Scan your cloud infrastructure and get a control-by-control breakdown showing what you pass, what you fail, and what evidence you need.
See exactly where you stand in minutes
Logical and Physical Access Controls
✅ MFA enabled for all users • IAM policies follow least privilege • Access reviews conducted quarterly
System Monitoring and Alerting
❌ 3 S3 buckets lack CloudTrail logging • No CloudWatch alarms configured for IAM changes
→ Recommended fix: Enable CloudTrail + CloudWatch alarms (5 mins)
Data Encryption at Rest
⚠️ 8 of 10 RDS instances encrypted • 2 instances missing encryption (non-production)
→ Recommended fix: Enable encryption on remaining 2 instances
From scan to gap analysis in 3 steps
Connect AWS, Azure, or GCP. vul.ninja scans for misconfigurations, vulnerabilities, and security gaps in minutes.
Findings are automatically mapped to SOC 2, HIPAA, PCI-DSS, and ISO 27001 controls. No manual work required.
Control-by-control breakdown showing pass/fail status, remediation recommendations, and evidence requirements.
Run gap analysis across SOC 2, HIPAA, PCI-DSS, and ISO 27001 simultaneously. See which controls overlap.
Gaps ranked by risk and audit impact. Fix critical controls first, defer low-priority items.
Each control shows what evidence auditors need: policies, training records, access reviews, pen test reports.
Download gap analysis as PDF or Excel. Share with auditors, compliance teams, or executives.
Automated control mapping across 4 major compliance frameworks
See what a real SOC 2 gap analysis looks like — complete with control breakdown, evidence requirements, and remediation roadmap.
Run your first gap analysis in minutes. No credit card required.