Compliance that keeps pace with your pull requests.
For engineering teams who want to ship fast without compliance becoming a quarterly emergency. Catch control-relevant changes in the review you already do.
Engineering teams do not want a compliance process bolted onto the side of their work. They want the work to stay compliant without slowing down, and to never be surprised by an audit finding for a change they made months ago. The leverage is in the place you already look at every change: code review.
It rides on the review you already do
Your team already reviews pull requests for correctness and style. The gap is framework knowledge: a reviewer who is not a compliance specialist cannot see that a one-line IAM change touches a control, or that a new log line carries personal data. heygrc adds that layer to the review you already run, naming the control and the clause so the author can decide with full information.
Nothing new to open, no separate dashboard, no audit-season scramble. The finding shows up where the change does.
Changes that read as ordinary code.
A few of the control-relevant changes heygrc is built to flag for this case, each cited to the clause it touches.
An IAM role widens to a wildcard
SOC 2 CC6.1A privileged-action audit log is removed
ISO 27001:2022 A.8.15A TLS floor drops on a sensitive call
SOC 2 CC6.7
The frameworks that matter most here.
Guide: Make compliance a required check
heygrc flags control-relevant changes and cites the clause so the issue can be handled in the pull request. It does not certify you, run your audit, or replace your own judgment. heygrc is in early access.