Self-hosted · Air-gap ready · Zero trust

Compliance that runs
on your infrastructure

Automated assessments, risk quantification, and incident response for SOC 2, ISO 27001, and CMMC. Deploy with Docker in minutes.

Start 30-Day Free Trial Read the Docs
SOC 2 Type II 33 controls
ISO/IEC 27001:2022 54 controls
CMMC Level 2 110 controls
Sovereign GRC Dashboard

Everything you need for continuous compliance

30 integrated modules covering the full GRC lifecycle.

Automated Assessments

AI-powered control evaluation with Steampipe cloud queries. Assess SOC 2, ISO 27001, and CMMC from one platform.

Incident Response

NIST 800-61 compliant workflow with SLA tracking, automated OPA playbooks, and regulatory breach notification.

Risk Quantification

FAIR methodology with Monte Carlo simulation. KRI monitoring with configurable thresholds and trend analysis.

📄

Policy Management

Administrative policy lifecycle with review tracking, approval workflows, and OPA Rego policy linking.

👥

Vendor Risk (A2A)

Agent-to-Agent attestation protocol for automated vendor compliance data exchange. SOC 2 and ISO 27001 report ingestion.

🔒

Tamper-Evident Audit Log

SHA-256 hash chain with cryptographic integrity verification. Every action recorded and verifiable.

Simple, transparent pricing

Self-hosted on your infrastructure. No data leaves your network.
See how we compare to Vanta, Drata, AuditBoard & more →

30-Day Trial

Free
Full platform access for 30 days. No credit card required.
  • Up to 5 users
  • All 3 frameworks
  • AI-powered assessments
  • Risk quantification (FAIR)
  • Incident response workflows
  • PDF, XLSX, HTML reports
Start Trial

Professional

$499/mo
For teams running compliance programs.
  • Up to 25 users
  • All trial features included
  • Steampipe cloud queries
  • Vendor A2A attestation
  • Policy management workflows
  • Tamper-evident audit log
  • Continuous compliance scheduling
  • Email support
Start Free Trial

Enterprise / Air-Gap

Custom
For regulated industries and air-gapped deployments.
  • Unlimited users
  • Local vLLM (no cloud dependency)
  • GovCloud deployment support
  • SSO / SAML integration
  • SOX compliance module
  • BCM / disaster recovery
  • Dedicated support
  • Custom SLA
Contact Sales

Get your free 30-day trial key

Enter your email to receive a license key. No credit card required. Deploy on your own infrastructure in minutes.

Deploy in minutes

Docker Compose stack with PostgreSQL, Redis, OPA, and Steampipe included. The installer handles everything.

# One-line install (clones repo, runs full installer)
curl -sSL https://get.defendflow.xyz | bash

# Or clone manually:
git clone https://github.com/defendflow-security/sovereign-grc.git
cd sovereign-grc && bash deploy/install.sh
Step 1

Install

One command clones the repo, checks prerequisites, generates secrets and TLS certs, starts all containers.

Step 2

Activate

Paste your trial or purchased license key in Settings.

Step 3

Assess

Create your first assessment and connect cloud providers.