EDITH
Start
Compliance · 5 frameworks · 62 controls

Audit-grade evidence, on autopilot.

Every EDITH finding maps to specific compliance controls across PCI-DSS, SOC 2, GDPR, Play Store, and Apple App Store. When auditors ask "how do you know?" — you point at the continuous scan history and the auto-generated report.

0
Frameworks
0
Controls
0
Check ↔ control rows
0%%
automation
Coverage

Five frameworks. Same scan.

One commit triggers one scan. EDITH then projects every finding across all five frameworks at once — so passing your SOC 2 audit also gets you closer to Play Store launch.

PCI-DSS 4.0

16 controls

If you handle card data — PCI is non-negotiable. EDITH covers the development-facing controls: injection, broken auth, secure storage, transmission, error handling.

  • Injection flaws (6.5.1)
  • Broken auth + session mgmt (6.5.10)
  • Cross-site scripting (6.5.7)
  • Insecure direct object references (6.5.8)
  • Cross-site request forgery (6.5.9)
  • Encryption of stored card data (3.5)
  • Strong authentication (8.2)

SOC 2

10 controls

The Trust Services Criteria — Security, Availability, Confidentiality. Auditors ask 'how do you know?' EDITH's continuous scans are the evidence.

  • Logical access controls (CC6.1)
  • Encryption in transit (CC6.6)
  • Restrict transmission of data (CC6.7)
  • Detect anomalies (CC7.1)
  • Monitor system components (CC7.2)
  • Change management (CC8.1)
  • Confidential data ID (CC9.1)

GDPR

14 controls

EU data protection. Art 32 (security obligations) + Art 25 (privacy by design) + Articles 7, 13, 17, 20 (consent, info, erasure, portability) — fully mapped.

  • Pseudonymisation + encryption (Art 32(1))
  • Confidentiality + integrity (Art 32(2))
  • Data minimisation (Art 5(1)(c))
  • Right to erasure (Art 17)
  • Right to portability (Art 20)
  • Conditions for consent (Art 7)
  • Information at collection (Art 13)

Google Play Store

11 controls

If your app ships to Play Store — data-safety form readiness, secure transmission, session management, accessibility. EDITH flags the violations before review.

  • Data Safety form accuracy
  • Secure transmission (HTTPS-only)
  • No hardcoded credentials
  • No tokens in localStorage
  • Session mgmt (HttpOnly, Secure)
  • Webhook verification
  • Accessibility (WCAG 2.1 AA)

Apple App Store

11 controls

Review guidelines 5.1.1 (privacy), 5.1.2 (data use), ATS, keychain, session security. Pass review on the first submission.

  • App Transport Security (ATS)
  • Keychain for secrets
  • Secure session cookies
  • 5.1.1 — Minimum data collection
  • 5.1.2 — Documented data use
  • Webhook signature verification
  • Strong CSP
Auditor report

One click. One PDF.
Audit-ready.

Pro and Agency plans generate a signed PDF that maps every EDITH finding to the framework controls it violates or satisfies. Includes scan history, evidence per control, and a summary you can hand to your SOC 2 auditor on day one.

  • Per-framework pass / fail percentage
  • Per-control evidence with check ID + scan timestamp
  • Continuous scan history — auditors love the timeline
  • White-label option on Agency tier
See plansSee checks
krova-soc2-2026Q2.pdf
Signed
EDITH · Compliance evidence report
SOC 2 — Q2 2026
krova/payments·2026-04-01 → 2026-05-23
CC6.1 — Logical access
92%
CC6.7 — Restrict data
100%
CC7.2 — Monitor systems
88%
CC8.1 — Change mgmt
95%
Overall posture93% · ready
Save the audit budget for things that need a human

Compliance evidence on every commit.

Connect your GitHub. EDITH scans your last commit and shows you exactly which controls you pass — and which you'd fail on audit day.

Connect GitHubView pricing