Delve
AI-native compliance automation with agent-based evidence collection
Comply
Automate SOC2 compliance with markdown policies and ticketing integration
Comply streamlines SOC2 policy creation, ticketing automation, and PDF generation, letting teams maintain auditor‑ready documentation from a single Git‑based workflow.
Overview
Overview
Comply is designed for security and compliance teams that need to prepare for SOC2 audits. By treating compliance documentation as code, it lets you version‑control policies, track coverage, and collaborate through familiar Git workflows.
Features
The tool provides a markdown‑driven policy generator, ready‑made SOC2 templates, and integrations with Jira, GitHub, and GitLab to create and sync tickets for control testing. A built‑in CLI can build a static website, generate PDF audit packages, and serve a live dashboard showing declared versus satisfied controls. Dependencies are limited to pandoc, which can be installed locally or run inside the provided Docker image.
Deployment
Install via Homebrew on macOS, download a Linux binary, or pull the Docker image for cross‑platform use. After comply init, push the repository to your version‑control system and start editing the boilerplate. The workflow works on macOS, Linux, and Windows (via Docker), making it flexible for most development environments.
Highlights
Markdown‑based policy generator with auditor‑friendly PDFs
Ticketing integration for Jira, GitHub, and GitLab
SOC2‑specific templates and coverage tracking dashboard
CLI and Docker support for local or containerized execution
Pros
- Apache‑2.0 open source license
- Works on macOS and Linux natively
- Integrates with existing ticketing systems
- Automates PDF generation for audit packages
Considerations
- Windows requires Docker
- Requires pandoc as an external dependency
- Focused primarily on SOC2 templates
- Initial configuration may need YAML familiarity
Managed products teams compare with
When teams consider Comply, these hosted platforms usually appear on the same shortlist.
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
Fit guide
Great for
- SaaS companies preparing for SOC2 certification
- Teams already using Git for documentation
- Organizations that rely on Jira, GitHub, or GitLab for issue tracking
- Teams wanting automated policy coverage reporting
Not ideal when
- Enterprises needing a full GRC suite beyond SOC2
- Environments without Docker or pandoc support
- Teams that prefer native Windows tooling
- Organizations with custom compliance frameworks not covered by the templates
How teams use it
Initialize a compliance repository
Creates a Git‑ready project with SOC2 boilerplate ready for customization and version control.
Automate control testing tickets
Schedules and syncs tickets in Jira, GitHub, or GitLab to keep controls continuously verified.
Generate a PDF audit package
Produces a single, auditor‑friendly PDF containing all policies and procedures.
Monitor policy coverage in real time
Live dashboard shows declared versus satisfied controls, highlighting gaps instantly.
Tech snapshot
Go93%
Makefile5%
Dockerfile1%
Ruby1%
Shell1%
Frequently asked questions
How can I run Comply on Windows?
Use the Docker image; mount your project directory and run the CLI inside the container.
Do I need to install pandoc separately?
Yes, pandoc must be installed on the host or is provided within the Docker image.
Which ticketing systems are supported?
Jira, GitHub, and GitLab are fully supported for ticket creation and synchronization.
Can I modify the provided SOC2 templates?
Absolutely—edit the markdown files in the repository to match your organization’s policies.
What license is Comply released under?
Comply is released under the Apache‑2.0 license.
Project at a glance
Dormant- Stars
- 1,459
- Watchers
- 1,459
- Forks
- 266
LicenseApache-2.0
Repo age7 years old
Last commit4 years ago
Primary languageGo
Last synced 2 days ago