MergeWhy
Back to Docs

Live Compliance Certificate

Share a public, real-time compliance URL with customers and auditors instead of a static SOC 2 PDF.

Overview

A Live Compliance Certificate is a public, shareable URL that proves your organization's compliance posture in real time. Instead of emailing a 6-month-old SOC 2 PDF, share a link that updates with every code change:

https://mergewhy.com/certificate/acme-corp

Note

No authentication is required to view a certificate. Anyone with the URL can verify your compliance status.

What the Certificate Shows

  • Organization name and verification status
  • Continuously monitored since date
  • Per-framework compliance scores (SOC 2, SOX, CMMC, etc.)
  • Changes monitored — total pull requests tracked
  • Evidence coverage — percentage of changes with complete evidence
  • Vault sealed — percentage of evidence cryptographically sealed
  • Cryptographic verification — every evidence record is SHA-256 sealed
  • Embeddable badge code for your README or website

Enabling Your Certificate

Your certificate page is automatically available once your organization has an active MergeWhy account. The URL slug is your organization's identifier:

https://mergewhy.com/certificate/<your-org-slug>

Find your org slug in Dashboard → Settings → General.

Compliance Badges

Add live compliance badges to your README, documentation, or website. Badges update automatically and show your current compliance percentage:

Badge URL Format

https://mergewhy.com/api/badge/<org-slug>/<framework>.svg

Markdown (README)

README.md
![SOC 2 Compliance](https://mergewhy.com/api/badge/acme-corp/soc2.svg)
![SOX ITGC](https://mergewhy.com/api/badge/acme-corp/sox-itgc.svg)
![CMMC L2](https://mergewhy.com/api/badge/acme-corp/cmmc-l2.svg)

HTML

HTML embed
<a href="https://mergewhy.com/certificate/acme-corp">
  <img src="https://mergewhy.com/api/badge/acme-corp/soc2.svg"
       alt="SOC 2 Compliance" />
</a>

Tip

Link the badge to your certificate page so visitors can click through to see full compliance details.

Available Framework Badges

FrameworkBadge Path
SOC 2/api/badge/<slug>/soc2.svg
SOX ITGC/api/badge/<slug>/sox-itgc.svg
HIPAA/api/badge/<slug>/hipaa.svg
ISO 27001/api/badge/<slug>/iso27001.svg
CMMC L2/api/badge/<slug>/cmmc-l2.svg
FedRAMP/api/badge/<slug>/fedramp.svg
NIST 800-53/api/badge/<slug>/nist-800-53.svg
PCI DSS/api/badge/<slug>/pci-dss.svg

Badge Colors

Badges automatically change color based on compliance score:

  • Green — 80% or above
  • Amber — 60–79%
  • Red — below 60%

Caching

Badge SVGs are cached for 5 minutes. After a new PR is merged and compliance is re-evaluated, the badge will reflect the updated score within 5 minutes.

Use Cases

Customer Due Diligence

When a prospect asks for your SOC 2 report, share your certificate URL instead. They see real-time compliance data rather than a point-in-time PDF that may be months old.

Vendor Security Questionnaires

Link to your certificate in vendor questionnaire responses to demonstrate continuous compliance monitoring.

Open Source Projects

Add compliance badges to your README to show that your project follows rigorous change management practices.

Client-Side CollectorTroubleshooting