heyGRC docs

Source for docs.heygrc.com. Customer-facing.

heyGRC is compliance review for your pull requests — like a code reviewer, but for your ISMS and the frameworks you must comply with (ISO 27001, ISO 42001, SOC 2, GDPR, the EU AI Act, and ~75 more). It runs as a GitHub App and is configured as code through a small REST API, so you can set it up entirely from your coding agent (Claude Code, Cursor, Copilot, …).

Start here

How it works

  1. Install the heyGRC GitHub App on the repos you want reviewed.
  2. Configure your company context + the frameworks you care about (one API call — your agent can do it for you).
  3. heyGRC reviews each pull request, grounded in that context, and posts a review with inline comments plus a Checks status. It never blocks merges — findings are surfaced as a neutral check, not a gate.

That grounding is the whole point: heyGRC measures your diff against your obligations, not generic advice. A change to auth, data handling, logging, or a new dependency gets read against the specific controls of the frameworks you selected.