847
2,341
456
Built for GitLab Duo Agent Platform + Anthropic

Your Compliance Team That Never Sleeps

Drop two files into any GitLab repo. Claude scans every MR against SOC2, HIPAA, PCI-DSS. Critical violation? Your phone rings.

View on GitLab Try GitGuard Now — Get a Call ↓
GitGuard — Live Analysis
Scroll to explore
Real-Time Audit Dashboard
Every demo call updates these numbers live from our Neon database
gitguard-ai — audit dashboard
LIVE
---
Total Scans
---
Violations Found
---
Critical
---
Voice Calls
---
Auto-Reverts
Time Severity Violation MR Action
2m ago CRITICAL Hardcoded AWS credentials in config.py MR !142 reverted
8m ago CRITICAL SQL injection in user search endpoint MR !139 reverted
15m ago MEDIUM Missing input validation on payment form MR !137 flagged
22m ago CRITICAL Logging credit card numbers to stdout MR !134 reverted
31m ago LOW Missing rate limiting on public API MR !131 commented
45m ago MEDIUM Weak password hashing (MD5) MR !128 flagged
1h ago CRITICAL Admin panel accessible without auth MR !125 reverted
1h ago PASS No violations found MR !123 approved
Now try it yourself
gitguard escalate --demo
$ gitguard escalate --interactive
$ phone:
GitGuard will call you in ~10 seconds about a simulated critical violation. Your number is not stored.
$ configure scenario (click to customize)
Hardcoded Credentials
SQL Injection
PII Data Exposure
Built with GitLab Duo Anthropic Claude Vapi Voice AI Neon Postgres Netlify
Anthropic API Deep Dive

Built on Claude's most powerful features

GitGuard doesn't just use an LLM. It leverages six distinct Anthropic API capabilities to deliver production-grade compliance automation.

Extended Thinking

See exactly WHY something is a violation with transparent, step-by-step reasoning. Full thinking trace logged for audit compliance.

Citations

Every finding references the exact compliance policy clause. Verifiable, not hallucinated. Auditors can trace every decision.

Tool Use

Claude orchestrates GitLab API and Vapi as callable tools — commenting on MRs, creating issues, and triggering phone calls autonomously.

PDF Support

Upload SOC2, HIPAA, PCI-DSS framework documents. Claude analyzes them natively — no parsing, no chunking, no data loss.

Structured Outputs

Guaranteed JSON schema for compliance reports and audit logs. Machine-readable results feed dashboards and alerting pipelines.

Memory

Tracks violation patterns across your codebase. Identifies repeat offenders. Learns your organization's compliance posture over time.

Setup Guide

Up and running in 2 minutes

No server. No Docker. No database. Just two files and two environment variables.

1

Get your API keys

Anthropic API Key
Sign up at console.anthropic.com. Add billing (~$0.10 per MR scan). Copy your sk-ant-... key.
GitLab Access Token
User Settings → Access Tokens → scope: api. Copy your glpat-... token.
2

Drop two files into your repo

$ cp gitguard_scan.py .gitlab-ci.yml your-project/
$ git add . && git commit -m "Add GitGuard compliance scanner"
$ git push
3

Set CI/CD variables

GitLab → Settings → CI/CD → Variables

VariableRequiredDescription
ANTHROPIC_API_KEY Yes Your Anthropic API key
GITLAB_TOKEN Yes PAT with api scope
GITGUARD_PHONE No Phone for voice calls (E.164: +15551234567)
VAPI_API_KEY No Vapi API key (dashboard.vapi.ai)
VAPI_PHONE_NUMBER_ID No Vapi outbound phone number ID
GITGUARD_SEVERITY_THRESHOLD No low (default) | medium | critical
4

Open a merge request

That's it. Every MR now triggers an AI compliance scan. GitGuard posts a comment with violations, policy citations, and fix suggestions. Critical violations block the pipeline and call your phone.
Common Gotchas
Pipeline shows 0 jobs? The scanner only runs on merge_request_event — push to a branch and open an MR.
No phone call? You need all three: GITGUARD_PHONE + VAPI_API_KEY + VAPI_PHONE_NUMBER_ID.
Want advisory mode? Set allow_failure: true in .gitlab-ci.yml.
No one answers the call? GitGuard auto-reverts. Safety first.
Get Started in 2 Minutes

Drop two files. Every MR scanned.

$ cp gitguard_scan.py .gitlab-ci.yml your-project/
$ git add . && git push
Done. Every merge request now triggers AI compliance analysis.
Critical violations? Your phone rings.
View on GitLab Try the Demo Call