General Introduction
Comp AI is an open source platform developed by Comp AI, Inc. based in San Francisco, USA. It helps organizations fast-track compliance requirements such as SOC 2, ISO 27001, and GDPR through automated tools, with the goal of being ready in weeks, not months. The platform is positioned as an open source alternative to Drata and Vanta, with an emphasis on transparency and low cost. comp AI solves compliance problems with code that automates the collection of evidence, the management of policies and the enforcement of controls. It supports both cloud use and local deployment, and is free and open source (AGPLv3 license) for core functionality, with commercial licenses for some advanced features, making it suitable for companies of all sizes.
Function List
- Compliance Automation: Compliance processes that support frameworks such as SOC 2, ISO 27001, GDPR, and more.
- Evidence collection: Automatically extract proof of compliance from integration tools.
- real time monitoring: Detect security risks and compliance gaps.
- strategy management: Provides predefined compliance policies and controls.
- risk management: Identify and fix security problems in your system.
- Self-hosted support: Allows organizations to deploy locally and control data and infrastructure.
Using Help
Comp AI is available in both cloud-based and locally deployed versions. Below are the detailed operating instructions.
Cloud Edition Usage
- Register for an account
Open https://trycomp.ai/ and join the waitlist to gain access to the cloud. After receiving the invitation, create an account at https://app.trycomp.ai/, enter your email and password, and click "Continue" to register. - initial setup
Once logged in, select the compliance framework (e.g. SOC 2). Connect to the tool (currently supports AWS, Slack, etc., with more integrations in development) and follow the page guidelines for authorization. - Function Operation
- Compliance Automation: Select the framework in the dashboard to view compliance progress and to-do lists.
- Evidence collectionClick on "Evidence" and the system automatically grabs the data from the connection tool and generates a report.
- real time monitoring: Select "Monitoring" to check the security status, and red mark the items that need to be fixed.
- strategy management: View predefined policies in Policies, adjust them and apply them to the team.
- risk management: Run a scan to see the problem and suggestions for fixing it.
Local Deployment Edition Installation and Use
- environmental preparation
Make sure the following tools are installed:- Node.js (version >= 20.x, recommended)
nvm
(Management) - Bun (version >= 1.1.36)
- Postgres (version >= 15.x)
- Git and Docker
- Node.js (version >= 20.x, recommended)
- Cloning Code
Runs in the terminal:
git clone https://github.com/trycompai/comp.git
cd comp
- Installation of dependencies
Implementation:
bun i
- Configuration environment
Copy the example file and generate the key:
cp apps/web/.env.example apps/web/.env
cp apps/app/.env.example apps/app/.env
openssl rand -base64 32
Fill the key into the apps/app/.env
(used form a nominal expression) AUTH_SECRET
, and configure other variables (such as database connections).
5. Setting up the database
Start Postgres and initialize it:
bun docker:up
bun db:generate
bun db:push
bun db:seed # 可选,填充初始数据
- Starting services
Run the development server:
turbo dev
interviews http://localhost:3000
Use the local version.
7. Function Operation
Consistent with the cloud version, log in and follow the steps above.
Featured Functions
- Evidence collection: After connecting to the tool, the system automatically captures logs and configurations and generates compliance reports, reducing manual work.
- real time monitoring: Scanning the system to detect problems (e.g. unencrypted data) and alerting in real time.
- Self-hosted support: Once locally deployed, organizations have full control over their data, adapting to private clouds or special needs.
caveat
- The cloud version requires waiting for invitations and the local version requires regular code updates (
git pull
). - Modification of the code for public release is subject to the AGPLv3 license, and commercial use can be licensed by contacting .
- If you have questions, contact us by email or ask for help in the GitHub discussion forums.
application scenario
- Small Business Compliance
A startup needs to win customers with SOC 2. Comp AI automates evidence collection and prepares audits quickly. - Used by development teams
Development teams want to self-host compliance tools. comp AI is deployed locally, integrating with existing technology stacks. - Security improvements
A company needs to monitor GDPR compliance. The platform detects problems and provides solutions in real time.
QA
- Is Comp AI free?
The core functionality is free and open source (AGPLv3) and hosted on GitHub, while the advanced features require a commercial license, for which you need to contact the officials. - What technology stacks are supported?
Built with Next.js, Prisma, Tailwind CSS, Trigger.dev, and more, with support for AWS, Slack, and other integrations. - How do I deploy to the cloud?
Local deployment is currently supported, with Docker and Vercel deployment instructions coming soon.