From 5d6e7f9da79ec640f694f53cbf3e2fedbccce170 Mon Sep 17 00:00:00 2001
From: Tris <41213791+tristanroth1@users.noreply.github.com>
Date: Fri, 19 Jun 2026 17:15:44 +0200
Subject: [PATCH] Add heygrc to Static Analysis (Configuration Files)

heygrc is a GitHub App that reviews pull requests against an
organization's compliance frameworks and flags control-relevant
changes inline, citing the relevant clause. It fits the policy /
compliance-as-code corner of the list alongside Selefra.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index fa54e33..900190c 100644
--- a/readme.md
+++ b/readme.md
@@ -271,6 +271,7 @@ Static Analysis Security Testing (SAST) tools scan software for vulnerabilities
 <!-- omit in toc -->
 #### Configuration Files
 - [Conftest](https://github.com/instrumenta/conftest) - _Instrumenta_ - Create custom tests to scan any configuration file for security flaws.
+- [heygrc](https://heygrc.com) - _ISMS Copilot_ - A GitHub App that reviews pull requests against your compliance frameworks (ISO 27001, SOC 2, GDPR, EU AI Act, and more) and flags control-relevant changes inline, citing the clause.
 - [Selefra](https://github.com/selefra/selefra) - _Selefra_ - An open-source policy-as-code software that provides analytics for multi-cloud and SaaS.
 
 <!-- omit in toc -->