Skip to content

SARC — orchestrated compliance for regulated delivery

A self-hosted, tamper-evident evidence ledger (Fides) wired to ServiceNow and your CI. Runs in your own cloud — no SaaS egress. Multi-cloud, multi-CI, auditor-ready. One install, every regulated framework — DORA, ISO 27001, SOC 2, SOX, NIST 800-53, PSD2, PCI-DSS.

Demo video: re-recording in progress. In the meantime, browse the screenshot tour of the SARC portal — compliance dashboard, Fides risk score, one-button evidence export, hash-chained audit chain. For the code-to-production pipeline walkthrough, see the demos page.

Compliance without the spreadsheet tax — or a SaaS token

Ship faster. Sleep through audit week. Your evidence lives in a self-hosted, tamper-evident Fides ledger inside your own cloud — no SaaS egress, no vendor holding your audit trail. SARC stops you being the human glue between Fides, ServiceNow, your scanners, and three CI systems.

0
SaaS egress
evidence stays in your cloud
1
click to evidence
SOC 2 · ISO 27001 · NIST 800-53 · DORA · SOX
3
CI platforms
GitLab · GitHub · Azure DevOps
4
deploy targets
AWS · Azure · GCP · OpenShift
For the CEO

Audit week stops being a fire drill. Show the regulator the same dashboard your CAB chair uses on Tuesdays — there is no "audit binder," because the hash-chained evidence is already there. Self-hosted evidence, not a SaaS token you have to trust.

For the CTO

Open architecture. The Fides evidence ledger, the AI assistant, and the portal all run in your cluster — your cloud, your CI, your IdP. No SaaS lock-in, no evidence egress. Same shape on AWS, Azure, GCP, OpenShift, k3d — one TARGET_CLOUD switch, not three forks.

For the engineer

Stop hand-attaching SBOMs to ServiceNow CRs. Stop reconciling Snyk findings with GitLab Security with Wiz with Trivy. The pipeline reports SBOM, CVE, SAST and DAST evidence into Fides; SARC writes the change request. You keep shipping.

For the product owner

A typo fix and a schema migration stop getting the same 48-hour CAB review. The Fides risk score gates the ServiceNow CR — low-risk changes auto-clear, risky ones get human eyes — because the system finally knows the difference.

Compliance dashboard showing framework coverage

One auditable narrative

Compliance status per change, per environment, per framework — derived from the self-hosted Fides evidence ledger and written back into ServiceNow CRs. Controls coverage across SOC 2, ISO 27001, NIST 800-53, DORA and SOX. Hash-chained AuditLog ends quarterly evidence compilation.

Multi-cluster overview across AWS, Azure, GCP

Multi-cloud parity

AWS EKS, Azure AKS, GCP GKE, ROSA OpenShift, local k3d. Same Terraform shape, same Helm chart, same Fides env naming, same ArgoCD GitOps. One TARGET_CLOUD switch, no per-cloud forks.

Pipeline runs from GitLab, GitHub Actions, Azure DevOps

Multi-CI parity

GitLab CI (source of truth), GitHub Actions (full parity), Azure DevOps (Azure-only parallel CI). Same compliance pipeline runs identically — no CI migration to adopt SARC.

5-axis risk clearance score per change request

Compliance as a business lever

Fides risk score gates every CR. DORA metrics, CMDB reconciliation, and cost-vuln correlation: "fix this vuln to save $X / month." A self-hosted AI assistant (Ask-AI on an in-cluster CPU model — no cloud key) and MCP server let auditors query evidence in plain language, in time-boxed magic-link sessions.

Inside the portal

A glimpse of what an operator works with day-to-day. See all 37 screens in the full tour.

Operator dashboard
Dashboard
Change requests
Change requests
Vulnerabilities
Vulnerabilities
Control mapping
Control mapping
Evidence export
Evidence export
Real-time timeline
Timeline (SSE)
Hash-chained audit log
Audit log
Cost dashboard
Costs

Built on, not against

SARC ships Fides — a self-hosted, tamper-evident evidence ledger (Go API + PostgreSQL + evidence vault + MCP) that replaces a SaaS evidence service and runs inside your cloud — and wires it to ServiceNow for workflow. It is not a ServiceNow replacement; it is the layer that makes your evidence and your CAB stronger together. Read the partner positioning.

  • Fides
  • ServiceNow
  • AWS
  • Azure
  • GCP
  • OpenShift
  • GitLab
  • GitHub Actions
  • Azure DevOps

Three paths from here

Want to see it run?

Open the portal tour for a categorized gallery of every screen, then jump into the demo scripts for per-persona walk-throughs.

Evaluating SARC?

Start with why SARC exists for the executive view, then read the partner positioning to see how SARC composes the self-hosted Fides ledger with ServiceNow.