GitHub Security Compliance
Sign in to assess an organization or repository against the non-negotiable, critical governance and identity controls from the CIS GitHub Enterprise Cloud Benchmark v8.1 — and produce a board-ready report.
Sign in with GitHubSecured by Auth0. Read-only assessment — no repository contents are modified.
Auth0 → GitHub federation → token brokered via the Auth0 Management API.
What the report covers
-
A
In-scope control compliance
Non-negotiable, critical governance & identity controls (Domains 1–2), each marked pass / fail / partial / attestation. -
B
Security posture checks
Branch protection, required reviews, signed commits, secret scanning, Dependabot — rolled up per repository. -
C
AI artifact findings
Model files, agent/skill configs, and AI/ML dependencies — pickle-backed models flagged critical.