v0.1.0-alpha :: zero-trust compliance

SigComply

The Non-Custodial Compliance Engine

Open-source, zero-trust, developer-friendly compliance. Evidence without Access. Security-first alternative to centralized platforms.

Get Started Free View on GitHub

$ Free forever for CLI + Git storage | No credit card required

// problem

Getting Certified Creates New Vulnerabilities

  • Third-party data access to your production systems for compliance
  • Long-lived "read-only" API keys create attack vectors
  • Black-box policy checks — you can't audit what they're checking
  • $20k+/year tools that regulated startups can't afford
// solution

Evidence Without Access

  • Zero Data Liability — we never touch your production data
  • Open-Source Logic — audit every OPA/Rego policy check
  • Cryptographic Proofs — SHA-256 hashes verify evidence integrity
  • Developer Ergonomics — compliance as a unit test, fails your build
// features

Everything You Need for Compliance

OPA/Rego Policies

Open Policy Agent checks run locally. Compliance as code that you can audit and modify.

Cryptographic Hashing

SHA-256 hashes prove evidence integrity. Auditors verify raw files against immutable ledger.

Data Sovereignty

Evidence in your private S3/storage. SigComply never sees or touches your raw data.

Auditor-Ready Reports

Generate PDF/CSV exports mapped to CCF requirements. Make auditors happy.

Drift Detection

Automated alerts when evidence collection fails or compliance drifts.

Custom Integrations

Community-driven connectors. Add support for your custom stack easily.

// architecture

Non-Custodial Architecture

01

The Engine (CLI)

Runs OPA policies locally in your CI/CD

terminal
$ sigcomply check
✓ OPA policies pass
✓ Signing evidence files...
02

Sovereign Vault

Your encrypted S3 bucket — evidence never leaves your infrastructure

storage
soc2/aws-mfa/
├── evidence/
│ └── iam-users.json
└── result.json
03

Compliance Dashboard

Aggregated scores only — no raw evidence, no resource IDs

dashboard
score: 87%
passed: 14 / 16
status: compliant
// integrations

Works With Your Stack

Collect evidence from the tools you already use

AWS
GCP
GitHub
GitLab
Stripe
Slack

// More integrations coming soon | Community contributions welcome

// pricing

Start Free, Upgrade When You Need

No credit card required Cancel anytime

Free

For teams getting started

$0 /forever
  • Full CLI access
  • Git-based evidence storage
  • All integrations
  • Community support
  • Manual evidence management
Download CLI
RECOMMENDED

Pro

For compliance-ready teams

$99 /month

Everything in Free, plus:

  • Auditor-friendly PDF/CSV exports
  • Compliance heartbeat monitoring
  • Automated drift detection
  • CCF requirement mapping
  • Priority support
Start Pro Trial

$99/mo vs $20,000+/year for tools like Vanta

Ready to Take Control of Your Compliance?

Start collecting evidence today. No credit card required.

Get Started Free Schedule Demo