Skip to content
SARC

SARC — orchestrated compliance for regulated delivery

The orchestration layer above Kosli + ServiceNow. Multi-cloud, multi-CI, auditor-ready. One install, every regulated framework — DORA, PSD2, ISO 27001, SOC 2, SOX, NIST 800-53, PCI-DSS.
Why SARC Get started Tour the portal

Walkthrough of the SARC portal — compliance dashboard, 5-axis risk score, evidence export, audit chain. For the code-to-production pipeline walkthrough, see the demos page.

Compliance without the spreadsheet tax

Ship faster. Sleep through audit week. Stop being the human glue between Kosli, ServiceNow, your scanners, and three CI systems.

5
risk axes
per change request
1
click to evidence
SOC 2 · ISO · DORA · PSD2 · NIST
3
CI platforms
GitLab · GitHub · Azure DevOps
5
deploy targets
AWS · Azure · GCP · OpenShift
For the CEO

Audit week stops being a fire drill. Show the regulator the same dashboard your CAB chair uses on Tuesdays — there is no "audit binder," because the evidence is already there.

For the CTO

Open architecture. Deploys into your cloud, runs on your CI, uses your IdP. No SaaS lock-in. Same shape on AWS, Azure, GCP, OpenShift, k3d — one TARGET_CLOUD switch, not three forks.

For the engineer

Stop hand-attaching SBOMs to ServiceNow CRs. Stop reconciling Snyk findings with GitLab Security with Wiz with Trivy. SARC writes the evidence; you keep shipping.

For the product owner

A typo fix and a schema migration stop getting the same 48-hour CAB review. Low-risk changes auto-clear; risky ones get human eyes — because the system finally knows the difference.

Compliance dashboard showing framework coverage

One auditable narrative

Compliance status per change, per environment, per framework — derived from Kosli trails and written back into ServiceNow CRs. Hash-chained AuditLog ends quarterly evidence compilation.

Multi-cluster overview across AWS, Azure, GCP

Multi-cloud parity

AWS EKS, Azure AKS, GCP GKE, ROSA OpenShift, local k3d. Same Terraform shape, same Helm chart, same Kosli env naming. One TARGET_CLOUD switch, no per-cloud forks.

Pipeline runs from GitLab, GitHub Actions, Azure DevOps

Multi-CI parity

GitLab CI (source of truth), GitHub Actions (full parity), Azure DevOps (Azure-only parallel CI). Same compliance pipeline runs identically — no CI migration to adopt SARC.

5-axis risk clearance score per change request

Compliance as a business lever

5-axis risk clearance per CR. Cost-vuln correlation: "fix this vuln to save $X / month." Time-boxed AUDITOR sessions with magic-link login — your auditor sees evidence directly from source.

Inside the portal

A glimpse of what an operator works with day-to-day. See all 37 screens in the full tour.

Operator dashboard
Dashboard
Change requests
Change requests
Vulnerabilities
Vulnerabilities
Control mapping
Control mapping
Evidence export
Evidence export
Real-time timeline
Timeline (SSE)
Hash-chained audit log
Audit log
Cost dashboard
Costs

Built on, not against

SARC depends on Kosli for evidence and ServiceNow for workflow. It is not a Kosli alternative or a ServiceNow replacement — it is the layer that makes both stronger together. Read the partner positioning.

  • Kosli
  • ServiceNow
  • AWS
  • Azure
  • GCP
  • OpenShift
  • GitLab
  • GitHub Actions
  • Azure DevOps

Three paths from here

Want to see it run?

Open the portal tour for a categorized gallery of every screen, then jump into the demo scripts for per-persona walk-throughs.