Platform
Compliance
Map findings to compliance frameworks including OWASP, PCI DSS, SOC 2, NIST, and ISO 27001.
CodeWall maps findings to industry compliance frameworks, helping you demonstrate security posture to auditors and regulators.
Supported frameworks
| Framework | Description |
|---|---|
| OWASP Top 10 (2021) | The ten most critical web application security risks |
| PCI DSS v4.0 | Payment Card Industry Data Security Standard |
| SOC 2 Type II | Service Organization Control for security, availability, and confidentiality |
| NIST CSF | National Institute of Standards and Technology Cybersecurity Framework |
| ISO 27001 | International standard for information security management systems |
Using compliance frameworks
During test creation
When creating a new pentest, you can select one or more compliance frameworks in the test settings (Step 4). The agent will factor these frameworks into its testing approach.
In reports
When generating a Compliance Report, select the relevant framework. The report maps each finding to the applicable compliance controls, showing:
- Which controls have associated findings
- The severity of findings per control
- Which controls are clean (no findings)
This format is designed to be shared directly with auditors and compliance teams.
Compliance in the dashboard
The dashboard views include compliance-aware metrics, showing your posture relative to selected frameworks across projects.