Claw GRC/Docs
Start Free
🔌

Integrations

Connect your existing tools to Claw GRC for automated evidence collection. Integrations eliminate manual evidence gathering — once connected, your compliance posture updates continuously as your systems change.

Overview of All 18 Integrations

Claw GRC integrates with the most common cloud, developer, identity, and security tools. Each integration has a different evidence collection scope — some collect continuously, others on a daily schedule.

IntegrationCategoryEvidence Collected
AWS CloudTrailCloud Infrastructure — Access logs, config changes, IAM events, compliance reportsContinuous
AWS ConfigCloud Infrastructure — Resource configuration history, compliance rule evaluationsDaily
AWS IAMIdentity — IAM credential report, access analyzer findings, policy reportsDaily
GitHubDeveloper — Branch protection, PR reviews, signed commits, dependency alerts, secrets scanningDaily
GitLabDeveloper — MR approvals, pipeline results, DAST/SAST reports, container scanningDaily
OktaIdentity — MFA enrollment, session policies, admin access logs, user lifecycleContinuous
Google WorkspaceIdentity & SaaS — Access logs, 2-step enrollment, DLP reports, audit logsDaily
Microsoft Entra IDIdentity — Conditional access policies, MFA status, privileged identity managementDaily
SlackCommunication — Training completion notifications, policy acknowledgment records, incident alertsWebhook
JiraProject Management — Change management tickets, incident timelines, security review approvalsDaily
LinearProject Management — Issue tracking, security reviews, sprint completion recordsDaily
SnykSecurity — Dependency vulnerability reports, license compliance, container image scansDaily
DependabotSecurity — GitHub-native dependency alerts and auto-remediation statusDaily
DatadogMonitoring — Alerting rules, log management configuration, uptime reportsDaily
PagerDutyIncident Response — Incident timelines, escalation policy records, on-call schedulesDaily
CloudflareNetwork Security — WAF rule configuration, DDoS protection reports, access logsDaily
Google Cloud (GCP)Cloud Infrastructure — Cloud Audit Logs, Security Command Center reports, IAM binding reportsContinuous
AzureCloud Infrastructure — Azure Monitor logs, Security Center recommendations, RBAC reportsDaily

Connect GitHub + AWS first

For most SOC 2 and ISO 27001 journeys, connecting GitHub and AWS CloudTrail first provides the most evidence coverage. These two integrations alone can auto-satisfy 30–40% of SOC 2 controls with fresh evidence.

AWS Setup Guide

The AWS integration uses a cross-account IAM role for read-only access to your AWS environment. No credentials are stored in Claw GRC — we use role assumption.

1

Create the IAM role

~5 min

In your AWS account, create an IAM role with the following configuration:

claw-grc-iam-policy.jsonjson
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "cloudtrail:DescribeTrails",
        "cloudtrail:GetTrailStatus",
        "cloudtrail:LookupEvents",
        "config:DescribeConfigRules",
        "config:GetComplianceDetailsByConfigRule",
        "iam:GenerateCredentialReport",
        "iam:GetCredentialReport",
        "iam:ListUsers",
        "iam:ListPolicies",
        "iam:GetAccountPasswordPolicy",
        "iam:ListMFADevices",
        "iam:ListVirtualMFADevices",
        "s3:GetBucketAcl",
        "s3:GetBucketPolicy",
        "s3:GetBucketVersioning",
        "s3:ListAllMyBuckets",
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeInstances"
      ],
      "Resource": "*"
    }
  ]
}
2

Set trust policy

~2 min

Set the role's trust policy to allow Claw GRC to assume it:

{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Principal": {
      "AWS": "arn:aws:iam::123456789012:root"
    },
    "Action": "sts:AssumeRole",
    "Condition": {
      "StringEquals": {
        "sts:ExternalId": "YOUR_CLAW_GRC_EXTERNAL_ID"
      }
    }
  }]
}

Get your External ID from Dashboard → Integrations → AWS → Connect → Step 2. The External ID is unique per organization and prevents confused deputy attacks.

3

Enter role ARN in Claw GRC

~1 min

Copy the IAM role ARN (format: arn:aws:iam::123456789012:role/ClawGRCRole) and paste it into the AWS integration setup in Claw GRC. Click Test Connectionto verify the role assumption works, then Save Integration.

GitHub Setup Guide

GitHub integration uses a GitHub App installed on your organization. This provides fine-grained, revocable permissions — no personal access tokens.

1

Install the Claw GRC GitHub App

~3 min

Navigate to Dashboard → Integrations → GitHub → Install App. You'll be redirected to GitHub to install the Claw GRC app on your organization. Select which repositories to grant access to (all repos, or specific repos).

Required permissions: Read access to repository contents, code scanning alerts, Dependabot alerts, pull requests, and organization metadata. No write permissions are requested.

2

Authorize the integration

~1 min

After installing the app, you'll be redirected back to Claw GRC with an authorization code. The integration is automatically activated. You'll see a green checkmark indicating successful connection.

3

Configure collection scope

~2 min

In the GitHub integration settings, configure:

  • Repository filter — Scope collection to specific repositories or patterns (e.g., *-api)
  • Default branch — Which branch represents your production baseline
  • Evidence types — Toggle which evidence types to collect (branch protection, signed commits, etc.)

Okta Setup Guide

Okta integration uses an Okta API token with read-only scopes.

1

Create a read-only API token

~3 min

In the Okta admin console, navigate to Security → API → Tokens → Create Token. Name the token ClawGRC-ReadOnly. The token inherits the permissions of the creating admin account — use a dedicated service account with read-only privileges.

Use a dedicated service account

Don't create the Okta API token with your personal admin account. Create a dedicatedclaw-grc-service@yourcompany.com account with read-only permissions, and use that to generate the token.
2

Enter Okta domain and token

~1 min

In Claw GRC, navigate to Integrations → Okta → Connect. Enter your Okta domain (format: yourcompany.okta.com) and paste the API token. Click Test & Save.

MCP Server Integration

The Claw GRC MCP Server is a special integration that lets AI agents (Claude, GPT-4, or any MCP-compatible assistant) directly query and interact with your compliance data.

For full MCP setup instructions and tool reference, see the MCP Protocol documentation.

claude_desktop_config.jsonjson
{
  "mcpServers": {
    "claw-grc": {
      "command": "npx",
      "args": ["claw-grc-mcp-server@latest"],
      "env": {
        "CLAW_GRC_API_KEY": "cgrc_live_...",
        "CLAW_GRC_ORG_ID": "00000000-0000-0000-0000-000000000001"
      }
    }
  }
}
📎
Evidence Collection
Understand what evidence each integration collects and how it maps to controls
🧠
MCP Protocol
Full MCP tool reference for connecting AI agents to Claw GRC