In this article:
SecurityScorecard's Compliance feature is available to all users who want to map issues to industry frameworks for their own Scorecards. Additionally, the ability to map security issues to industry frameworks for other organizations' Scorecards is available with a paid SecurityScorecard plan. See our plans page for more information about levels of features and access.
Use this article to learn how to connect your Amazon Web Services (AWS) or GitHub account to SecurityScorecard's Compliance feature.
Compliance leverages data that we collect in our continuous scans to provide an outside-in view of where your organization stands against industry best practices and compliance frameworks. You also can connect it to your cloud accounts, so that we can pull in configuration data, and enhance your compliance status with an inside-out view of your infrastructure.
Note: After installing one of these integrations, you see data within 24 hours, as Compliance syncs with our daily scan schedule.
Connect AWS to Compliance
Note: To make this connection, you will need to provide an access key and secret for each AWS account region you want to monitor. Make sure you have these items available before you start the setup.
- Go to a Scorecard and then select the Compliance tab on the left.
- Click the AWS link on the right side.
- Allow AWS to see your SecurityScorecard user name, email address, and organization name.
- Enter your access key ID, secret access key, and region. Then, click Install.
After installing this integration, you see data within 24 hours, as Compliance syncs with our daily scan schedule.
Connect GitHub to Compliance
Note: To make this connection, you will need to provide a personal access token and base URL for each GitHub account that you want to monitor. Make sure you have these items available.
- Go to a Scorecard and then select the Compliance tab on the left.
- Click the GitHub link on the right side.
- Allow AWS to see your SecurityScorecard user name, email address, and organization name.
- Enter your personal access token and base URL for GitHub. Then, click Install.
After installing this integration, you see data within 24 hours, as Compliance syncs with our daily scan schedule.
Get Help
If you need help or have questions, submit a Support request.