devguard connects natively to GitHub, GitLab, Jira and Slack, so from an action it creates and tracks a ticket in those tools and syncs the status back. Your team keeps the work in one place instead of being pulled out of engineering to chase it. Swiss-hosted, German and English, on-prem possible.
Deep cloud auto-collection from AWS, Azure or GCP is on the roadmap. Today, our strength is the native link to the code, ticket and chat systems your team already uses, keeping remediation moving through them.
| Capability | devguard |
|---|---|
| Live today | |
| Native integrations with GitHub, GitLab, Jira & Slack | |
| Create and track a ticket from an action, status synced back | |
| Coverage, policies, audits, reviews and ten reports | |
| Opt-in AI assistant for retrieval and Q&A | |
| What’s coming | |
| Deeper evidence automation from your cloud | |
| More of the systems your team runs, connected | |
Everything marked live ships today. We’ll be straight about what’s still coming, rather than promise automatic everything up front.
From an action, devguard creates a ticket in GitHub, GitLab or Jira, or sends a Slack message, then syncs the status back as your team works it. The remediation happens where your team already is, and devguard keeps the trail.
Connect the systems your team already works in, then run the ISMS in devguard: coverage per framework, versioned policies, reviews, audits and the reports you hand over.
Control coverage per framework moves from unknown to partial to full as you map each control to the policies, assets and risks that satisfy it. An open gap is visible months out, not the week before the audit.
Author your policies in devguard, then move each one draft, needs-approval, published, with the full version history kept. The auditor sees the policy and the approval that stands behind it, not a file with an unknown edit history.
Asset, risk and vendor reviews each run draft to in-progress to completed, with findings and the next review date set on completion. A deadlines view surfaces what’s due early, so reviews don’t pile up before the audit.
Log audit findings with their root cause and the corrective measure, each with its own deadline, and carry every non-conformity through to closed. The state of an internal audit is something you can show, not reconstruct from chat history.
Generate the documents an auditor expects as PDFs, including the Statement of Applicability, plus audit, risk, asset, vendor, policy and review reports — produced from the live workspace, not assembled by hand the night before.
Not a metrics wall (we're early; we won't invent numbers). The differentiators we can stand behind today:
From an action, devguard creates and tracks a ticket in GitHub, GitLab or Jira, or sends a Slack message, then syncs the status back, so the work happens where your team already is, not in a separate tracker nobody updates.
Native integrations with the four tools your team already works in; nothing new to adopt to keep remediation moving.
You control where your data sits, in German and English. Export records to CSV and reports to PDF whenever you ask.
Evidence flows from the tools you connect, and your policies stay yours to write. A CLI agent and cloud auto-collection are on the roadmap, claimed only when they ship.
Connect your tools and run the ISMS yourself, or have us move your existing one across first. No number on the page — the right price depends on your setup, and we work it out together.
Hosted in Switzerland by default, on-prem possible, German and English throughout — so when a customer asks where their compliance evidence sits, you have a precise answer. Export records to CSV and reports to PDF, any time.
No empty workspace to fill from scratch. Wherever your ISMS lives today, in spreadsheets, Confluence or another tool, we migrate it into devguard ourselves on a fixed scope and a fixed date. We connect your GitHub, GitLab, Jira and Slack integrations, and nothing is switched over until you’ve checked it side by side. Then you run from there, and you can export records to CSV and reports to PDF whenever you want.
We agree exactly what the first migration covers, which frameworks, which integrations, how much evidence, so there’s no open-ended engagement.
The founder moves your ISMS in and connects GitHub, GitLab, Jira and Slack so an action can create and track a ticket in the right tool, on an agreed schedule.
You check the auditor-facing trail side by side. When you’re satisfied, the workspace is live and your team runs it from there.
GitHub, GitLab, Jira and Slack, natively. From an action, devguard creates and tracks a ticket in those tools (a GitHub, GitLab or Jira issue) or sends a Slack message, then syncs the ticket status back, so remediation happens where your team already works. Evidence for a control is the policies, assets and risks you map to it.
Today, evidence flows from the code, ticket and chat systems you connect, like GitHub, GitLab, Jira and Slack, which keep the ISMS current as work happens. Deeper cloud auto-collection from AWS, Azure or GCP, a CLI agent and CI auto-capture are on the roadmap.
No. The AI assistant is opt-in and does retrieval and Q&A over your existing ISMS — it helps you find and reason about what’s already there. It does not write your policies for you, because auditors see through generated policy text and so should you.
Hosted in Switzerland by default, in German and English. On-prem is possible, so your compliance evidence stays where you need it, which matters when a customer asks where their data sits.
No lock-in by design. You can export your records to CSV and generate reports as PDFs at any time. Moving in never means you can’t move out.
Yes. You map controls to coverage per framework, back each one with the policies, assets and risks it requires, and generate the Statement of Applicability and the other reports an auditor expects. If your ISMS already lives somewhere else, we move it across by hand first so you’re not rebuilding it during the certification run.
A 15-minute conversation, engineer to engineer — not a sales demo. How your team works today, which of GitHub, GitLab, Jira and Slack you’d connect, and where devguard fits, including what’s live now and what’s on the roadmap.