Automated Compliance & Security for Regulated Teams

Align your source code with the controls that matter for regulated finance — DORA, BaFin and NIS2 — using a NIST CSF 2.0 control cross-walk. Detect secrets, cut noise with AI-assisted triage, and turn confirmed findings into Jira tickets and AWS Security Hub (ASFF) records.

Live Demo
Made in Germany 🇩🇪

Seamless Integration

Turn findings into actions

From detection to evidence. CodeGuardian ingests the secrets Bitbucket flags, triages them with AI, opens a Jira ticket with full remediation guidance, and exports an auditable record to AWS Security Hub. Optional automated follow-up escalates findings that stay open.

Jira & Security Hub Workflow

Automatically open detailed Jira tickets for confirmed findings, and export each finding to AWS Security Hub (ASFF) with severity and a link back to its ticket.

Bitbucket Integration

Connects to Bitbucket and ingests its secret-detection findings across your repositories. Each flagged credential is collected for AI triage — no raw alerts left for your team to sort manually.

Smart Analysis & False Positives

Advanced AI analysis filters out noise. Our Bedrock-based engine flags likely false positives and adds context, so your team can focus on the findings that look real. AI triage runs on AWS Bedrock in eu-central-1 (Frankfurt), within your AWS account.

Interactive Demo

Try Code Guardian AI

Paste a snippet of code below and see our AI engine identify and assist your team to fix vulnerabilities.

Max 12,000 characters.

Analysis results will appear here...

See it in Action

Deep Integration at Every Layer

From real-time alerts to native AWS Security Hub integration and automated Jira ticketing—we fit into your existing workflow.

Automated Jira Ticket creation

Automated Jira Ticketing

Findings are automatically converted into rich Jira tickets with remediation guidance, severity levels, and deep links to the code.

Real-time Team Notifications

Instant Team Alerts

Notify your team by email when a secret is detected, with a direct link to the Jira ticket for rapid self-remediation.

AWS Security Hub Integration

Native Security Hub Sync

All findings are synced to AWS Security Hub (ASFF format), providing a unified glass-pane view for your SOC and compliance teams.

Audit-Ready

Compliance by Design

Address mandatory banking controls and security gates. CodeGuardian maps your internal control catalog to DORA, BaFin and NIS2, and provides automated evidence toward each.

Internal ControlRequirementPrimary Regulatory Basis (Bank)NIST CSF 2.0 Cross-walkCoverage
AVM-R223Secret scanning security gate (mandatory)DORA Art. 9 (protection & prevention); RTS on ICT risk management ((EU) 2024/1774), secure ICT systems acquisition, development & maintenancePR.PS, DE.CMEvidence provided
SOFA-CAPA-R06Detect & manage secrets across lifecycle (mandatory)DORA Art. 9; RTS ((EU) 2024/1774), cryptography & key managementPR.AA, PR.DSEvidence provided
SOFA-OWASP-R15Secure secrets in pipelines (mandatory)DORA Art. 9; NIS2 §30 BSIG (Risikomanagementmaßnahmen)PR.PS, PR.AAEvidence provided
SOFA-OWASP-R16Clean secrets in logs (mandatory)DORA Art. 9; NIS2 §30 BSIGDE.CM, PR.DSEvidence provided
SOFA-OWASP-R17Limit visibility of secret-bearing repos (mandatory)DORA Art. 9; NIS2 §30 BSIGPR.AA, GV.RRPartial — see note
SOFA-PRJ-R15Track remediation (mandatory)DORA Art. 11 (response & recovery); NIS2 §30 BSIGID.IM, RS.MAEvidence provided
Vulnerability handling & cyber hygiene (umbrella)NIS2 §30 BSIG; DORA ICT risk-management frameworkGV.RM, ID.RAEvidence provided

CodeGuardian provides automated evidence toward these controls. It supports, but does not by itself constitute, regulatory compliance.

SOFA-CAPA-R06: CodeGuardian detects and tracks secrets and outputs full remediation guidance — including rotation and revocation steps — in each ticket. It surfaces and tracks remediation; it does not itself execute automated rotation or revocation.

SOFA-OWASP-R17: CodeGuardian identifies which repositories contain detected secrets, but does not currently audit or restrict repository visibility or permissions.

Financial entities are regulated for ICT risk primarily under DORA and BaFin supervision; NIS2 (NIS2UmsuCG) applies at group level. NIST CSF 2.0 is used here as a control cross-walk, not as the regulatory basis.

Regulatory Standards

Aligned with Common Frameworks

GDPR & Privacy

Reduce the risk of data leaks. CodeGuardian is designed to detect secrets and credentials in your repositories and route them for triage, supporting your GDPR data-protection controls.

SOC 2 Type II

Support your Change Management controls. All findings are tracked in Jira with a complete audit trail, providing evidence for auditors.

OWASP Top 10

Hardcoded secrets and exposed credentials are a top OWASP risk. CodeGuardian detects and triages them across your repositories.

Measured Impact

Outcomes from a BaFin-regulated banking engagement.

Manual triage effort
90%
Faster remediation (MTTR)
99%
Audit traceability
100%

Source: ZERODOTFIVE engagement with a Hamburg-based bank, 2025. Measured against the prior manual process (170 leaked-credential findings, roughly three working days of triage, more than 70% of it spent on false positives); MTTR for critical secrets reduced from months to under two hours. Single engagement; individual results vary. [[OWNER: confirm metric + source]]

Expert Services

Strategic Partnership

Beyond the binary. We partner with you to ensure successful adoption. From specialized customizations to team coaching, we bridge the gap between your Security, CISO, and Development teams.

Implementation & Customization.
We adapt the integration to fit your specific ecosystem and requirements.
Coaching & Training.
We train your developers and act as a bridge between CTO, SecOps, and CISO to align goals.
Update Support.
Professional support for updates and long-term maintenance.
Bridging Security, Devs and Management
ZERODOTFIVE Team

People

Engineering Trust through Human Expertise

Behind the automation of Code Guardian is a specialized team of AWS Architects and Security Engineers. We don't just build software; we architect resilient security cultures.

Our team combines years of experience in the financial sector with a pragmatic, hands-on DevSecOps philosophy. We believe that security should be an accelerator for your developers, not a bottleneck.

Certified Experts
AWS Professional & Security Specialists.
Financial Pedigree
Experienced with BaFin, DORA and NIST CSF 2.0.

ZERODOTFIVE Hamburg GmbH

Your Partner in Digital Sovereignty

Since 2018, we have served as a German, Hamburg-based AWS Partner. We identify the strategic path to the cloud for enterprises, focusing on quality, regulatory compliance, and long-term efficiency.

AI triage runs on Amazon Bedrock in the AWS Europe (Frankfurt) region (eu-central-1), inside your own AWS account. Source code and detected secrets are processed there for analysis and are not sent to any third-party service outside AWS. Amazon Bedrock does not use your data to train foundation models, and foundation-model providers receive no customer data.