Code Intelligence for Compliance

Extract Compliance Directly from Code

Lens analyzes your repositories to automatically identify compliance posture, security vulnerabilities, and governance evidence across multiple frameworks.

Start AnalyzingRequest Demo

How Lens Works

Connect your repositories and let Lens automatically extract compliance evidence.

1

Connect Repos

Link your GitHub, GitLab, or Bitbucket repositories securely.

2

Deep Analysis

Lens scans code, configs, manifests, and commit history.

3

Map Frameworks

Findings are mapped to compliance frameworks automatically.

4

Generate Evidence

Export audit-ready reports and continuous monitoring alerts.

What Lens Can Detect

Comprehensive code analysis across security, privacy, governance, and infrastructure.

Security & Secure Coding Compliance

Identify whether teams follow secure development practices by analyzing code patterns and configurations.

Extractable Signals

  • Hardcoded secrets, tokens, and passwords
  • Input validation and sanitization patterns
  • Authentication & authorization enforcement
  • Encryption usage (at rest / in transit)
  • Unsafe functions (eval, exec, insecure deserialization)
  • Dependency vulnerabilities via package manifests

Mapped Frameworks

OWASP Top 10SOC 2 (Security)ISO 27001 (A.12, A.14)PCI DSS
Hardcoded secrets, tokens, and passwords
Input validation and sanitization patterns
Authentication & authorization enforcement
Dependency & Open-Source Compliance (SBOM)

Generate a complete Software Bill of Materials from code and manifests for full supply chain visibility.

Extractable Signals

  • All third-party libraries and versions
  • Known CVEs and security advisories
  • License types (MIT, GPL, Apache, etc.)
  • Forbidden or copyleft license detection
  • Transitive dependency mapping
  • Outdated package identification

Mapped Frameworks

Executive Order 14028 (US)NIST SSDFSOC 2Enterprise OSS Policies
All third-party libraries and versions
Known CVEs and security advisories
License types (MIT, GPL, Apache, etc.)
Data Privacy & PII Handling

Infer how personal and sensitive data is treated throughout your codebase.

Extractable Signals

  • Fields named like SSN, email, DOB, accountNumber
  • Logging of sensitive fields detection
  • Data retention logic analysis
  • Encryption/masking before storage
  • Data sent to third parties (APIs, analytics)
  • Consent management patterns

Mapped Frameworks

GDPRCCPAHIPAAPrivacy-by-Design Controls
Fields named like SSN, email, DOB, accountNumber
Logging of sensitive fields detection
Data retention logic analysis
SDLC & Change Management Controls

Reveal governance maturity from repository history and code structure.

Extractable Signals

  • Pull request enforcement detection
  • Code review requirement patterns
  • Test coverage presence and metrics
  • CI/CD gates and quality controls
  • Environment separation (dev/test/prod)
  • Audit trail of changes (who, when, why)

Mapped Frameworks

SOC 2 (Change Management)SOX ITGCISO 27001Internal SDLC Policies
Pull request enforcement detection
Code review requirement patterns
Test coverage presence and metrics
Infrastructure & Cloud Compliance (IaC)

Analyze Infrastructure-as-Code (Terraform, CloudFormation, ARM) for compliance posture.

Extractable Signals

  • Public vs private resource exposure
  • Network segmentation configuration
  • Encryption defaults and settings
  • IAM roles & privilege scope analysis
  • Logging & monitoring enabled/disabled
  • Region and data residency controls

Mapped Frameworks

CIS BenchmarksSOC 2ISO 27001FedRAMP
Public vs private resource exposure
Network segmentation configuration
Encryption defaults and settings
Logging, Monitoring & Auditability

Detect whether systems are properly auditable and observable.

Extractable Signals

  • Structured logging vs console logs
  • Security events being logged
  • PII redaction in log outputs
  • Error handling maturity patterns
  • Traceability (request IDs, correlation IDs)
  • Alerting and notification hooks

Mapped Frameworks

SOC 2 (Monitoring, Incident Response)ISO 27001NIST 800-53
Structured logging vs console logs
Security events being logged
PII redaction in log outputs
AI & Model Governance

Ready for the AI Era

When AI or ML code exists in your repositories, Lens extracts early governance indicators to help you stay ahead of emerging regulations.

Training vs inference separation
Hardcoded prompts or datasets
Lack of explainability hooks
Missing bias or validation checks
Uncontrolled external LLM calls
Model versioning practices
Model Risk Management (SR 11-7)EU AI ActNIST AI RMFResponsible AI Standards
AI Code Analysis
model_training.py
Model VersioningFound
Bias TestingMissing
ExplainabilityPartial
Data LineageFound
External LLM Calls3 Detected

Broad Technology Support

Lens analyzes code across languages, frameworks, and infrastructure tools.

Languages

JavaScriptTypeScriptPythonJavaGoC#RubyPHPRustKotlin

Infrastructure as Code

TerraformCloudFormationARM TemplatesPulumiAnsibleKubernetesDockerHelm

Package Managers

npmpipMavenGradleNuGetCargoComposerBundlerGo Modules
Seamless Integration

Works with Your Existing Workflow

Lens integrates directly with your source control and CI/CD pipelines for continuous compliance monitoring.

GitHub, GitLab, Bitbucket
Native integrations with all major Git providers
CI/CD Pipelines
Jenkins, GitHub Actions, GitLab CI, Azure DevOps
SIEM & Ticketing
Export findings to Jira, ServiceNow, Splunk
Atlas & Navigate
Unified compliance view across Normex modules

Lens Dashboard

Real-time compliance insights

Repositories Scanned47
Compliance Score94%
Open Findings12
Critical Issues2

Ready to see what's in your code?

Start analyzing your repositories today and discover compliance evidence you never knew you had.

Start Free TrialTalk to Sales