Automate Evidence Collection: GitHub
You’re using Github everyday to keep your work safe. Unfortunately, it’s not all that easy to show that compliance work to security auditors. Getting proof of your commits or pulling requests showing peer review, access controls, and security scans manually can take hours per audit. Using Hyperproof’s Hypersync feature, you can automatically collect proof of your security procedures happening in Github.
In Hyperproof, you can configure a Hypersync for Github once and then automatically extract proof of compliance on a schedule or on-demand. All proof comes with auto-generated meta-data (e.g., when it was generated, the exact location it comes from, etc.) -- so your auditor knows that the proof is valid.
GitHub Proof You Can Collect Automatically
Below is a list of proof you can automatically collect from your Github account. We plan to add additional Hypersyncs in the coming months based on customer needs.
Security alerts/automated scanning
List of organization members
What are the benefits of using Hypersync?
By using Hypersync, organizations can expect to reap benefits such as:
- Saving time: Hypersyc eliminates the need for an individual to manually gather and file away evidence
- Trustworthy evidence: For auditors to consider evidence valid, they’ll expect to see a paper-trail that showcases when it was gathered and where it comes from. Each piece of evidence gathered with Hypersyc comes with meta-data that includes the date it was collected, the name of the person who set up the connection, and a link to the original source. By using Hypersync, you can prove to your auditor the evidence hasn’t been doctored or tampered with.
- Automated testing of controls: Getting evidence automatically into Hyperproof is the basis for automated testing and automated monitoring of controls. While Hyperproof does not enable automated controls testing at this time, we are working on this capability and hope to have it available sometime in the second half of 2021.
I’d like to extract proof from Github that isn’t listed on your page. Do you have plans to add additional integrations?
We recognize that there are a lot of processes you’re managing in Github. If you have data in GitHub you’d like to be able to pull out as proof of compliance, we’d love to hear from you. We plan to add additional Hypersyncs for GitHub over time based on customer feedback.
Is Hypersync included with the core Hyperproof compliance operations platform?
Hyperproof’s pricing is tiered based on the number of compliance frameworks you implement in the platform. All pricing plans include a certain limited number of Hypersyncs that users can set up. You can purchase additional Hypersyncs at any time.