Compliance & Governance

Compliance on
autopilot.

100% technical compliance automation. Real-time compliance scores across 10 frameworks. Evidence collection that never sleeps.

No more manual evidence gathering. No more last-minute audit scrambles. codelake continuously maps your security controls to framework requirements and collects evidence automatically.

Start free — no credit card See all features
verified Compliance Dashboard

SOC 2 Type II

94%

ISO 27001:2022

91%

PCI DSS v4.0

87%

HIPAA

96%
Real-time · Last updated 2 minutes ago

Supported Frameworks

10 frameworks. One platform.

Map your security controls to the most demanding regulatory frameworks. codelake handles control mapping, evidence collection, and audit reporting for all of them simultaneously.

shield

SOC 2 Type II

Trust Services Criteria

verified_user

ISO 27001:2022

Information Security

credit_card

PCI DSS v4.0

Payment Card Industry

local_hospital

HIPAA

Healthcare Data

account_balance

NIST CSF 2.0

Cybersecurity Framework

checklist

CIS Controls v8

Critical Security Controls

language

EU Cyber Resilience Act

EU Product Security

euro

DORA

Digital Operational Resilience

privacy_tip

GDPR

Data Protection

add_circle

Custom Frameworks

Build your own

How It Works

From scan to audit-ready in three steps.

1

Map Controls

codelake automatically maps your security checks and scan results to framework-specific controls. Every finding, every scan type, every policy — mapped to the requirements that matter.

  • Automatic control-to-check mapping
  • Multi-framework simultaneous mapping
  • Gap analysis for uncovered controls
2

Collect Evidence

Evidence is collected automatically from every scan, triage decision, policy check, and configuration change. Versioned, timestamped, and tamper-proof.

  • Auto evidence collection from scans
  • Evidence versioning with checksums
  • Tamper-proof audit trail
3

Generate Reports

One click to generate audit-ready compliance reports. Board-level summaries, detailed control assessments, evidence packages — all formatted for your auditor.

  • Audit-ready PDF reports
  • Evidence packages per control
  • Trend analysis and improvement tracking

Evidence Collection

Evidence that collects itself.

Every scan, every triage decision, every policy change generates compliance evidence automatically. Versioned, timestamped, and linked to specific framework controls.

  • inventory_2

    Auto Evidence Collection

    Scan results, configuration snapshots, triage decisions, and policy evaluations are captured as evidence artifacts.

  • history

    Evidence Versioning

    Every evidence artifact is versioned with SHA-256 checksums. Track how your compliance posture evolves over time.

  • link

    Control Linking

    Evidence is automatically linked to the framework controls it satisfies. One piece of evidence can cover multiple controls across frameworks.

  • file_download

    Export Packages

    Export evidence packages per control, per framework, or as a complete audit bundle. Share directly with your auditor.

inventory_2 Evidence Library 847 artifacts
check_circle

SAST Scan Results — acme-api

SOC 2 CC7.1 · ISO 27001 A.8.28 · Collected 2h ago

v14
check_circle

Secret Rotation Log

PCI DSS 3.6.4 · NIST PR.AC-1 · Collected 6h ago

v8
check_circle

Triage Decision Audit Trail

SOC 2 CC7.2 · ISO 27001 A.5.25 · Collected 1h ago

v42
check_circle

Dependency Vulnerability Report

CIS 16.4 · NIST ID.RA-1 · Collected 3h ago

v21
Policy Engine

# codelake policy — custom compliance rules

 

policy:

  name: "no-unrotated-secrets"

  description: "Secrets must be rotated within 90 days"

  severity: high

  condition:

    secret.last_rotated > 90 days

  action: alert + block_deploy

  frameworks:

    - SOC2:CC6.1

    - PCI:3.6.4

    - NIST:PR.AC-1

 

✓ Policy saved · 3 framework controls mapped

Policy Engine

Your rules. Your policies. Enforced automatically.

Define custom compliance policies that go beyond standard framework requirements. Set conditions, actions, and framework mappings — codelake enforces them on every scan.

  • Custom rule definitions with conditions and actions
  • Map custom rules to framework controls
  • Block deployments on policy violations
  • Alert and escalation on policy breaches
  • Policy templates for common requirements

Audit Logs & Approval Queue

Complete audit trail. Manager approvals built in.

Every action in codelake is logged. Triage decisions, policy changes, configuration updates, evidence exports — all with user identity, timestamp, and context. Destructive or compliance-relevant actions require manager approval.

receipt_long

Immutable Audit Log

Every state change is recorded in an append-only audit log. User, action, resource, timestamp, and IP address — all preserved for compliance.

approval

Manager Approval Queue

Destructive actions (bulk dismiss, policy override, evidence deletion) require manager approval. Configurable approval workflows with escalation.

search

Searchable & Filterable

Search audit logs by user, action type, resource, date range, or framework. Export filtered results for external audit tools.

schedule

Retention Policies

Configure audit log retention per compliance requirement. SOC 2 requires 1 year, HIPAA requires 6 years — we handle it automatically.

webhook

SIEM Integration

Forward audit events to your SIEM (Splunk, Datadog, Elastic) in real-time via webhooks or syslog for centralized security monitoring.

gavel

Compliance Evidence

Audit logs themselves serve as compliance evidence. Demonstrate to auditors that your security processes are documented and enforced.

Stop scrambling before audits.

codelake continuously collects evidence, maps controls, and maintains real-time compliance scores. When the auditor calls, you're already ready.

Start free — no credit card View pricing