{"slug": "how-i-built-zeroaudit-ai-powered-soc-2-compliance-automation-with-aws-dynamodb", "title": "How I built ZeroAudit — AI-powered SOC 2 compliance automation with AWS DynamoDB and Vercel", "summary": "A developer built ZeroAudit, an AI-powered SOC 2 compliance automation tool using AWS DynamoDB and Vercel. The tool connects to services like GitHub, AWS CloudTrail, and PagerDuty to automatically collect evidence for 42 controls, classify it with Grok AI, and generate audit-ready reports. DynamoDB was chosen for its single-table design with org-scoped queries, avoiding the complexity of joins.", "body_md": "SOC 2 Type II audits are painful. Auditors want evidence for 42 controls — who has access, are vulnerabilities patched on time, does every deployment go through review. Normally you pay a consultant $15-50k and spend months collecting screenshots and logs manually.\n\nZeroAudit connects to your tools and has an AI agent collect that evidence automatically, then classifies it against SOC 2 controls and generates an audit-ready report.\n\nLive demo: [https://zero-audit-red.vercel.app](https://zero-audit-red.vercel.app)\n\nGitHub: [https://github.com/mazurenkodmytro0710/ZeroAudit](https://github.com/mazurenkodmytro0710/ZeroAudit)\n\nWhy DynamoDB\n\nI chose DynamoDB over Aurora because every query I need is org-scoped. There are no cross-org queries anywhere in the app. Single-table design with two GSIs covers all access patterns without joins. Aurora would've been overkill.\n\nThe schema uses PK: ORG#orgId with SK patterns for evidence, agent runs, integrations, and metadata. GSI1 queries evidence by control sorted by time. GSI2 queries controls by coverage status.\n\nWhat's real vs simulated\n\nReal data from live API calls: CC7.2 uses Dependabot alerts and code scanning from GitHub. CC8.1 uses pull requests and branch protection rules. CC6.1 uses repository collaborators. A1.2 uses IAM events and console logins from AWS CloudTrail. CC7.4 uses incident history from PagerDuty.\n\nSimulated: CC6.2 would need Okta for real user provisioning data. The AI classification runs on whatever evidence it gets — real or mock.\n\nAI agent architecture\n\nThe agent runs as a fire-and-forget background process. POST /api/agent/run returns 202 immediately. I tried doing it synchronously but Vercel functions timeout at 10 seconds and 6 controls plus AI calls take around 2 minutes.\n\nEach control fetches real evidence from connected integrations, merges it with mock evidence for context, sends it to Grok (grok-3-mini via OpenAI-compatible API), parses the response for coverageStatus, riskLevel, and reasoning, then saves the artifact to DynamoDB.\n\nThe UI polls /api/agent/status every 3 seconds while showing a terminal animation. The animation is pre-scripted per control and doesn't wait for actual API responses — intentional UX decision.\n\nI switched from Gemini to Grok mid-development because Gemini's free tier hit daily quota. Grok's OpenAI-compatible API made the switch a one-line change.\n\nStack\n\nFrontend: Next.js App Router, TypeScript, Tailwind CSS. Database: AWS DynamoDB in eu-north-1, single-table design. AI: Grok API grok-3-mini. Auth: GitHub OAuth, custom implementation. Integrations: GitHub API, AWS CloudTrail, PagerDuty API. Deploy: Vercel.\n\nDynamoDB note: the table is named soc2-autopilot in eu-north-1. DynamoDB only allows creating one GSI at a time while another is being backfilled — I hit this during setup and had to wait about 5 minutes between GSI creations.\n\nWhat I'd do with more time\n\nOkta integration for real user provisioning data, scheduled scans via Vercel Cron, fixing deduplication at the write level instead of read time, search that actually filters the evidence map, and CSV export for auditors.\n\nCreated for H0: Hack the Zero Stack Hackathon #H0Hackathon\n\nLive demo: [https://zero-audit-red.vercel.app](https://zero-audit-red.vercel.app)\n\nGitHub: [https://github.com/mazurenkodmytro0710/ZeroAudit](https://github.com/mazurenkodmytro0710/ZeroAudit)", "url": "https://wpnews.pro/news/how-i-built-zeroaudit-ai-powered-soc-2-compliance-automation-with-aws-dynamodb", "canonical_source": "https://dev.to/dmytro_mazurenko/how-i-built-zeroaudit-ai-powered-soc-2-compliance-automation-with-aws-dynamodb-and-vercel-3dgg", "published_at": "2026-06-25 10:32:52+00:00", "updated_at": "2026-06-25 10:43:25.378627+00:00", "lang": "en", "topics": ["artificial-intelligence", "ai-agents", "developer-tools", "ai-infrastructure", "ai-products"], "entities": ["ZeroAudit", "AWS DynamoDB", "Vercel", "GitHub", "AWS CloudTrail", "PagerDuty", "Grok", "Okta"], "alternates": {"html": "https://wpnews.pro/news/how-i-built-zeroaudit-ai-powered-soc-2-compliance-automation-with-aws-dynamodb", "markdown": "https://wpnews.pro/news/how-i-built-zeroaudit-ai-powered-soc-2-compliance-automation-with-aws-dynamodb.md", "text": "https://wpnews.pro/news/how-i-built-zeroaudit-ai-powered-soc-2-compliance-automation-with-aws-dynamodb.txt", "jsonld": "https://wpnews.pro/news/how-i-built-zeroaudit-ai-powered-soc-2-compliance-automation-with-aws-dynamodb.jsonld"}}