Automating the Evidence Trail for Modern & Legacy Infrastructure.

Audit Labs is a specialized research and development team focused on eliminating the manual burden of compliance. We build tools, scripts, and tutorials that programmatically gather audit evidence for SOX, SOC 1-3, ISO 27001, and NIST assessments.

Explore Our Repositories · Documentation & Guides

We bridge the gap between complex system configurations and auditor requirements. Our focus is on Evidence as Code—turning manual "screenshotting" into repeatable, automated workflows.

• Automation Development: Custom scripts to extract compliance data via APIs and CLI.
• Legacy Connectivity: Bridging modern audit requirements with legacy systems like RACF.
• Educational Resources: Tutorials for auditors and engineers on how to automate their own evidence collection.

We have developed automation patterns and evidence-gathering tools for a wide range of environments, including:

• Cloud Infrastructure: AWS (Identity, Access, & Configuration)
• DevOps Ecosystems: GitHub & GitLab (Branch Protection, SDLC Compliance)
• Identity & Access: Mainframe (RACF), Active Directory
• Data Layers: Database Administration, Access Logs, & Rotation Policies

Our tools are designed to satisfy control requirements for:

• SOX (Sarbanes-Oxley)
• SOC 1, SOC 2, & SOC 3
• ISO/IEC 27001
• NIST Cybersecurity Framework (CSF) & SP 800-53

• [AWS]: Scripts to automate evidence for AWS users, password policies, and public buckets.
• [GitHub]: Scripts to automate evidence for GitHub administrators and users, audit log events for branch protections, branch protection settings, and commit logs.

We are a team passionate about technical auditing. If you're interested in collaborating or need a specific automation developed:

• Follow us on GitHub for new tool releases.
• Open an issue in any of our repos for requests or bugs.
• Visit our website: audit-labs.dev

Built for auditors, by engineers.