End-to-end Testing

Quality engineering, on autopilot.

Record once, replay anywhere. CompliApp turns business flows into versioned scenarios, runs them across data sets, and ships a release-ready report — without writing a single line of test code.

Chrome recorder Data-driven runs Replay & assertion editor Flaky-test detection

compliapp.healthitplatform.com/testing/cycles

Cycles

Passed

412

Failed

Flaky

Checkout · happy path regression-v3.csv · 18 rows

Pass

Patient signup scenarios/patient-onboarding

Run

Provider portal · forms edge-cases.xlsx

Pass

Search & filters autopilot-discovered

Fail

AI Auto-Pilot

An AI that drives your whole release.

A local LLM agent boots a real Chromium, explores your app, drafts user-story scenarios, runs security pipelines on the same flow, and writes the report. Hands-off. Locally. Never touches the cloud.

Auto-explore Self-healing scripts Vision & visual diff (moondream) Auto-generated reports

Launch the auto-pilot → How it works

autopilot · qwen2.5:3b · moondream · running locally

→10:00:01autopilot session a1f9 initialised

→10:00:04launching chromium · authenticated as qa-bot@acme.com

→10:00:11crawling app · 47 pages discovered

→10:00:19generating scenarios · 12 user stories drafted

→10:00:27replaying "add-patient → schedule visit" · 24 steps

→10:00:36vision check · layout drift on /dashboard

→10:00:55report.pdf ready · 312 assertions · 4 defects · 7 vulns

Vulnerability Assessment

Every scanner. One pipeline.

CompliApp orchestrates the open-source security stack — OWASP ZAP, nuclei, sqlmap, nikto, dalfox, nmap and more — across authenticated & unauthenticated surfaces, with findings deduped, scored, and mapped to OWASP / CWE.

10+ scanners orchestrated AI-driven login & OTP CVSS 3.0 + CWE mapping PII / PHI redaction

Run a security scan → View coverage

compliapp.healthitplatform.com/scans/471/findings

Critical

High

Medium

PII / PHI

CRIT

SQL Injection · /api/reportsboolean-based · CVSS 9.8

sqlmap

HIGH

Reflected XSS · /search?q=OWASP A03 · CWE-79

dalfox

HIGH

CVE-2024-3094 detectedliblzma compromise · supply-chain

nuclei

MED

Missing CSP header4 routes affected

ZAP

GRC · Compliance

Audit-ready evidence, on demand.

Every test, scan, and document maps automatically to the controls your auditors care about. Walk into your next HIPAA, SOC 2, or ISO 27001 review with the binder already filled out.

HIPAA · ISO 27001 · SOC 2 · GDPR Control matrix per framework Evidence vault + signoffs Branded PDF / HTML exports

Open compliance → See our certifications

compliapp.healthitplatform.com/compliance/matrix

ISO

ISO/IEC 27001114 controls

98%

SOC

SOC 2 Type II72 trust criteria

96%

GDPR

GDPREU privacy regulation

100%

HIPAA

HIPAA / HITECH164 safeguards

94%

Overall compliance posture

94% across 4 active frameworks · last assessed 2 hours ago

Privacy by design

Local AI. Zero data egress.

Every model that drives the auto-pilot, every screenshot it takes, every byte of evidence the platform collects, stays on the appliance you control. Designed for organizations handling PHI, ePHI, and sensitive source code.

Local LLMs via Ollama No SaaS · no telemetry Air-gappable single VM Signed audit trail

Auto-Pilotqwen2.5 · moondream

Scanner farmZAP · nuclei · sqlmap

Evidence vaultSQLite · local FS

Live signalsSocket.IO · webhooks

0 bytes leave your perimeter — no cloud APIs, no LLM round-trips

A platform by Value Health — turn-key end-to-end testing, security & compliance for healthcare-grade applications. Built on a decade of Gen-AI work for life-sciences and provider organizations.

Engineered by Value Health

For more than a decade, Value Health has been a trusted Gen-AI partner to the healthcare industry — building responsible, HIPAA-conscious technology that accelerates patient outcomes. CompliApp 2.0 is the same discipline, applied to the quality, security, and compliance of every healthcare-grade application you ship.

Visit valuehealthai.com →

One platform · three jobs

Test it. Secure it. Prove it. — without switching tools.

Most teams stitch quality, security, and compliance together from a dozen vendors. CompliApp unifies all three under one auto-pilot so QA, AppSec, and GRC share the same evidence, dashboard, and audit trail.

01 · TEST

End-to-end test automation

Record once, replay anywhere — across releases, environments, and data sets. No code required.

Chrome recorder extension + step editor
Projects → scenarios → steps, versioned
Data-driven runs: CSV / XLSX / manual
Replay editor with screenshot & assertion tuning
Test cycles, batch reports, PDF export
Flaky-test detection & user-story export

02 · SECURE

Vulnerability assessment (VAPT)

Every essential web scanner orchestrated under one pipeline — authenticated, deduped, OWASP-aligned.

Crawl + 10+ scanners (ZAP, nuclei, sqlmap, dalfox…)
AI-driven login & OTP handling
CVSS 3.0, OWASP / CWE mapping, dedup
PII / PHI detection — 13+ pattern types
Network & asset discovery + change tracking
Side-by-side run comparison

03 · PROVE

Governance, risk & compliance

Capture, organize, and ship audit evidence with one click. Built for regulated programs.

Control matrix per framework
Document & evidence vault, signed uploads
Departmental portals (Privacy, Security, Legal)
Multi-tenant + RBAC + full audit log
Branded HIPAA / OWASP / PCI reports
Scheduled re-attestations & notifications

AI Auto-Pilot

An AI that drives your QA & AppSec while your team does the hard thinking.

CompliApp's auto-pilot mode boots a real Chromium session, navigates your application like a tester, generates assertions on what it sees, runs full security pipelines against the same flow, and writes a release-ready report — all on its own, locally, without ever sending your data to the cloud.

Auto-explore

Discovers your app, generates user-story scenarios on the fly.

Self-healing scripts

Steps reroute when selectors drift, keeping suites green for longer.

Vision & visual diff

moondream visual model flags layout regressions and unexpected UI states.

Auto-generated reports

Natural-language scan + test summaries, branded and audit-ready.

autopilot · qwen2.5:3b · moondream · running locally

→10:00:01autopilot session a1f9 initialised

→10:00:04launching chromium · authenticated as qa-bot@acme.com

→10:00:11crawling app · 47 pages discovered

→10:00:19generating scenarios · 12 drafted

→10:00:27replaying "add-patient → schedule visit" · 24 steps

→10:00:36vision check · layout drift detected on /dashboard

→10:00:42dispatching ZAP active + nuclei against authenticated surface

→10:00:55report.pdf ready · 312 assertions · 4 defects · 7 vulns

Privacy by design

Local AI.
Zero data egress.

Every model that drives the auto-pilot, every screenshot it takes, every finding the scanners report, and every byte of evidence collected lives on the appliance you control. Built for organizations who can't afford to send PHI, source code, or session tokens to a SaaS scanner.

LLMs run via Ollama on the VM (qwen2.5, moondream)
No third-party scanner SaaS · no shipped logs · no telemetry
Air-gappable deployment · runs on a single Ubuntu VM
Encrypted local SQLite stores + signed audit trail

Auto-Pilotqwen2.5 · moondream

Scanner farmZAP · nuclei · sqlmap

Evidence vaultSQLite · local FS

Live signalsSocket.IO · webhooks

0 bytes leave your perimeter — no cloud APIs, no LLM round-trips

Built to your auditor's standard

Aligned with the frameworks that matter.

CompliApp is operated under a security program that holds itself to enterprise-grade information-security certifications. The platform's evidence model maps to the controls you'll need at your next audit.

ISO/IEC 27001

Information Security Management System

CERTIFIED

SOC 2 Type II

Security · Availability · Confidentiality

ATTESTED

GDPR

EU General Data Protection Regulation

COMPLIANT

HIPAA

Health Insurance Portability & Accountability

SAFEGUARDED

Everything inside

Built deep, not shallow.

A sample of what's in the box. Sign in to see the full surface area — 14 modules, multi-tenant, RBAC, real-time everywhere.

AI Auto-Pilot mode

A local LLM agent drives the whole test & scan cycle — discovers, replays, scans, reports, and notifies. Hands-off CI integration.

Chrome recorder extension

Capture real user flows in any browser, push directly into a CompliApp scenario — step capture, screenshot diff, instant replay.

OWASP-aligned VAPT

OWASP Top 10 + business logic + authenticated surface. CVSS 3.0 scoring, CWE mapping, per-finding remediation playbooks.

Auto-Explore

Point at a URL, walk away. The auto-pilot maps the application, drafts user-story scenarios, and runs them against multiple data sets.

Real-time Socket.IO

Every page is live: scan progress, test cycle status, finding stream, manual auth prompts, and OTP submission flow over one channel.

Audit-ready reports

One-click branded PDF / HTML reports per scan, per cycle, or per control framework. Evidence + signoff chain ships with every export.

Projects · versions · runs

Group targets under projects. Compare every numbered run — new, resolved, persistent — and trend risk across environments.

PII / PHI detection

13+ pattern types — SSN, credit card, JWT, API key, PHI markers — automatically masked, classified, and ready for the privacy office.

Data-driven scenarios

Upload CSV / XLSX or fill manually. Every row becomes a parameterised run, with per-row screenshots and pass / fail evidence.

Scheduled scans

One-time, hourly, daily, weekly, monthly — with target groups, enable/disable, and a live next-run countdown. Cron under the hood.

Network & asset discovery

Every device, port, and service rolled up. Change tracking, whitelisting, alerts on new/changed assets, distributed probe agents.

Compliance matrix

Map every test, scan, and document to controls in HIPAA, OWASP ASVS, PCI-DSS, NIST CSF, ISO 27001 — watch the matrix go green.

RBAC + multi-tenant

Tenants, departmental portals, granular roles (admin / analyst / viewer / GRC) — every action logged in an immutable audit trail.

Webhooks & alerts

Slack, Discord, Teams, email, generic webhooks. Severity thresholds, deduped events, retries, test send — wire into existing on-call.

API + Swagger

Generate API keys with expiry & usage tracking, exercise the full platform via REST, browse the spec in an integrated Swagger UI.

3-in-1

Test · Security · Compliance

Platform modules

10+

Integrated scanners

Bytes leaving your perimeter

How it works

From a URL to a signed release report.

Whether you start by recording a flow, pointing at an environment, or attaching a compliance control, every action funnels into the same auto-pilot — and the same release-ready evidence.

STEP 01

Record & map

Use the recorder extension, paste cookies, or let the auto-pilot crawl. A real Chromium session captures the asset surface and your business flows.

STEP 02

Run the pipeline

Test scenarios + security scanners + compliance controls execute in parallel. Live findings stream into the dashboard via Socket.IO.

STEP 03

Sign & ship

Branded PDF / HTML report bundles test evidence, vulnerabilities, control attestations, and signoffs — ready for stakeholders & regulators.

Open-source engines under the hood — orchestrated, not replaced

Playwright

Ollama · qwen2.5

moondream (vision)

OWASP ZAP

nmap

nuclei

nikto

sqlmap

dalfox

subfinder

httpx

ffuf

Ready to put your releases on autopilot?

Open the platform → Talk to Value Health