |
Need IRAP, HIPAA, or a custom framework? Contact us for Enterprise
Pricing
Start free, upgrade when you're ready to scale
Free
- Up to 2 repositories
- 3 compliance frameworks
- Live compliance scoring & evidence dashboard
- Gap analysis with prioritised action steps
- Basic compliance alerts
- Control notes & exceptions
- Exports, auditor portal, or shareable reports
Pro
- Unlimited repositories
- All 8 compliance frameworks
- PDF & CSV exports
- Auditor portal (comments, sign-offs, ZIP)
- Shareable read-only reports
- Full industry benchmark data
- Advanced alerts & full alert history
- Priority support
Need enterprise features? Let's talk
FAQ
Common questions
More questions? Open an issue on GitHub
Your compliance posture, running in the background.
Connect your repositories and see your compliance score in under 10 minutes. Free to start — no credit card required.