Supported frameworks
Probo provides structured control sets and audit workflows for the following frameworks:- SOC 2 — Service Organization Control 2 (Trust Services Criteria)
- ISO 27001 — Information security management systems
- ISO 27701 — Privacy information management (extension to ISO 27001)
- ISO 42001 — AI management systems
- GDPR — General Data Protection Regulation
- HIPAA — Health Insurance Portability and Accountability Act
Architecture
Probo is a single deployable binary (probod) that serves both the API and the embedded frontend assets.
| Layer | Technology |
|---|---|
| Backend | Go |
| Frontend | React + TypeScript (Relay, TailwindCSS) |
| Database | PostgreSQL |
| File storage | S3-compatible (SeaweedFS) |
| GraphQL API | Console and connect APIs (gqlgen) |
| MCP API | Model Context Protocol for AI agent access |
| CLI | prb — command-line interface for all platform operations |
| Observability | OpenTelemetry, Prometheus, Grafana, Loki, Tempo |
Who Probo is for
Probo is designed for engineering and security teams at startups that need to achieve compliance certifications quickly. It gives you a transparent, community-driven alternative to expensive SaaS GRC tools, with the option to run entirely on your own infrastructure.Get started
Quick start
Set up Probo locally or connect to the cloud-hosted version.
Compliance frameworks
Explore the control sets for SOC2, ISO27001, GDPR, HIPAA, and more.
Risk management
Track inherent and residual risk scores across your organization.
Trust center
Publish your security posture on a branded, public-facing trust page.
API reference
Automate compliance workflows via the GraphQL and MCP APIs.
CLI (prb)
Manage risks, controls, evidence, and more from the command line.