Skip to content
For GRC, Audit & CISO Teams

Turn container security into audit-ready evidence.

HarborGuard collects compliance evidence continuously — mapping every scan, triage decision, and remediation event to the controls your auditors care about. Define SLAs once, and the platform enforces them, notifies on breach, and exports the proof on demand.

10 Frameworks
SLA Policy
Audit Log
Evidence Packs

Audit coverage

10

Frameworks supported

Continuous

Evidence collection

Immutable

Audit trail

Per-severity

SLA tracking

The GRC Loop

From scanner finding to audit evidence — automatically.

Framework mapping

Every scanner finding routes into the controls that govern it — SOC 2 CC7, PCI-DSS 6.3, FedRAMP RA-5, NIST 800-53 SI-2 — without manual tagging.

Learn more

SLA policy enforcement

Define remediation windows per severity. The platform tracks every open vulnerability against its deadline and notifies before breach, not after.

Learn more

Evidence exports

Generate per-framework reports on demand or on a schedule. Each report cites the underlying scans, audit events, and policy decisions that produced it.

Learn more
Framework Mapping

Continuous evidence — not snapshot audits.

Auditors no longer accept point-in-time exports. HarborGuard collects evidence with every scan, every triage, and every policy change — then assembles it into the specific control format your auditor expects. When the next audit cycle opens, the report is already written.

  • SOC 2, PCI-DSS, NIST 800-53, HIPAA, FedRAMP, ISO 27001, CMMC, CIS Docker
  • Custom framework builder for internal control sets
  • Per-control evidence with cited scans, audit events, and timestamps
  • Framework-aware report templates with required-section enforcement
  • Per-framework threshold floors prevent policy regressions
Compliance FrameworksLive
SOC 2 Type II
94%
PCI-DSS v4.0
88%
NIST 800-53 r5
91%
FedRAMP Moderate
86%
ISO 27001:2022
93%
+ Custom framework builder
SLA Policy

Set the policy. The platform holds the line.

SLA enforcement is the single most cited control in modern container audits. HarborGuard treats it as a first-class object: defined once in the compliance policy, applied automatically to every open vulnerability, and tracked from creation through remediation with a defensible audit trail.

  • Per-severity remediation deadlines (Critical, High, Medium, Low)
  • Warning notification 24 hours before breach
  • Slack, email, PagerDuty, and custom webhook routing on breach
  • Backfill applies new SLA targets to existing open vulnerabilities
  • MTTR and breach counts surface directly in compliance reports
SLA PolicyActive
Critical24 hours
High7 days
Medium30 days
Low90 days
Warning at 24h before breach
PagerDuty on breach
Audit Trail

Immutable record for every policy-visible action.

When an auditor asks who changed what, when, and why — the answer should take seconds, not days. HarborGuard records every policy-visible action as a typed audit event with the actor, timestamp, and a diff of the before-and-after state. The log is append-only and exports of it are themselves audited.

  • Append-only event log keyed by actor, timestamp, and resource
  • Before-and-after diffs for every policy change
  • Triage decisions, false-positive attestations, and overrides captured
  • Patched-image rebuilds and re-scan events recorded with provenance
  • Audit-log exports are themselves audited
Audit LogLast 24h
14:22:08
compliance policy updatedby admin@
13:47:51
report.generated SOC 2by system
11:09:14
vuln.false_positive_attestedby rachel@
09:31:02
image.patched_and_rescannedby system
Append-only Tamper-evident
Every Control, Accounted For

The compliance capabilities your auditor will ask about.

10 Frameworks

Control-mapping templates for SOC 2, PCI-DSS, NIST 800-53, HIPAA, FedRAMP Moderate, ISO 27001, CMMC, CIS Docker — plus a custom builder. HarborGuard does not process PHI; the platform is not FedRAMP-authorized or ISO 27001 certified.

Visual report builder

Drag-and-drop report templates with required sections, threshold floors, and per-framework branding.

SLA tracking + MTTR

Per-severity deadlines, warning thresholds, and trend dashboards for mean time to remediate.

Immutable audit log

Append-only event log for every policy-visible action, with diffs and exportable filters.

Scheduled reports

Generate evidence packs on a weekly, monthly, or quarterly cadence and route them to email or webhook.

SAML / OIDC / SCIM

Enterprise SSO with just-in-time provisioning and SCIM-driven deprovisioning for role hygiene.

RBAC for auditors

Dedicated Auditor role with read-only access to policy, evidence, and the full audit log.

Vanta integration

Push complete state-of-world vulnerability records to Vanta on a continuous schedule — no manual uploads.

FAQ

Questions from compliance leaders

Which compliance frameworks does HarborGuard support out of the box?

Ten control-mapping frameworks ship preconfigured: SOC 2, PCI-DSS, NIST 800-53, HIPAA Security Rule, FedRAMP Moderate, ISO 27001, CMMC, CIS Docker Benchmark, plus a custom framework builder for internal control sets. HarborGuard provides control mapping aligned to these frameworks; the platform itself is not FedRAMP-authorized, is not ISO 27001 certified, and HarborGuard does not process PHI or act as a Business Associate under HIPAA. Each framework maps container scanner findings, SLA posture, and policy events to the controls auditors actually request — no hand-rolled spreadsheets, no copy-paste from individual scan reports.

How is compliance evidence collected — and how is it kept current between audits?

Evidence is collected continuously. Every scan, triage decision, SLA event, policy change, patched-image rebuild, and notification dispatch writes to an immutable audit log keyed by actor, timestamp, and resource. When an auditor asks for evidence of a control (for example, CC7.1 — system monitoring), the report builder pulls the relevant entries from the audit log and scan history into a generated PDF or CSV. There is no batch job to schedule and no snapshot to refresh before the audit window opens.

Who can view the compliance policy and who can change it?

The compliance policy lives in a single modal on the Compliance Overview page and is the source of truth for SLA targets, severity thresholds, framework selection, and evidence retention. Read access is granted to any user with the Auditor role; edit access is restricted to Admin and Owner. Every change is captured as an audit event with the old and new values, the actor, and the timestamp — making policy drift trivially defensible.

What happens when an SLA target is missed?

Each severity carries its own remediation deadline (for example, Critical 24 hours, High 7 days, Medium 30 days). A warning notification fires 24 hours before breach so on-call teams can intervene early. On breach, the platform dispatches an SLA-breach event to Slack, email, PagerDuty, and any custom webhooks configured for the org. The breach is recorded against the vulnerability and the responsible image, so MTTR trends and breach counts surface directly in compliance reports.

Does HarborGuard integrate with Vanta or similar GRC platforms?

Yes. The Vanta integration pushes complete state-of-world vulnerability records on a continuous schedule, so your existing GRC platform always reflects the current posture without manual uploads. The integration framework is provider-agnostic. Additional GRC platforms are on the integration roadmap. All sync events (started, completed, failed) are recorded in the audit log and notifications fire on sync failure.

Stop Compiling Evidence. Start Exporting It.

Audit-ready evidence, generated on demand.

Generate a sample audit report against your own image to see how HarborGuard maps findings to controls, applies your SLA policy, and produces the evidence pack your auditor expects.