Overview

Audit preparation is stressful, manual, and reveals surprises at the worst time. Upload your framework (SOC 2, HIPAA, FedRAMP, etc.) and governance to get continuous compliance monitoring directly in your SDLC, enabling you to pass audits on the first attempt with zero surprises.

How It Works

  1. Upload Your Framework - Any compliance document, audit checklist, or regulatory requirement at zenable.app
  2. Automatic Extraction - We identify and structure all technical requirements
  3. Continuous Enforcement - Every developer action is checked against your requirements
  4. Evidence Generation - Generate custom compliance reports using our MCP server

Universal Framework Support

Zenable is a flexible multi-purpose tool that supports any requirements, including any and all compliance frameworks:

Industry Standards

• SOC 2 Trust Services Criteria• HIPAA Technical Safeguards• FedRAMP Security Controls• ISO 27001 Annex A Controls• GDPR Data Protection Requirements• PCI DSS Requirements

Custom Requirements

• Your internal security policies• Customer contractual requirements• Industry-specific regulations• Vendor assessment criteria• M&A due diligence standards• Partner integration requirements

Real-World Example: Custom Security Policy

Imagine uploading your organization’s security policy that states:
“All API endpoints must implement rate limiting of no more than 100 requests per minute per user, use OAuth 2.0 authentication, and log all access attempts with user ID, timestamp, and IP address.”

What Zenable Prevents

With this requirement uploaded, Zenable would automatically:

Prevent Missing Rate Limiting

# ❌ Would be flagged
@app.route('/api/users')
def get_users():
    return jsonify(users)

# ✅ Zenable ensures
@app.route('/api/users')
@rate_limit(100, per=60)  # 100 requests per minute
def get_users():
    return jsonify(users)

Enforce Authentication

# ❌ Would be flagged
@app.route('/api/data')
def get_data():
    return sensitive_data

# ✅ Zenable ensures
@app.route('/api/data')
@require_oauth2
def get_data():
    return sensitive_data

Mandate Access Logging

# ❌ Would be flagged
def process_request(request):
    return handle(request)

# ✅ Zenable ensures
def process_request(request):
    log_access(
        user_id=request.user.id,
        timestamp=datetime.now(),
        ip_address=request.remote_addr
    )
    return handle(request)

Running Compliance Checks

Unified Assessment

After uploading your compliance frameworks to zenable.app, run a single unified check across all frameworks: 
# Check against all uploaded frameworks at once
uvx zenable-mcp check '**/*'
This single command checks your codebase against:
  • All uploaded compliance frameworks (SOC 2, HIPAA, FedRAMP, etc.)
  • Your custom organizational policies
  • Industry-specific regulations
  • Contractual requirements
The results show compliance status across all frameworks simultaneously.

Framework-Specific Examples

HIPAA Technical Safeguards

Upload your HIPAA requirements document, and Zenable ensures: Requirement: “Implement procedures to verify that a person seeking access to ePHI is authorized (§164.312(d))” What Gets Prevented:
  • Direct database queries without access checks
  • Missing authentication on health data endpoints
  • Unencrypted storage of patient information
  • Missing audit logs for PHI access

FedRAMP Security Controls

Upload FedRAMP control requirements: Requirement: “The information system enforces approved authorizations for logical access (AC-3)” What Gets Prevented:
  • Hardcoded credentials in source code
  • Missing role-based access controls
  • Unauthorized privilege escalation paths
  • Unvalidated user input in security contexts

GDPR Data Protection

Upload GDPR requirements: Requirement: “Implement appropriate technical measures to ensure data protection by design (Article 25)” What Gets Prevented:
  • Missing data encryption at rest
  • Lack of data deletion capabilities
  • Absent consent management
  • Uncontrolled data retention

Evidence Generation with MCP Server

Setting Up for Compliance Reports

After configuring the MCP server (setup guide), you can use AI assistance to generate comprehensive compliance evidence:
1

Configure MCP Server

# Install and configure MCP server
uvx zenable-mcp install
2

Generate Compliance Reports

Use your AI assistant (Claude, Cursor, etc.) with prompts like:Example prompt for SOC 2 evidence:
“Generate a SOC 2 compliance report by checking all authentication, encryption, and logging implementations. For each file, send it to Zenable for analysis and compile the results into a summary showing: control objectives met, gaps identified, and remediation recommendations.”
Example prompt for multi-framework assessment:
“Create a comprehensive compliance assessment covering SOC 2, GDPR, and our internal security policies. Check each module in our codebase against these frameworks using Zenable, then produce an executive summary with compliance percentages, critical findings, and a prioritized remediation plan.”
Example prompt for audit preparation:
“Prepare evidence for our upcoming HIPAA audit. Analyze all patient data handling code, encryption implementations, and access controls using Zenable. Generate a detailed report mapping each finding to specific HIPAA requirements with supporting code references.”
3

Automated Evidence Collection

The AI assistant will:
  • Send each relevant file to Zenable for analysis
  • Map findings to specific compliance requirements
  • Generate formatted reports with code references
  • Create audit-ready documentation

Continuous Compliance Monitoring

Zenable provides automatic compliance monitoring at every stage: Real-Time Enforcement
  • MCP Integration - Every file edit in your IDE is checked instantly
  • PR Review Bot - Automatic review on every pull request
  • Unified Checks - Single command validates against all frameworks
No manual workflow setup required - just install the GitHub App and MCP server to get started.

Benefits

For Development Teams

  • Compliance Made Simple - Requirements automatically translated into actionable code feedback
  • Fix Issues Early - Catch compliance gaps in the IDE, not during audit season
  • Focus on Features - Let Zenable handle compliance complexity while you build

For Compliance Teams

  • Continuous Monitoring - Real-time visibility into compliance posture across all code
  • Automated Evidence Collection - Every code change tracked and mapped to requirements
  • Proactive Risk Management - Identify and address gaps before they become findings

For Auditors

  • Complete Audit Trail - Every requirement traced from policy to implementation
  • Real-Time Evidence - Current compliance status, not point-in-time snapshots
  • Simplified Review Process - Pre-organized evidence mapped to control objectives

Getting Started

1

Upload Your Requirements

Visit zenable.app to upload your compliance documents
2

Install the GitHub App

Install automated PR reviews in two clicks at zenable.io/github
3

Configure the IDEs

uvx zenable-mcp install
Seriously, that’s it. You’re all set.
4

Start Coding with Confidence

Your requirements are now enforced automatically across all development

Next Steps