GitGov Audit

Audit Git repositories for GDPR/PII risks and backlog hygiene, and automatically create Jira issues from Bitbucket pull requests—bringing compliance directly into the developer workflow.

Comment

Inspiration

GitGov Audit was born from a reality faced by many development teams in regulated environments: compliance (GDPR, privacy, traceability) is usually handled too late, manually, and outside the developer’s natural workflow. Audits often arrive when the damage is already done.

At the same time, Git has become the de facto standard for software development, yet it lacks native mechanisms for continuous audit and compliance. This led us to a simple question: what if compliance was as natural as making a commit or opening a pull request?

What the project does

GitGov Audit audits Git repositories and pull requests to detect compliance risks such as personal data exposure (PII/GDPR) and backlog hygiene issues.

The app integrates directly with Bitbucket and Jira to:

  • Analyze repositories and pull requests.
  • Detect compliance and quality findings.
  • Automatically create Jira issues from those findings.
  • Expose an audit dashboard directly inside Jira.

The goal is to bring compliance into the developer workflow without slowing teams down.

How we built it

We built GitGov Audit as an Atlassian Forge application, using:

  • Bitbucket to access repositories and pull requests.
  • Jira for automatic issue creation and tracking.
  • Serverless Node.js functions to process audits.
  • A Jira-integrated UI to surface audit results and insights.

The architecture clearly separates audit logic, Atlassian integrations, and presentation, making the system easy to extend.

Challenges we faced

One of the main challenges was understanding and correctly applying Forge’s model of modules, resolvers, and permissions, especially when combining Bitbucket and Jira in a single solution.

We also had to balance audit depth with speed, aiming to demonstrate real value in a short demo without sacrificing realism.

Finally, designing a clear experience for both judges and developers required multiple iterations to avoid unnecessary complexity.

What we’re proud of

  • Bringing compliance auditing directly into the Git → Jira workflow.
  • Automatically creating Jira issues from pull requests.
  • Building a functional, demo-ready MVP in a very short time.
  • Designing a solution aligned with the Atlassian ecosystem and Forge.
  • Showing that compliance can be developer-friendly.

What we learned

We learned how to work with Forge as a secure, opinionated serverless platform, and how to design apps that respect permissions and user context.

We also reinforced the idea that compliance tools only work when they integrate naturally into developers’ daily workflows.

Finally, we learned the importance of focus in a hackathon: solving one problem well is better than trying to solve everything.

What’s next for GitGov Audit

After Codegeist, we plan to extend GitGov Audit with:

  • Support for additional frameworks such as SOC 2 and ISO 27001.
  • Deeper CI/CD integration to block risky merges.
  • AI-assisted audit agents.
  • More automated remediation suggestions.
  • Expansion to other Atlassian products and workflows.

Our vision is to make GitGov Audit the continuous governance and compliance layer for modern software teams.

Share this project:

Updates