
Automated Jira Ticketing
Findings are automatically converted into rich Jira tickets with remediation guidance, severity levels, and deep links to the code.
Align your source code with the controls that matter for regulated finance — DORA, BaFin and NIS2 — using a NIST CSF 2.0 control cross-walk. Detect secrets, cut noise with AI-assisted triage, and turn confirmed findings into Jira tickets and AWS Security Hub (ASFF) records.
Turn findings into actions
From detection to evidence. CodeGuardian ingests the secrets Bitbucket flags, triages them with AI, opens a Jira ticket with full remediation guidance, and exports an auditable record to AWS Security Hub. Optional automated follow-up escalates findings that stay open.
Automatically open detailed Jira tickets for confirmed findings, and export each finding to AWS Security Hub (ASFF) with severity and a link back to its ticket.
Connects to Bitbucket and ingests its secret-detection findings across your repositories. Each flagged credential is collected for AI triage — no raw alerts left for your team to sort manually.
Advanced AI analysis filters out noise. Our Bedrock-based engine flags likely false positives and adds context, so your team can focus on the findings that look real. AI triage runs on AWS Bedrock in eu-central-1 (Frankfurt), within your AWS account.
Try Code Guardian AI
Paste a snippet of code below and see our AI engine identify and assist your team to fix vulnerabilities.
Max 12,000 characters.
Analysis results will appear here...
Deep Integration at Every Layer
From real-time alerts to native AWS Security Hub integration and automated Jira ticketing—we fit into your existing workflow.

Findings are automatically converted into rich Jira tickets with remediation guidance, severity levels, and deep links to the code.

Notify your team by email when a secret is detected, with a direct link to the Jira ticket for rapid self-remediation.

All findings are synced to AWS Security Hub (ASFF format), providing a unified glass-pane view for your SOC and compliance teams.
Compliance by Design
Address mandatory banking controls and security gates. CodeGuardian maps your internal control catalog to DORA, BaFin and NIS2, and provides automated evidence toward each.
| Internal Control | Requirement | Primary Regulatory Basis (Bank) | NIST CSF 2.0 Cross-walk | Coverage |
|---|---|---|---|---|
| AVM-R223 | Secret scanning security gate (mandatory) | DORA Art. 9 (protection & prevention); RTS on ICT risk management ((EU) 2024/1774), secure ICT systems acquisition, development & maintenance | PR.PS, DE.CM | Evidence provided |
| SOFA-CAPA-R06 | Detect & manage secrets across lifecycle (mandatory) | DORA Art. 9; RTS ((EU) 2024/1774), cryptography & key management | PR.AA, PR.DS | Evidence provided |
| SOFA-OWASP-R15 | Secure secrets in pipelines (mandatory) | DORA Art. 9; NIS2 §30 BSIG (Risikomanagementmaßnahmen) | PR.PS, PR.AA | Evidence provided |
| SOFA-OWASP-R16 | Clean secrets in logs (mandatory) | DORA Art. 9; NIS2 §30 BSIG | DE.CM, PR.DS | Evidence provided |
| SOFA-OWASP-R17 | Limit visibility of secret-bearing repos (mandatory) | DORA Art. 9; NIS2 §30 BSIG | PR.AA, GV.RR | Partial — see note |
| SOFA-PRJ-R15 | Track remediation (mandatory) | DORA Art. 11 (response & recovery); NIS2 §30 BSIG | ID.IM, RS.MA | Evidence provided |
| — | Vulnerability handling & cyber hygiene (umbrella) | NIS2 §30 BSIG; DORA ICT risk-management framework | GV.RM, ID.RA | Evidence provided |
CodeGuardian provides automated evidence toward these controls. It supports, but does not by itself constitute, regulatory compliance.
SOFA-CAPA-R06: CodeGuardian detects and tracks secrets and outputs full remediation guidance — including rotation and revocation steps — in each ticket. It surfaces and tracks remediation; it does not itself execute automated rotation or revocation.
SOFA-OWASP-R17: CodeGuardian identifies which repositories contain detected secrets, but does not currently audit or restrict repository visibility or permissions.
Financial entities are regulated for ICT risk primarily under DORA and BaFin supervision; NIS2 (NIS2UmsuCG) applies at group level. NIST CSF 2.0 is used here as a control cross-walk, not as the regulatory basis.
Aligned with Common Frameworks
Reduce the risk of data leaks. CodeGuardian is designed to detect secrets and credentials in your repositories and route them for triage, supporting your GDPR data-protection controls.
Support your Change Management controls. All findings are tracked in Jira with a complete audit trail, providing evidence for auditors.
Hardcoded secrets and exposed credentials are a top OWASP risk. CodeGuardian detects and triages them across your repositories.
Outcomes from a BaFin-regulated banking engagement.
Source: ZERODOTFIVE engagement with a Hamburg-based bank, 2025. Measured against the prior manual process (170 leaked-credential findings, roughly three working days of triage, more than 70% of it spent on false positives); MTTR for critical secrets reduced from months to under two hours. Single engagement; individual results vary. [[OWNER: confirm metric + source]]
Strategic Partnership
Beyond the binary. We partner with you to ensure successful adoption. From specialized customizations to team coaching, we bridge the gap between your Security, CISO, and Development teams.


Engineering Trust through Human Expertise
Behind the automation of Code Guardian is a specialized team of AWS Architects and Security Engineers. We don't just build software; we architect resilient security cultures.
Our team combines years of experience in the financial sector with a pragmatic, hands-on DevSecOps philosophy. We believe that security should be an accelerator for your developers, not a bottleneck.
Your Partner in Digital Sovereignty
Since 2018, we have served as a German, Hamburg-based AWS Partner. We identify the strategic path to the cloud for enterprises, focusing on quality, regulatory compliance, and long-term efficiency.
AI triage runs on Amazon Bedrock in the AWS Europe (Frankfurt) region (eu-central-1), inside your own AWS account. Source code and detected secrets are processed there for analysis and are not sent to any third-party service outside AWS. Amazon Bedrock does not use your data to train foundation models, and foundation-model providers receive no customer data.