read more
Screenata

Integrations

Connect read-only. Evidence comes out signed.

Every connection is read-only by construction. Every native check is a test that produces a signed, timestamped evidence artifact mapped to SOC 2, HIPAA, and ISO 27001 controls — not a green checkmark you have to trust.

See how Vera works

60+ providers · 581+ native compliance checks

Native checks

Deep, audit-grade scans — not shallow connections.

Each provider ships with native check definitions: branch protection on GitHub, IAM posture on AWS, MFA enforcement on Okta. Checks run on a schedule, and findings are hashed and stored as evidence.

Cloud & infrastructure

144 checks

AWS

IAM, S3 encryption, CloudTrail, security groups, password policy

115 checks

Azure

RBAC, storage encryption, activity logs, network security groups

78 checks

Microsoft 365

Entra ID, Defender, Exchange, SharePoint, and Teams security posture

55 checks

Google Cloud

IAM, storage encryption, audit logging, firewall rules

10 checks

Kubernetes

API server, RBAC, etcd, kubelet, and pod security configuration

8 checks

Cloudflare

SSL/TLS posture, DNSSEC, WAF, account 2FA, member roles

Version control & CI

21 checks

GitHub

Branch protection, review requirements, secrets scanning, org MFA

18 checks

GitLab

Protected branches, approvals, pipeline security

15 checks

Bitbucket

Branch restrictions, merge checks, repository security

7 checks

Azure DevOps

Pipeline security, branch policies, project RBAC

Identity & access

12 checks

Okta

MFA enforcement, password policy, session controls, user lifecycle

10 checks

Google Workspace

2-step verification, sharing policies, mobile management, audit logs

8 checks

Auth0

MFA, brute-force protection, password policies

6 checks

JumpCloud

MFA, conditional access, device trust

6 checks

OneLogin

MFA, password requirements, session timeouts

Security & monitoring

6 checks

CrowdStrike

Falcon sensor coverage and prevention policies

6 checks

Datadog

Monitors, alert routing, log retention, RBAC

5 checks

Snyk

Project coverage, vulnerability scanning, fix rate

Wiz

Cloud risk findings synced into the risk register

Sentry

Error monitoring evidence for availability controls

HR & people ops

12 checks

BambooHR

Employee lifecycle, onboarding and offboarding evidence

10 checks

Gusto

Employee lifecycle and payroll records

8 checks

Deel

Employee and contractor lifecycle, contract compliance

8 checks

Rippling

Employee lifecycle and device management

5 checks

Checkr

Background check completion and adjudication status

Communication

8 checks

Slack

Workspace security checks — plus daily briefings and evidence DMs

Microsoft Teams

Briefings, evidence ingestion, and attestation requests

Evidence & document sources

The long tail comes in through the tools you already use.

Not everything is an API scan. Policies live in Notion, change management lives in Jira, and approvals live in email — Vera ingests them, classifies them, and links them to the right control.

Jira

Tickets as change-management and remediation evidence

Linear

Issues as remediation and change evidence

Notion

Import policy and process documentation

Confluence

Import pages and runbooks

Google Drive

Import files and documents as evidence

Zendesk

Support tickets and help-center content

Intercom

Customer conversations as process evidence

Freshdesk

Support tickets as operational evidence

DO

Doc sites

Docusaurus, VitePress, and GitBook imports

EM

Email inbox

Forward to your org address — auto-classified and filed

What a check produces

A test, a finding, a signed artifact.

Connecting a provider isn't the product — what each scan leaves behind is. Every finding becomes evidence your auditor can verify independently.

Read-only by construction

OAuth scopes and IAM roles are scoped to read. Vera never gets write access to your infrastructure.

Signed findings

SHA-256 per artifact, RSA/ECDSA signatures, RFC 3161 timestamps. Verifiable without a Screenata account.

Mapped to controls

One MFA scan satisfies SOC 2 CC6.1 and HIPAA §164.312(d) via the shared control catalog — collected once.

Don’t see your stack?

New providers ship regularly, and guided evidence collection covers anything without a native integration — step-by-step walkthroughs with the result recorded and signed like any other artifact.

How collection works

Connect and see

Fifteen minutes after connecting, you know your real posture.

Connect GitHub and cloud read-only. Vera runs the native checks and shows your control matrix, gaps, and prioritized next actions before you commit to anything.

Security architecture