Comp AI: Open Source Compliance Platform for SOC 2, ISO 27001, and GDPR
Dec 6, 2025
complianceopen-sourcesecuritysoc2self-hosted
Comp AI is an open-source compliance platform that automates evidence collection, policy management, and control implementation for frameworks like SOC 2, ISO 27001, HIPAA, and GDPR. It positions itself as a self-hostable alternative to Vanta and Drata.
Key Features
- Automated evidence collection from AWS, GCP, Azure, GitHub, and Slack
- AI-powered policy editor for customized compliance documentation
- Infrastructure scanning for continuous monitoring
- Employee training tracking and device compliance monitoring
- Integrated risk register and vendor assessment capabilities
- Data sovereignty: self-host to keep all data under your control
Deployment Options
- Local development: Clone the repo, install dependencies with Bun, run PostgreSQL via Docker
- Docker containerization: Full Docker support for production deployments
- Vercel: Deployment documentation pending
- Self-hosting: See
SELF_HOSTING.mdin the repository
Requirements: Node.js 20+, Bun 1.1.36+, PostgreSQL 15+
Tech Stack
Built with Next.js, Tailwind CSS, Prisma, Trigger.dev (workflow automation), and Upstash. Monorepo structure using Turbo with three apps: main platform, portal, and API service.
Current State
- Licensing: Open Core model (99% AGPLv3, 1% commercial enterprise features)
- Recognition: Product Hunt #1 Product of the Day, Vercel Open Source Program participant, Microsoft for Startups accelerator
- Mission: Help 100,000 startups get SOC 2 compliant by 2032 (founded late 2024 by Bubba AI, Inc.)
- Published packages:
@comp/db,@comp/email,@comp/kv,@comp/ui
Paid Alternatives
| Platform | Starting Price | Best For |
|---|---|---|
| Vanta | ~$10K/year | Startups wanting speed and simplicity |
| Drata | ~$7.5K/year | Engineering-driven teams, deep automation |
| Secureframe | ~$10K/year | Multi-framework compliance |
| Comp AI | Free (self-hosted) | Teams wanting data sovereignty and cost savings |
Note: Enterprise plans for Vanta/Drata can reach $50K-$100K+ annually. SOC 2 auditor fees ($8K-$50K) are separate from platform costs.
The Value Proposition
For startups that balk at $25K+ annual compliance platform fees, Comp AI offers a compelling path: self-host the platform, maintain control over your data, and use the savings toward actual auditor costs. The tradeoff is managing your own infrastructure and potentially missing some enterprise integrations.
GitHub: trycompai/comp