SARC — orchestrated compliance for regulated delivery
A self-hosted, tamper-evident evidence ledger (Fides) wired to ServiceNow and your CI. Runs in your own cloud — no SaaS egress. Multi-cloud, multi-CI, auditor-ready. One install, every regulated framework — DORA, ISO 27001, SOC 2, SOX, NIST 800-53, PSD2, PCI-DSS.
Demo video: re-recording in progress. In the meantime, browse the
screenshot tour of the SARC portal — compliance dashboard,
Fides risk score, one-button evidence export, hash-chained audit chain.
For the code-to-production pipeline walkthrough, see the demos page.
Compliance without the spreadsheet tax — or a SaaS token
Ship faster. Sleep through audit week. Your evidence lives in a self-hosted, tamper-evident Fides ledger inside your own cloud — no SaaS egress, no vendor holding your audit trail. SARC stops you being the human glue between Fides, ServiceNow, your scanners, and three CI systems.
0
SaaS egress
evidence stays in your cloud
1
click to evidence
SOC 2 · ISO 27001 · NIST 800-53 · DORA · SOX
3
CI platforms
GitLab · GitHub · Azure DevOps
4
deploy targets
AWS · Azure · GCP · OpenShift
For the CEO
Audit week stops being a fire drill. Show the regulator the same dashboard your CAB chair uses on Tuesdays — there is no "audit binder," because the hash-chained evidence is already there. Self-hosted evidence, not a SaaS token you have to trust.
For the CTO
Open architecture. The Fides evidence ledger, the AI assistant, and the portal all run in your cluster — your cloud, your CI, your IdP. No SaaS lock-in, no evidence egress. Same shape on AWS, Azure, GCP, OpenShift, k3d — one TARGET_CLOUD switch, not three forks.
For the engineer
Stop hand-attaching SBOMs to ServiceNow CRs. Stop reconciling Snyk findings with GitLab Security with Wiz with Trivy. The pipeline reports SBOM, CVE, SAST and DAST evidence into Fides; SARC writes the change request. You keep shipping.
For the product owner
A typo fix and a schema migration stop getting the same 48-hour CAB review. The Fides risk score gates the ServiceNow CR — low-risk changes auto-clear, risky ones get human eyes — because the system finally knows the difference.
One auditable narrative
Compliance status per change, per environment, per framework — derived from the self-hosted Fides evidence ledger and written back into ServiceNow CRs.
Controls coverage across SOC 2, ISO 27001, NIST 800-53, DORA and SOX. Hash-chained AuditLog ends quarterly evidence compilation.
Multi-cloud parity
AWS EKS, Azure AKS, GCP GKE, ROSA OpenShift, local k3d.
Same Terraform shape, same Helm chart, same Fides env naming, same ArgoCD GitOps.
One TARGET_CLOUD switch, no per-cloud forks.
Multi-CI parity
GitLab CI (source of truth), GitHub Actions (full parity), Azure DevOps (Azure-only parallel CI).
Same compliance pipeline runs identically — no CI migration to adopt SARC.
Compliance as a business lever
Fides risk score gates every CR. DORA metrics, CMDB reconciliation, and cost-vuln correlation: "fix this vuln to save $X / month."
A self-hosted AI assistant (Ask-AI on an in-cluster CPU model — no cloud key) and MCP server let auditors query evidence in plain language, in time-boxed magic-link sessions.
SARC ships Fides — a self-hosted, tamper-evident evidence ledger (Go API + PostgreSQL + evidence vault + MCP) that replaces a SaaS evidence service and runs inside your cloud — and wires it to ServiceNow for workflow. It is not a ServiceNow replacement; it is the layer that makes your evidence and your CAB stronger together. Read the partner positioning.
Fides
ServiceNow
AWS
Azure
GCP
OpenShift
GitLab
GitHub Actions
Azure DevOps
Three paths from here
Want to see it run?
Open the portal tour for a categorized gallery of every screen, then jump into the demo scripts for per-persona walk-throughs.
Evaluating SARC?
Start with why SARC exists for the executive view, then read the partner positioning to see how SARC composes the self-hosted Fides ledger with ServiceNow.