BETA · GateTest is in active polish ahead of public launch. Some flows are rough. Found a bug? hello@gatetest.ai — we're reading every message.
AUCountry-specific compliance

GateTest for Australia

The Privacy Act 1988 (as amended) and the ACSC Essential Eight together set the technical bar for Australian software. GateTest's 91 modules cover the secret-hygiene, dependency-safety, logging-discipline and configuration-hardening findings the OAIC and ACSC assessors look for.

Run a scan — from $29See compliance modules

What devs in Australia build with

Stack and host shapes we see across the Australia dev market — GateTest is tuned for all of them.

Popular stack
Next.jsTypeScriptPostgresStripeNode.js
Popular hosts
AWS Sydney (ap-southeast-2)VercelCloudflare

The 3 modules most relevant in Australia

Every Australia scan runs all 91 modules — these three are the highest-signal for Privacy Act 1988 + Essential Eight.

secretsSecurity

AWS keys, GitHub tokens, Stripe keys, passwords, private keys, DB strings — caught before commit.

dependenciesSecurity

Supply-chain hygiene across npm, pip, Pipenv, Poetry, go.mod, Cargo, Bundler, Composer, Maven, Gradle.

tlsSecuritySecurity

rejectUnauthorized: false, verify=False, NODE_TLS_REJECT_UNAUTHORIZED=0 and other MITM-shipping shapes.

Privacy Act 1988 + Essential Eight — what GateTest catches

Each bullet ties a real GateTest module to a specific clause in the Australia compliance landscape. Official source →

secrets
APP 11 — security of personal information

secrets module catches credential shapes before commit. The OAIC's recent Notifiable Data Breach reports consistently cite exposed credentials in source as a root cause.

dependencies
Essential Eight — patch applications

dependencies flags pinned-to-vulnerable, 'latest' pins (silent drift), deprecated packages and missing lockfiles across every major ecosystem — the gate ACSC Essential Eight maturity 2 asks for.

kubernetes
Essential Eight — configure Microsoft Office macro settings / restrict admin

kubernetes module flags privileged containers, hostNetwork, runAsUser: 0, docker.sock mounts and dangerous capabilities — the misconfigurations Essential Eight 'restrict administrative privileges' translates into for K8s.

logPii
APP 11 — destruction or de-identification when no longer needed

logPii flags PII written to application logs — logs that get archived become a quiet APP 11 violation when retention exceeds need.

ciSecurity
Essential Eight — application control

ciSecurity flags unpinned GitHub Actions, pwn-request shapes, shell-injection via ${{ github.event.* }}, secret-echo, missing permissions: — the supply-chain holes Essential Eight maturity 3 calls out.

Honest limitations

GateTest is a code-quality + security scanner — not a SOC 2 / HIPAA / ISO auditor. We catch the technical findings auditors look for, but the audit itself needs a qualified human assessor.

  • ·Essential Eight maturity levels are self-assessed; GateTest produces technical evidence but doesn't issue a maturity rating.
  • ·Australian data-residency requirements depend on the dataset (My Health Record vs general PII); GateTest doesn't check host region.

Who hires GateTest in Australia

Sydney SaaS bidding for a DTA digital-marketplace contract
Melbourne health-tech holding My Health Record adjacent data
Brisbane fintech preparing AUSTRAC-aligned controls

Pricing

Starting at $29 USD — paid via Stripe in your local currency.

Quick
$29
4 modules
Full
$99
All 91 modules
Scan + Fix
$199
+ AI auto-fix PR
Forensic
$399
+ pair review + exec summary
CLI is MIT-licensedAvailable on GitHub Marketplace soon

Try it on your own repo

$29 Quick scan, no signup. Pay only when results land.

Run a Australia scan — $29