OpenDocket — Compliance risk analysis for software repositories

Find compliance blind spots
before regulators do.

✓ Scans your code against HIPAA, SOC2, PCI-DSS, GDPR, CCPA, and 5 more

✓ Asks the exact questions regulators ask in investigations

✓ Finds the evidence in specific files and line numbers

HIPAA fines averaged $9.48M per breach in 2024

45% of AI-generated code has security flaws — Veracode 2025

OpenDocket asks the questions an investigator would ask — and finds the evidence in your code

GitHub Repository URL Use my API keys

Both keys are used only for this scan and never stored.

3 free scans per hour · No account required

How It Works

Point it at a repo

Give OpenDocket any public GitHub URL. It clones the repository, runs qualification gates, and detects which regulatory domains apply — healthcare, fintech, SaaS, payments, communications, and more.

It asks legal questions

Based on the domain, OpenDocket loads compliance frameworks — 10 frameworks, 94 questions from actual regulatory text. The questions a regulator would ask in a deposition or audit.

You get a legal brief

For each question, OpenDocket finds evidence in your code — specific files, line numbers, patterns. Gemini independently reviews every finding. You get a structured report with risk levels and remediation.

Compliance Intelligence Directory

Real compliance scans of open-source repositories.

Repository	Stars	Domain	Frameworks	Confirmed	Findings	Risk	Report
medplum/medplum	4,200	Healthcare	HIPAA, SOC2, GDPR +3	10	56	Elevated	View
openemr/openemr	2,900	Healthcare	HIPAA, SOC2, GDPR	23	30	Critical	View
juspay/hyperswitch	12,500	Fintech	PCI-DSS, SOC2, GDPR +3	3	56	Moderate	View
getprobo/probo	200	SaaS	SOC2, GDPR	18	20	Critical	View
supabase/supabase	74,000	SaaS	SOC2, GDPR +4	3	56	Moderate	View
formbricks/formbricks	9,200	SaaS	9 frameworks	61	94	Critical	View
hashicorp/vault	31,000	Infrastructure	SOC2, GDPR +4	6	56	Moderate	View
kelseyhightower/nocode	60,000	—	—	—	—	Did not qualify	Gate

Compliance Frameworks

10 regulatory frameworks. 94 legal questions. Open source question libraries.

Framework	Applies to	Max Penalty	Questions
HIPAA	Healthcare apps, EHR systems, telemedicine	$1.5M/year per category	10
SOC 2	SaaS platforms, cloud services, B2B software	Loss of enterprise contracts	10
PCI-DSS	Payment processors, e-commerce, fintech	$5K-$100K/month	10
GDPR	Any app with EU users, personal data processors	EUR 20M or 4% turnover	10
TCPA	SMS marketing, automated calling, messaging apps	$500-$1,500/violation	8
SOX	Public company software, financial reporting	Criminal penalties, delisting	8
CCPA/CPRA NEW	Any app with California users, SaaS	$2,500-$7,500/violation	10
COPPA NEW	Apps used by children under 13, education	Up to $51,744/violation	8
FERPA NEW	Ed-tech, LMS, student information systems	Loss of federal funding	8
GLBA NEW	Fintech, banking, insurance, financial advisors	$100K/violation + criminal	8

More frameworks coming — contribute on GitHub

Find compliance blind spotsbefore regulators do.