Stop screenshotting your Git logs.
Turn your engineering workflows into DORA evidence.
Connect GitHub, Jira, and CI/CD to continuously collect evidence for DORA development, testing, and change controls.
Read-only · No source code stored
Security Teams spend weeks collecting engineering evidence for the next Audit
Every audit cycle, teams manually gather pull request approvals, branch protection settings, CI/CD test runs, and ticket-to-fix history. It is repetitive, error-prone, and hard to verify under pressure.
PR approvals and branch rules
Manual exports of approvals, branch protection, and merge history for every audit cycle.
CI/CD and ticket evidence stitching
Pulling Jira issues, pipeline runs, and remediation updates into one audit file.
Repeats every audit
The same manual process restarts every cycle and gets worse as teams and repos grow.
Gaps during review
Evidence gets missed, timelines slip, and follow-up questions increase.
Continuous Engineering Evidence
From engineering activity to DORA evidence.
Connect to your Repo
Link your repository with read-only access.
Run the control tests
Capture PR approvals, branch rules, pipeline runs, ticket links, and remediation history as evidence objects mapped to DORA controls.
Export Results
Generate a structured export with supporting records, timestamps, and traceability for audit and internal review.
Engineering evidence for DORA
Engineering evidence collection
Collect pull request approvals, branch protection snapshots, pipeline runs, ticket links, and remediation history from the tools your team already uses.
Remediation traceability
Link findings, tickets, fixes, and verification steps into a traceable evidence trail.
One-click evidence export
Export a structured evidence pack for a selected period, ready for audit prep and internal review.
DORA control mapping
See which development, testing, and change controls have evidence and where gaps remain.
Start with the tools your team already uses
Read-only access. No source code stored. We collect metadata such as approvals, timestamps, pipeline outcomes, and ticket links.
GitHub
PR reviews, branch protection rules, merge policies, Dependabot and code scanning alerts.
Jira
Issue tracking, vulnerability ticket lifecycle, remediation workflows, and sprint evidence.
GitHub Actions
CI/CD pipeline runs, security scan results, deployment gates, and workflow execution records.
Try it on a popular open-source repo
Paste any public repo URL and get an instant DORA compliance report — branch protection, CI/CD, secret scanning, vulnerability management, and more.
Coming next: Azure DevOps
DORA is now in force. The challenge is proving engineering controls continuously.
The Digital Operational Resilience Act became mandatory for all EU financial entities in January 2025. Swedish regulated software companies are already subject to oversight by Finansinspektionen. The question is no longer whether you need to comply: it's whether you can prove it.
Non-compliance risk
DORA Art. 50 authorizes national regulators to impose administrative sanctions and remedial measures on non-compliant financial entities, including regulated software companies and payment service providers.
What Norigen covers
Norigen is focused on development process evidence: the controls that live in your Git history, CI pipelines, and ticket tracker. Not infrastructure. Not policy documents.
Mandatory for all EU financial entities since January 2025. Norigen covers the development process controls: the ones your team produces evidence for with every PR, pipeline run, and ticket.
NIS2 mapping is also on the roadmap: once the Swedish national transposition is final, your existing evidence will cover it automatically.
Stop screenshotting your Git logs.
Connect your CI/CD tools. Ensure traceability by DORA.
Read-only access • No source code stored • Fast setup