Compliance evidence, captured at the source.

Norigen helps EU-regulated financial companies collect, map, and maintain audit-ready evidence from the tools where work already happens.

No screenshots. No spreadsheets. No last-minute audit scramble.

Get a sample evidence reportSee how it works

Read-only · No source code stored · EU-hosted

DORA: mandatory since January 2025
The problem

Audit evidence is still rebuilt manually

Norigen captures evidence from source systems as work happens, so audit records stay current and traceable.

See how Norigen fixes this
1

Compliance teams chase owners

Teams export data from different tools. Screenshots end up in folders and spreadsheets.

2

Evidence becomes stale

Records assembled manually go out of date before the next audit cycle begins.

3

Gaps accumulate under pressure

Evidence gets missed, timelines slip, and follow-up questions from auditors keep piling up.

Our Solution

Continuous Engineering Evidence

deploy.yml
on: push · main
build
32s
test
20s
scan
44s
Generating evidence
in progress
Evidence releasedEVD-12345
TIMESTAMP1947-09-09 10:32STATUSCOMPLIANTEVENTDEPLOY SUCCESS
Get a sample evidence report
How it works

From engineering activity to audit-ready evidence.

01
running

Connect source systems

GitHubGitLabJiraAzure DevOpsCI/CD pipelines
02
queued

Capture evidence metadata

ApprovalsTimestampsLinked ticketsWorkflow runsChange history
03
queued

Map evidence to controls

DORA developmentTesting controlsChange managementICT risk management
04
queued

Export audit-ready records

Traceable recordsPDF exportJSON exportCompliance review

Trusted by

Datarr
Överklaga
Hackrocks
Datarr
Överklaga
Hackrocks
Datarr
Överklaga
Hackrocks
Datarr
Överklaga
Hackrocks
Integrations

Start with the tools your team already uses

Read-only access. No source code stored. We collect metadata such as approvals, timestamps, pipeline outcomes, and ticket links. Evidence objects are timestamped at capture and export, providing a verifiable record for auditors and internal review.

Connected

GitHub

PR reviews, branch protection rules, merge policies, Dependabot and code scanning alerts.

Pull request approvals
Branch protection snapshots
Vulnerability alerts
Merge history

Choose your integrations

GitLab
Linear
Azure
GCP
AWS
and more

Try it on a popular open-source repo

Try a public GitHub repo and see what DORA-relevant engineering evidence can be detected from public repository metadata. This is a sample readiness report, not a full DORA compliance assessment.

Free scan →
Regulatory urgency

DORA is now in force. The challenge is proving engineering controls continuously.

DORA applies to EU financial entities and raises the evidence expectations around ICT risk management, change management, testing, and third-party oversight. For software and technology providers serving financial institutions, this can also increase evidence requirements through customer audits, contractual obligations, and third-party risk reviews.

Non-compliance risk

DORA Art. 50 authorizes national regulators to impose administrative sanctions and remedial measures on non-compliant financial entities, including regulated software companies and payment service providers.

January 2025
DORA is live
DORA requires financial entities to maintain ICT risk management controls and produce evidence that those controls operate in practice. RTS 2024/1774 specifies detailed expectations for ICT project management, systems development, testing, and change management.
Ongoing
Supervisory reviews
National competent authorities (Finansinspektionen in Sweden) are conducting assessments. Companies must produce engineering evidence on demand.
Next cycle
Your next audit
Manual collection takes weeks. Norigen makes it continuous: so you are always ready, not scrambling.

Your audit evidence should not live in screenshots.

No screenshots. No spreadsheets. No last-minute audit scramble.

Read-only access • We read workflow run metadata, not source code • Clear evidence metadata only