PR Trail - SOC 2 Change Control Evidence

PR Trail turns GitHub pull requests into SOC 2 change control evidence: screenshots of each PR's conversation, annotated with control labels and an audit log, ready to hand to an auditor.

Evidence maps to CC 8.1: "The entity authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives."

GitHub Repository

owner/repo

GitHub token (optional for public repos)

Fine-grained PAT: Pull requests + Actions (Read-only); private repos also need Contents (Read-only). Classic PAT with the repo scope also works, including for CI checks. ⓘGitHub's check-runs endpoint can sometimes return "Resource not accessible" for fine-grained tokens even when every relevant permission is granted. This is a known platform limitation, not a misconfiguration on your end (community discussion #129512). A classic PAT with the repo scope reliably avoids it. PR Trail still renders the rest of the card and simply omits the Checks section when this happens.

Input mode

Enter PR numbers

0 PR numbers detected

Audit log options

GitHub link

Merge commit SHA

Fetch timestamp

Sampling manifest (shown only when Mode 2/3 sampling was used)

Highlight evidence regions (draws a red box around Reviewers, Checks, and the merge record)

Everything configured above (audit log options) applies to every PR card fetched below. Change a setting and click Fetch PRs again to re-render with the new settings.