Read-only demo with fictional data (Foundry Labs, Inc.). Nothing here is a real company.Get Controls for your own stack →

Scorifya Controls — SOC 2 Compliance Report

Organization: Foundry Labs, Inc.

Report Date: July 11, 2026

63% Compliant
54
Total Checks
34
Passing
20
Failing
0
Warnings

Control Check Results

NameCriteriaProviderSeverityStatusLast CheckedDetails
2-Step Verification enforced for all Google Workspace usersCC6.1GCPcriticalPassJul 11, 2026{"message":"2-Step Verification enforced for all Google Workspace users: all observed resources comply.","affectedResources":[]}
2FA required for all org membersCC6.1GITHUBcriticalPassJul 11, 2026{"message":"2FA required for all org members: all observed resources comply.","affectedResources":[]}
Azure Activity Log diagnostic settings configuredCC7.2AZUREcriticalFailJul 11, 2026{"message":"Azure Activity Log diagnostic settings configured: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
Azure Key Vault in use for secrets managementCC6.1AZUREhighPassJul 11, 2026{"message":"Azure Key Vault in use for secrets management: all observed resources comply.","affectedResources":[]}
Azure PostgreSQL enforces SSLCC6.1AZUREhighFailJul 11, 2026{"message":"Azure PostgreSQL enforces SSL: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
Azure SQL Transparent Data Encryption enabledCC6.1AZUREhighFailJul 11, 2026{"message":"Azure SQL Transparent Data Encryption enabled: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
Azure SQL server-level auditing enabledCC7.2AZUREmediumPassJul 11, 2026{"message":"Azure SQL server-level auditing enabled: all observed resources comply.","affectedResources":[]}
Azure Storage account public blob access disabledCC6.1AZUREcriticalFailJul 11, 2026{"message":"Azure Storage account public blob access disabled: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
Azure managed disks encrypted at restCC6.1AZUREhighFailJul 11, 2026{"message":"Azure managed disks encrypted at rest: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
Cloud Audit Logs enabled for all servicesCC7.2GCPcriticalFailJul 11, 2026{"message":"Cloud Audit Logs enabled for all services: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
Cloud SQL instances encrypted at restCC6.1GCPhighFailJul 11, 2026{"message":"Cloud SQL instances encrypted at rest: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
Cloud SQL requires SSL connectionsCC6.1GCPhighPassJul 11, 2026{"message":"Cloud SQL requires SSL connections: all observed resources comply.","affectedResources":[]}
CloudTrail enabled in all regionsCC7.2AWScriticalFailJul 11, 2026{"message":"CloudTrail enabled in all regions: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
CloudTrail log file validation enabledCC7.2AWShighPassJul 11, 2026{"message":"CloudTrail log file validation enabled: all observed resources comply.","affectedResources":[]}
CloudWatch alarm for root account usageCC7.2AWShighPassJul 11, 2026{"message":"CloudWatch alarm for root account usage: all observed resources comply.","affectedResources":[]}
CloudWatch log groups retain at least 12 monthsCC7.2AWShighPassJul 11, 2026{"message":"CloudWatch log groups retain at least 12 months: all observed resources comply.","affectedResources":[]}
Compute Engine disks are encryptedCC6.1GCPhighPassJul 11, 2026{"message":"Compute Engine disks are encrypted: all observed resources comply.","affectedResources":[]}
Default branch protection enabledCC8.1GITHUBcriticalFailJul 11, 2026{"message":"Default branch protection enabled: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
Dependabot security alerts enabledCC7.1GITHUBhighPassJul 11, 2026{"message":"Dependabot security alerts enabled: all observed resources comply.","affectedResources":[]}
EBS default encryption enabledCC6.1AWShighPassJul 11, 2026{"message":"EBS default encryption enabled: all observed resources comply.","affectedResources":[]}
GCS buckets block public accessCC6.1GCPcriticalPassJul 11, 2026{"message":"GCS buckets block public access: all observed resources comply.","affectedResources":[]}
GuardDuty enabled in all regionsCC7.2AWScriticalFailJul 11, 2026{"message":"GuardDuty enabled in all regions: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
KMS symmetric keys rotate within 90 daysCC6.1GCPmediumPassJul 11, 2026{"message":"KMS symmetric keys rotate within 90 days: all observed resources comply.","affectedResources":[]}
Key Vaults use Azure RBACCC6.1AZUREmediumFailJul 11, 2026{"message":"Key Vaults use Azure RBAC: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
Load balancer HTTPS listeners require TLS 1.2 or higherCC6.1AWShighPassJul 11, 2026{"message":"Load balancer HTTPS listeners require TLS 1.2 or higher: all observed resources comply.","affectedResources":[]}
Log Analytics workspaces retain logs for 90+ daysCC7.2AZUREmediumPassJul 11, 2026{"message":"Log Analytics workspaces retain logs for 90+ days: all observed resources comply.","affectedResources":[]}
Long-term log sink configuredCC7.2GCPmediumPassJul 11, 2026{"message":"Long-term log sink configured: all observed resources comply.","affectedResources":[]}
MFA enabled for all IAM usersCC6.1AWScriticalPassJul 11, 2026{"message":"MFA enabled for all IAM users: all observed resources comply.","affectedResources":[]}
MFA enforced via Security Defaults or Conditional AccessCC6.1AZUREcriticalFailJul 11, 2026{"message":"MFA enforced via Security Defaults or Conditional Access: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
Microsoft Defender for Cloud enabled on key workloadsCC7.2AZUREhighPassJul 11, 2026{"message":"Microsoft Defender for Cloud enabled on key workloads: all observed resources comply.","affectedResources":[]}
No NSG rule opens SSH/RDP to the internetCC6.6AZUREcriticalPassJul 11, 2026{"message":"No NSG rule opens SSH/RDP to the internet: all observed resources comply.","affectedResources":[]}
No credentials unused for 90+ daysCC6.2AWShighPassJul 11, 2026{"message":"No credentials unused for 90+ days: all observed resources comply.","affectedResources":[]}
No firewall rule opens SSH/RDP to the internetCC6.6GCPcriticalPassJul 11, 2026{"message":"No firewall rule opens SSH/RDP to the internet: all observed resources comply.","affectedResources":[]}
No security groups expose SSH/RDP/DB ports to the internetCC6.1AWScriticalPassJul 11, 2026{"message":"No security groups expose SSH/RDP/DB ports to the internet: all observed resources comply.","affectedResources":[]}
No stale Azure AD guest usersCC6.2AZUREmediumPassJul 11, 2026{"message":"No stale Azure AD guest users: all observed resources comply.","affectedResources":[]}
OS Login is enforced at the project levelCC6.2GCPmediumPassJul 11, 2026{"message":"OS Login is enforced at the project level: all observed resources comply.","affectedResources":[]}
Primitive IAM roles (Owner/Editor) not assigned to usersCC6.1GCPhighPassJul 11, 2026{"message":"Primitive IAM roles (Owner/Editor) not assigned to users: all observed resources comply.","affectedResources":[]}
Privileged Identity Management activated for admin rolesCC6.2AZUREmediumPassJul 11, 2026{"message":"Privileged Identity Management activated for admin roles: all observed resources comply.","affectedResources":[]}
RDS instances encrypted at restCC6.1AWShighFailJul 11, 2026{"message":"RDS instances encrypted at rest: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
RDS instances enforce TLS at the parameter groupCC6.1AWShighPassJul 11, 2026{"message":"RDS instances enforce TLS at the parameter group: all observed resources comply.","affectedResources":[]}
RDS instances use non-default master usernameCC6.1AWSmediumPassJul 11, 2026{"message":"RDS instances use non-default master username: all observed resources comply.","affectedResources":[]}
Required status checks on default branchCC8.1GITHUBhighFailJul 11, 2026{"message":"Required status checks on default branch: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
Root account has no active access keysCC6.1AWScriticalFailJul 11, 2026{"message":"Root account has no active access keys: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
S3 buckets encrypted at restCC6.1AWShighPassJul 11, 2026{"message":"S3 buckets encrypted at rest: all observed resources comply.","affectedResources":[]}
S3 public access block enabledCC6.1AWScriticalPassJul 11, 2026{"message":"S3 public access block enabled: all observed resources comply.","affectedResources":[]}
S3 versioning enabled on critical bucketsA1.2AWSmediumFailJul 11, 2026{"message":"S3 versioning enabled on critical buckets: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
Secret scanning enabledCC6.1GITHUBhighPassJul 11, 2026{"message":"Secret scanning enabled: all observed resources comply.","affectedResources":[]}
Service account keys not older than 90 daysCC6.2GCPhighFailJul 11, 2026{"message":"Service account keys not older than 90 days: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
Storage accounts require HTTPSCC6.1AZUREhighFailJul 11, 2026{"message":"Storage accounts require HTTPS: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
Strong password policy configuredCC6.1AWShighPassJul 11, 2026{"message":"Strong password policy configured: all observed resources comply.","affectedResources":[]}
The default VPC network has been removedCC6.6GCPmediumPassJul 11, 2026{"message":"The default VPC network has been removed: all observed resources comply.","affectedResources":[]}
Uniform bucket-level access enabled on GCS bucketsCC6.1GCPhighPassJul 11, 2026{"message":"Uniform bucket-level access enabled on GCS buckets: all observed resources comply.","affectedResources":[]}
VPC Flow Logs enabledCC7.2AWShighFailJul 11, 2026{"message":"VPC Flow Logs enabled: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}
VPC Flow Logs enabled on all subnetsCC7.2GCPhighFailJul 11, 2026{"message":"VPC Flow Logs enabled on all subnets: 2 resource(s) do not comply.","affectedResources":["demo-resource-a","demo-resource-b"],"remediation":"Open the check detail for full remediation guidance."}

Generated by Scorifya Controls · July 11, 2026 · SOC 2 Type II Compliance Report for Foundry Labs, Inc.