Product — Integrations
Scan where work happens
Connect your stack and let Sudory scan configurations continuously. Every integration produces compliance evidence mapped to your frameworks — automatically.
Progressive access
Start outside, move in
Three levels of integration depth. Begin with zero credentials and deepen coverage as trust grows.
No access needed
DNS records, HTTP headers, TLS certificates, email authentication. Sudory scans from the outside — the same vantage point attackers and auditors use.
OAuth connect
One-click OAuth. Sudory reads configuration and installed apps — never modifies anything. Scoped to read-only permissions.
Service account
For platforms that require admin-level visibility. Service accounts let Sudory scan user permissions, OAuth grants, and admin settings across your organization.
Integrations
What we scan
Each integration discovers resources, checks configurations, and produces compliance evidence. Live integrations are scanning today. Planned ones are in development.
Slack
liveDiscover installed apps and bots via integration logs. See who added what, when, and with which OAuth scopes. Shadow IT discovery from day one.
Google Workspace
liveService account scans every user's third-party OAuth grants. Discover apps your team authorized — grouped by Google project, not scattered across client IDs.
GitHub
plannedRepository security settings, branch protection rules, secret scanning, Dependabot status, and CODEOWNERS coverage across your organization.
AWS
plannedIAM policies, S3 bucket configurations, security group rules, and CloudTrail logging — scanned against CIS AWS Foundations Benchmark.
Azure / Entra ID
plannedConditional access policies, MFA enforcement, guest user settings, and identity protection across your Azure tenant.
Vercel
plannedDeployment settings, environment variable hygiene, team access controls, and domain configuration.
Cloudflare
plannedDNS configuration, WAF rules, SSL/TLS settings, and access policies across your zones.
Netlify
plannedBuild settings, deploy notifications, team permissions, and site-level security headers.
Website accessibility
plannedAutomated WCAG 2.2 AA scanning of your web properties. Catch accessibility violations before the EAA deadline — mapped to EAA and WCAG framework controls.
How it works
Connect, scan, reconcile
Credentials stay in Vault. Scanners run on Fly.io. Results enter the compliance ledger. The loop runs continuously.
01
Connect
OAuth or service account — one-time setup. Credentials are stored in Vault, never in the database. Read-only access only.
02
Scan
Sudory's scanner runs on Fly.io, auto-starts on schedule, and stops when idle. Each scan fetches current configuration and normalizes it into discoveries.
03
Reconcile
Discoveries enter the compliance ledger as transactions. Policies evaluate automatically. Findings map to framework controls across ISO 27001, NIS2, SOC 2, and more.
For MSPs
Integrations across your portfolio
Each client connects their own tools. You get portfolio-wide visibility into configuration hygiene — without touching client credentials.
Connect once per client
Each client connects their own integrations via OAuth. You see all results in your MSP dashboard — no credential sharing needed.
Same checks, every client
CIS benchmarks and policy evaluations run identically across your portfolio. Compare Slack hygiene between clients, not just within one.
Integration as upsell
Start with free domain scanning. Upsell integration connections as clients see value. Each new integration deepens coverage and stickiness.
Start with what's public. Go deeper when ready.
Scan any domain without credentials. When you're ready, connect Slack or Google Workspace to discover what's really running in your organization.