Security●●●Banger
Titan Gate – cryptographic receipts for AI-assisted code changes
Cryptographic chain-of-custody for AI code changes, SOC2 CC6/7/8 built in.
WizardrySolve My Problem
rmasoodx22
113mo ago
Back to browse
EvidentTrail – Turn GitHub activity into continuous SOC2 audit evidence
by elviro·Feb 25, 2026·2 points·0 comments
AI Analysis
●●●BangerSolve My ProblemShip ItSlick
Replaces audit spreadsheet hell with tamper-evident GitHub-sourced evidence packs.
Strengths
- •Detects branch protection drift via hash-based snapshots—catches silent security downgrades auditors would miss.
- •AI-assisted code detection (co-authored-by trailers, bot authors) with human review verification—new audit requirement, no competitor shipping this.
- •SHA-256 manifests mean evidence integrity proven at export time, not just capture—auditor-grade cryptographic evidence chain.
Weaknesses
- •No users yet and no public pricing—unclear if this actually solves auditor pain or just feels right in theory.
- •Solves a real problem but only for teams already using GitHub; won't help GitLab, Gitea, or on-prem shops.
Category
Target Audience
Engineering teams preparing for SOC 2, ISO 27001, or EU AI Act compliance audits
Similar To
Vanta · Drata · Secureframe
Post Description
Built this after watching engineering teams lose weeks before every SOC 2 audit rebuilding the same evidence trail from scratch — screenshots, PR links, spreadsheets — for work that was already documented in GitHub.
EvidentTrail connects via GitHub App and captures PR approvals, branch protection changes, CI results, and AI-assisted commits as structured, tamper-evident evidence mapped to specific controls (SOC 2 CC8.1, ISO 27001 A.8.32, etc.).
A few things that might be interesting to this crowd:
- AI-assisted code detection: we identify co-authored-by trailers, bot authors, and PR labels to flag AI-generated code, then verify a human reviewed it before merge - Branch protection drift: hash-based snapshots detect when someone quietly reduces required reviewers or removes a required status check - Evidence packs: SHA-256 manifest + PDF/CSV/JSON export so the evidence is tamper-evident at export time, not just at capture time
First launch, no users yet. Happy to answer questions about the implementation or the compliance angle.
Similar Projects
Developer Tools●●Solid
Kamal-backup – Rails backups with restore drills and audit evidence
Automated restore drills prove backups actually work when auditors come knocking.
Solve My ProblemNiche Gem
earcar
101mo ago
Security●●Solid
Tamper-evident audit trail for AI coding agent activity
SHA-256 hash chains and SMT proofs make AI agent logs actually verifiable.
Big BrainSolve My Problem
gclaramunt
443d ago
Security●●●Banger
Tamper evident audit logs for LangGraph/CrewAI agents
Cryptographic hash chains make agent action logs legally defensible—LangSmith and Langfuse don't do this.
Big BrainWizardrySolve My Problem
oabolade
101d ago
AI/ML●●Solid
Tamper-evident audit logs for LangChain/Crew AI agents
Cryptographic hash chains make AI agent logs legally defensible when LangSmith can't.
Niche GemBig Brain
oabolade
2016h ago
Developer Tools●Mid
Audit your installed GitHub CLI extensions
Curated list of 68 gh extensions with local browser-based audit.
CozyNiche Gem
sjh9714
102d ago