Getting Started
Set up MergeWhy in under 2 minutes and see evidence captured from your first PR merge.
Quick Start (SaaS)
MergeWhy connects to your GitHub repositories via a GitHub App. In three steps you will have compliance evidence captured automatically from every pull request.
Step 1: Create an Account
Sign up at mergewhy.com/sign-up. Create or join an organization during onboarding.
Step 2: Install the GitHub App
Navigate to Settings → Integrations and click “Connect GitHub.” You will be redirected to GitHub to authorize the MergeWhy App. Select the repositories you want to monitor.
Tip
Step 3: Enable Compliance Frameworks
Go to Settings → Compliance and enable the frameworks relevant to your organization (SOC 2, SOX ITGC, HIPAA, FedRAMP, etc.). Each pull request will be evaluated against the controls of your enabled frameworks.
What Happens Next
Once connected, MergeWhy automatically processes webhook events from GitHub. When a pull request is opened, it creates a Decision Evidence Record (DER) that captures:
- PR description and change context
- Linked Jira/Linear/GitHub tickets
- Code reviews and approvals
- CI/CD test results and security scan findings
- AI-powered documentation quality analysis
When the PR is merged, the evidence is sealed in a cryptographic vault (SHA-256) and evaluated against your enabled compliance controls.
Evidence Score
Each DER receives a 0-100 evidence score based on six factors: description quality (20 pts), ticket links (15 pts), code reviews (15 pts), CI/CD evidence (25 pts), AI assessment (15 pts), and gap resolution (10 pts).