.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
How Integrations Work
DSALTA connects to your existing tools to automatically collect compliance evidence. When you connect an integration, DSALTA performs the following:Pulls access data
Every integration provides user accounts, roles, and permissions — feeding the Access module for automated access reviews.
Pulls module-specific data
Depending on the integration type, DSALTA also pulls infrastructure inventory, code changes, vulnerability findings, incident data, and more.
Runs automated tests
DSALTA generates system tests specific to each integration. For example, “MFA enabled for all users” for identity providers, or “S3 buckets encrypted” for AWS. Tests run automatically on a schedule.
Key Principles
Read-Only Access
DSALTA uses read-only API permissions. We never modify, delete, or create resources in your connected systems.
Evidence Collection
Every data point pulled from an integration serves as audit evidence with timestamps and source attribution.
Automatic Test Generation
When you connect an integration, DSALTA automatically generates the relevant compliance tests. No manual configuration is needed.
Manual + Automated
Integration data and manual entries coexist in the same tables. Auditors see both — integration-sourced records show the integration name, while manual records show “Manual.”
Data Library Modules
Each integration feeds one or more modules in the DSALTA Data Library:| Module | What It Contains | Fed By |
|---|---|---|
| Access | Who has access to what across all systems | All integrations |
| People | Employee directory, policy approvals, training | Identity providers, HRMS |
| Inventory | Servers, databases, repos, SaaS tools, devices | Cloud providers, hosting platforms |
| Vulnerabilities | CVEs, security findings, SLA tracking | Vulnerability scanners, cloud security, GitHub |
| Incidents | Security incident lifecycle tracking | Monitoring tools, cloud providers |
| Changes | Change management with approval workflows | Project management tools, ticketing |
| Code Changes | Pull requests, code reviews, CI checks | Code repositories (read-only) |
| Devices | Company devices, OS, encryption, screen lock | MDM platforms, endpoint security |
| Tests | Automated compliance checks (pass/fail) | Generated by all integrations |
Integration Categories
Identity Providers
Google Workspace, Microsoft Entra ID, Okta, JumpCloud, OneLogin
Cloud Infrastructure
AWS, GCP, Azure, DigitalOcean, Heroku, Netlify
Code Repositories
GitHub, GitLab, Bitbucket, Azure DevOps
Security & Monitoring
Qualys, Wiz, Microsoft Defender for Endpoint, Datadog, Grafana, Sentry, Cloudflare
Databases
MongoDB Atlas, Snowflake
SaaS & Productivity
Slack, Asana, Linear, Trello, Figma, HubSpot, Salesforce, Zoom, Box, Intercom
All integrations use read-only API access. DSALTA never modifies your systems. Data is encrypted in transit (TLS 1.3) and at rest (AES-256).