This product was not featured by Product Hunt yet. It will not be visible on their landing page and won't be ranked (cannot win product of the day regardless of upvotes).
Self-hosted SOC 2 compliance for teams that can't justify Vanta's $10K-$15K/year. 33 automated checks across AWS, GitHub, GCP, Azure mapped to AICPA TSC 2017. 20 manual controls with evidence. RFC 3161 timestamps on every attestation (DigiCert, verifiable offline with OpenSSL). Deploys in one docker-compose. Flat tiers from $99/mo. First 25 buyers per tier get 20% off forever.
Hey PH, maker of Scorifya Controls here.
The tool came from a pattern I kept seeing: engineering teams getting SOC 2 requirements in enterprise procurement questionnaires 6-12 months before they were ready to spend $12K/year on Vanta or Drata. The gap between "spreadsheet" and "enterprise SaaS with enterprise pricing" was real and nobody was filling it.
A few things worth highlighting:
The RFC 3161 timestamps are the part I hadn't seen anywhere else in self-hosted tooling. The problem: if your compliance tool controls the timestamps on your evidence, your auditor doing Type II has to take your word for the dates. RFC 3161 moves that trust to DigiCert, their root cert is in Windows, macOS, and Adobe's trust store, so auditors can verify offline without trusting Scorifya at all.
The check library was built by engineers who have actually run compliance programs in production, PCI DSS, FedRAMP, SOC 2. Remediation guidance is specific because it comes from having fixed these things across real AWS, GCP, and Azure environments, not from reading AICPA documentation.
Self-hosted was a deliberate choice. Some teams, especially in financial services, healthcare, or defense, can't send their cloud credentials to a third-party SaaS regardless of price. If your data can't leave your environment, Controls is currently the only self-hosted option with real automation.
Happy to answer questions about the SOC 2 audit mechanics, the timestamp verification, or what any specific check actually tests.
Technical writeup on the RFC 3161 implementation if you want the details: scorifya.com/blog/rfc-3161-soc2-timestamps
Finally a compliance tool that doesn't assume I'm a Fortune 500 company. Got it running with the docker-compose in about ten minutes and the RFC 3161 timestamps worked exactly as advertised when I verified them offline.
Scorifya Controls was submitted on Product Hunt and earned 6 upvotes and 2 comments, placing #157 on the daily leaderboard. Self-hosted SOC 2 compliance for teams that can't justify Vanta's $10K-$15K/year. 33 automated checks across AWS, GitHub, GCP, Azure mapped to AICPA TSC 2017. 20 manual controls with evidence. RFC 3161 timestamps on every attestation (DigiCert, verifiable offline with OpenSSL). Deploys in one docker-compose. Flat tiers from $99/mo. First 25 buyers per tier get 20% off forever.
Scorifya Controls was featured in SaaS (43k followers), Developer Tools (515.4k followers) and Security (2.7k followers) on Product Hunt. Together, these topics include over 129k products, making this a competitive space to launch in.
Who hunted Scorifya Controls?
Scorifya Controls was hunted by Cedric Brown. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
Want to see how Scorifya Controls stacked up against nearby launches in real time? Check out the live launch dashboard for upvote speed charts, proximity comparisons, and more analytics.