Upload a document or link a record
Upload a file directly, like a pentest report, a screenshot or a signed policy, or link a record you already keep in devguard, like a policy section, an asset or a risk.
Upload a document, or link a policy section, an asset or a risk you already track. Then map it to the control it satisfies, recorded with who linked it and when, so when an auditor asks for proof of a control, it’s already attached, not hunted down across tools.
Evidence is a document you upload or a policy, asset or risk you link, then it’s mapped to the control it proves.
Upload a file directly, like a pentest report, a screenshot or a signed policy, or link a record you already keep in devguard, like a policy section, an asset or a risk.
Attach each upload or linked record to the control it proves, recorded with who made the link and when. The file or record stops sitting in a folder and becomes proof connected to a specific control.
You map evidence to a control yourself: devguard stores your upload or records the link to a policy, asset or risk. It doesn’t reach into your cloud and collect anything for you, so every link is honest about where the proof came from.
When a control comes up in an audit or a report, its evidence is already attached and timestamped. You point at the control and the proof is there, rather than reassembling it from chat, drives and email.
Four choices behind how evidence works here — each one you can check, not an adjective.
A pentest report, a screenshot, a signed policy: upload it directly and map it to the control it proves.
Point a policy section, an asset or a risk at the control it satisfies, so existing records double as proof.
Each upload or link is attached to the control it satisfies and recorded with who made the link and when.
You upload or link each piece of evidence and map it to the control yourself. Cloud auto-collection and a CLI are on the roadmap.
Hosted in Switzerland by default, in German and English, with on-premise possible. Export your records to CSV and your reports to PDF; your data is yours, with no lock-in.
Evidence is only useful attached to something — the control it proves, the audit that checks it, the vendor it covers and the report that exports it.
Map each artifact to the control it satisfies.
Work through audit checks against the evidence behind them.
Attach questionnaires and evidence files to the vendor they cover.
Export evidence and posture as a PDF for the auditor.
You upload a document, or link a policy section, an asset or a risk you already track, then map it to the control it satisfies. The proof is put there by you, with who linked it and when on the record. Cloud auto-collection is on the roadmap; today, you decide what counts as proof.
GitHub, GitLab, Jira and Slack. They create an outbound ticket or Slack message and sync that ticket’s status back, so remediation work is tracked. They do not pull an artifact in as control evidence. Evidence today is a document you upload or a policy, asset or risk you link, then map to the control.
A document you upload, like a pentest report, a screenshot or a signed policy, or a local record you link, like a policy section, an asset or a risk. Each one is mapped to the control it satisfies and recorded with who linked it and when.
In a shared drive, a file’s link to a control lives in your head or a spreadsheet, and proof is reassembled before every audit. Here, each upload or linked record is mapped to the control it satisfies, recorded with who linked it and when, and already attached when that control comes up in an audit or report. You decide what counts as proof, so what you hand an auditor is exactly what you put there.
Swiss-hosted by default, in German and English, with on-premise possible. Export your records to CSV and your reports to PDF; your data is yours, with no lock-in.
Upload a document or link a policy, asset or risk, then map it to the control it satisfies, so the proof is attached before the auditor asks, not scrambled for after.