Show HN: Kanto.ai – The soc2 ready infra agent

I am launching kanto.ai and looking for early beta users.

This came out of my own experience. I was responsible for building and maintaining SOC-2 compliance for a Kubernetes application in GCP. The GCP Cloud Foundation Blueprints are a solid starting point, but they are difficult to set up and even harder to keep updated as requirements, policies, and cloud services evolve. Many aspects required for Soc2 are also not provided out of the box.

kanto.ai is a GitHub bot that bootstraps an enterprise-grade, multi-repo, git-ops first GCP deployment and automates ongoing maintenance. It watches GitHub issues and generates Terraform pull requests with best practices built in. Under the hood it uses GCP’s Cloud Foundation Toolkit modules for projects, networking, org policies, IAM, and more. The goal is to keep infrastructure SOC-2 ready out of the box.

Right now it is early with a landing page and working prototype. I would love feedback from anyone who has dealt with SOC-2, Kubernetes, or the Foundation Blueprints in GCP.

Does this solve a real pain you have felt? What blockers did you run into with SOC-2 in GCP? If you used the GCP Cloud Foundation Toolkit, what worked and what did not?

Thanks.