Now in public beta

Catch HIPAA violations before they ship

Complint reviews every pull request for HIPAA compliance issues and posts inline findings — like a linter, but for healthcare regulations. No config required.

Install on GitHubSee It In Action

14-day free trial · 50 credits · 2-minute setup

pull request #142 — feat: add patient export endpoint

you opened this pull request

just now

Complint is scanning 4 changed files...

Findings

Critical — PHI Exposure

Patient SSN returned in API response body at src/api/patients/export.ts:47

45 CFR §164.312(a)(1) — Access Control

Medium — Missing Audit Trail

No audit log entry for bulk patient data export at src/api/patients/export.ts:52

45 CFR §164.312(b) — Audit Controls

Pass — TLS Encryption

Transport encryption enforced for all endpoints.

How It Works

Three steps. Two minutes. Zero config.

Install Complint

github.com/apps/Complint

Select repositories
Approve permissions
Done. Complint is watching.

What It Catches

Complint maps every code change against the HIPAA Security Rule.

PHI Exposure

Detects patient identifiers, SSNs, and medical records leaking through API responses, logs, or error messages.

45 CFR §164.502

Encryption Gaps

Flags missing encryption for data at rest and in transit -- including database fields, file storage, and API endpoints.

45 CFR §164.312(a)(2)(iv)

Missing Audit Trails

Catches operations on ePHI that lack proper audit logging -- read, create, update, delete, and export actions.

45 CFR §164.312(b)

Access Control Issues

Identifies endpoints and functions that access ePHI without proper authentication, authorization, or role checks.

45 CFR §164.312(a)(1)

Data Retention

Flags ePHI that lacks expiration policies, cleanup routines, or proper disposal mechanisms.

45 CFR §164.310(d)(2)(i)

Insecure Configs

Detects hardcoded credentials, debug modes in production, permissive CORS, and other configuration risks.

45 CFR §164.312(c)(1)

Built for Developer Workflows

Complint fits into how you already work. No new tools to learn, no process changes, no security theater.

  • No CI pipeline changes required
  • Works with any language or framework
  • Findings appear as inline PR comments
  • Configurable severity thresholds
  • Suppress false positives with inline annotations
  • Dashboard for historical findings and trends
terminal

# 1. Install the GitHub App

open https://github.com/apps/Complint

# 2. Select your repositories

acme-health/patient-portal

acme-health/ehr-api

# 3. Open a PR. That's it.

git push origin feat/patient-export

Complint will analyze your next PR automatically

Simple, Credit-Based Pricing

Start free with 50 credits. Subscribe monthly or buy one-time. No per-seat fees.

Free Trial

Freefor 14 days

Add a payment method and get 50 credits to scan real PRs — no charge unless you buy more.

  • 50 credits
  • 14-day trial period
  • All finding categories
  • Inline PR comments
  • Dashboard access
Start Free Trial
Most Popular

Starter

$30/ 500 credits

Subscribe monthly or buy one-time. No per-seat fees — pay only for what you scan.

  • 500 credits per purchase
  • $30/mo subscription available
  • All finding categories
  • Inline PR comments
  • Dashboard + analytics
  • Email support
Get Started

Enterprise

Custom

Volume pricing, SSO/SAML, and priority support for teams with high PR volume.

  • Volume credit pricing
  • All finding categories
  • Inline PR comments
  • Dashboard + analytics
  • SSO / SAML
  • Dedicated support
Contact Us

Frequently Asked Questions

Everything you need to know about Complint.

Stop shipping HIPAA violations.
Start shipping with confidence.

Install Complint in 2 minutes and get HIPAA compliance review on your very next pull request.

Install on GitHub

50 free credits · 14-day trial