Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
# Shasta + Whitney — Multi-Cloud Compliance & AI Governance Platform

**An AI-native compliance toolkit that enables startup founders to achieve and maintain SOC 2, ISO 27001, HIPAA, ISO 42001, and EU AI Act compliance across AWS and Azure — through conversation, not dashboards.**
[![Built by Transilience](https://img.shields.io/badge/Built%20by-Transilience.ai-4A90D9)](https://www.transilience.ai)
[![MIT License](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
[![GitHub stars](https://img.shields.io/github/stars/transilienceai/shasta)](https://github.com/transilienceai/shasta/stargazers)

**An AI-native compliance toolkit that enables startup founders to achieve and maintain SOC 2, ISO 27001, HIPAA, ISO 42001, and EU AI Act compliance across AWS and Azure — through conversation, not dashboards. From the team at [Transilience.ai](https://www.transilience.ai).**

Shasta scans your cloud infrastructure for SOC 2, ISO 27001, HIPAA, ISO 42001, EU AI Act, OWASP LLM Top 10 and more. The standalone Whitney static scanner ([github.com/transilienceai/whitney](https://github.com/transilienceai/whitney)) handles application source-code prompt-injection detection. Together, they cover 13 compliance frameworks, 221 automated checks, and 199 security questionnaire answers — with a web dashboard, 112 Terraform remediation templates, and auditor-grade evidence. Built for founders running <50 employee companies who need compliance without the $30K/year Vanta bill.

Expand Down Expand Up @@ -863,3 +867,7 @@ MIT License. See `LICENSE`.
---

*Built with Claude Code (Opus 4.6) across two sessions (~7 hours total). The entire multi-cloud compliance platform — from architecture to deployment to independent audit and hardening — was created through human-AI collaboration, demonstrating that vibe coding can produce production-quality security tooling when guided by domain expertise. The self-audit pattern (asking the AI to critique its own work) proved essential in both sessions for catching real bugs and preventing false confidence.*

---

Built by [Transilience.ai](https://www.transilience.ai) — we build AI-driven cloud security and compliance automation. See our other open-source tools: [communitytools](https://github.com/transilienceai/communitytools) (AI pentesting) · [whitney](https://github.com/transilienceai/whitney) (AI code scanner) · [LinkedIn](https://linkedin.com/company/transilienceai)
Loading