transilienceai / shasta

Public

Shasta — AWS and Azure compliance automation platform for SOC 2, ISO 27001 and HIPAA. AI-native toolkit for founders.

100% credibility

Found Apr 07, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

Python

AI Summary

Shasta is an open-source toolkit that automates cloud compliance checks for SOC 2, ISO 27001, and HIPAA across AWS and Azure, generating reports, policies, and remediation guidance through simple commands.

How It Works

👋 Discover Shasta

You hear about Shasta as a simple way for small teams to handle compliance without expensive tools.

📥 Get it set up

Download and prepare Shasta on your computer in moments.

🔗 Link your clouds

Connect your AWS or Azure accounts so Shasta can peek at your setup safely.

🔍 Run your first check

Tell Shasta to scan everything and get instant results on what's good or needs work.

📊 See your score

View your compliance grade, list of issues, and easy explanations of why they matter.

📄 Grab reports and fixes

Download auditor-ready reports and step-by-step guides to make everything right.

✅ Stay compliant

Set up ongoing checks and celebrate — you're audit-ready without the hassle.

Sign up to see the full architecture

5 more

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is shasta?

Shasta is a Python-powered, AI-native platform for AWS and Azure compliance automation, targeting SOC 2, ISO 27001, and HIPAA. It scans infrastructure across IAM, networking, storage, encryption, and monitoring—running 72+ checks to map gaps, score compliance, and spit out Terraform remediations, policy docs, PDF reports, SBOMs, and threat intel. Founders skip $30K SaaS tools like Vanta by chatting naturally or using Claude Code commands like /scan, /remediate, or /policy-gen—all local with SQLite storage.

Why is it gaining traction?

It hooks devs with zero-infra setup, real-time drift detection via AWS Config/EventBridge, and extras like personalized CVEs filtered to your stack or Jira/Slack alerts. Unlike rigid SaaS, the AI interface explains fixes in plain English with effort estimates, plus GitHub branch checks and questionnaire auto-fills. Early buzz comes from its vibe-coded origins: full multi-cloud coverage built fast, deployable today.

Who should use this?

Startup founders and solo DevOps engineers at <50-person teams pursuing SOC 2 Type II, ISO 27001, or HIPAA on AWS/Azure. Perfect for bootstrappers needing audit evidence, access reviews, or risk registers without consultants—especially if you already use Terraform and want Python-based automation.

Verdict

Grab it for proof-of-concept compliance runs; the dashboard, 36 Terraform templates, and integrations deliver real value out of the box. With 19 stars, 1.0% credibility, and fresh tests/docs, it's promising but audit cautiously—validate findings manually first.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

Followers

Base stars: 19 stars

Penalty: Very new repo (2d): -70%

Bonus: AI verified quality (100%)

Account age: 745 days

Repo age: 2 days

Updated: Apr 07, 2026