Github Support

[jinman]

Love to request Github Support

1. Can Auditkit, analyze GitHub repositories for code security or compliance policies. It will be great if it can scan GitHub Actions, pull requests, code workflows, or GitHub metadata for compliance tracking, Dependabot, branch protection etc and collect evidences
2. Can Auditkit run as a github workflow action so it can automatically post evidences to a site or TrustCloud API

[mrmez]

Hey @jinman ! Apologies for the late reply.

That's actually a great idea. Unfortunately, at least at the moment, that feature isn't in the pipeline. I can look into it and get back to you on what it'd take to implement.

[mrmez]

@jinman Hey...I spent some time looking into this. The GitHub compliance scanning (branch protection, Dependabot, Actions security, PR policies) is very doable and maps cleanly to CMMC and SOC2 controls. The GitHub Action piece for automated evidence collection is also on my radar. What is/are your use case(s)? Are you prepping for a specific audit/assessment, or is this more about continuous compliance tracking? And are you using a GRC platform like TrustCloud that you'd want this feeding into? Trying to make sure I build what's actually useful rather than guessing. Thanks!