Overview

Scrut integrates with Heroku via secure API key–based authentication to automatically ingest configuration and database settings. The integration runs daily tests to verify that Postgres backups are enabled, user data is encrypted at rest, and Multi-AZ is enabled for all databases. By syncing these insights directly into Scrut’s GRC platform, the integration eliminates manual checks and provides audit-ready evidence for compliance, data protection, and business continuity.

Why Connect

• Prove backups, encryption, and Multi-AZ are enabled
• Eliminate manual verification of database configurations
• Provide audit-ready service settings for resilience compliance.

Supported Automated Tests

Scrut provides pre-built automated tests for Heroku. Here are a few examples of Scrut’s Heroku tests:

• Access reviews completed for all in-scope applications
• Heroku accounts associated with users
• Heroku accounts deprovisioned when employees leave

Supported Automated Evidence

Scrut automates the collection of some evidences for Heroku. Here are a few examples of Scrut’s Heroku-driven evidences that can be collected:

• Alerts from firewall for suspicious activity
• Enabled Multi-Factor Authentication
• Encryption Configuration Settings for Data in Transit
• Encryption for Data at Rest or Transit
• Firewall Configurations Settings
• Firewall Rule Review
• Multi-AZ implementation for database
• Network traffic restrictions for database (security group)
• Offboarding - Logical Access & Physical Access Revocation
• Password Management - Password Configuration for All In-Scope Applications and Infrastructure
• Reports of User Access Reviews
• User Access Approval list to Application, Infrastructure and Service