BETA · GateTest is in active polish ahead of public launch. Some flows are rough. Found a bug? hello@gatetest.ai — we're reading every message.
SGCountry-specific compliance

GateTest for Singapore

The PDPA and the IM8 Instruction Manual together govern what Singapore software must do at the technical layer. GateTest's 91 modules catch the secret-hygiene, configuration-hardening, and dependency-safety findings the PDPC and IM8 assessors look for in one scan.

Run a scan — from $29See compliance modules

What devs in Singapore build with

Stack and host shapes we see across the Singapore dev market — GateTest is tuned for all of them.

Popular stack
Next.jsTypeScriptPostgresStripeNode.js
Popular hosts
AWS Singapore (ap-southeast-1)VercelCloudflare

The 3 modules most relevant in Singapore

Every Singapore scan runs all 91 modules — these three are the highest-signal for PDPA + IM8.

secretsSecurity

AWS keys, GitHub tokens, Stripe keys, passwords, private keys, DB strings — caught before commit.

tlsSecuritySecurity

rejectUnauthorized: false, verify=False, NODE_TLS_REJECT_UNAUTHORIZED=0 and other MITM-shipping shapes.

dependenciesSecurity

Supply-chain hygiene across npm, pip, Pipenv, Poetry, go.mod, Cargo, Bundler, Composer, Maven, Gradle.

PDPA + IM8 — what GateTest catches

Each bullet ties a real GateTest module to a specific clause in the Singapore compliance landscape. Official source →

secrets
PDPA §24 — protection obligation

secrets module catches the credential-shape findings the PDPC has cited in successive financial penalty decisions — AWS keys, Stripe live, GitHub PATs, JWTs, private keys.

tlsSecurity
IM8 — encryption in transit

tlsSecurity flags rejectUnauthorized: false, NODE_TLS_REJECT_UNAUTHORIZED=0, Python verify=False / CERT_NONE / _create_unverified_context — the MITM-shipping anti-patterns IM8 explicitly forbids.

dependencies
IM8 — software supply chain

dependencies scans npm / pip / Poetry / go.mod / Cargo / Bundler / Composer / Maven / Gradle for wildcards, deprecated packages, missing lockfiles — the supply-chain controls IM8 calls out.

cookieSecurity
PDPA §24 — reasonable security arrangements

cookieSecurity flags httpOnly: false, secure: false, weak session secrets ('changeme', 'keyboard cat'), Python SESSION_COOKIE_HTTPONLY = False — the configuration findings the PDPC commonly cites.

ssrf
IM8 — secure coding

ssrf taints req.* sources to fetch / axios / got / http.request sinks and flags hardcoded cloud-metadata endpoints (169.254.169.254, metadata.google.internal) — IM8's SSRF control.

Honest limitations

GateTest is a code-quality + security scanner — not a SOC 2 / HIPAA / ISO auditor. We catch the technical findings auditors look for, but the audit itself needs a qualified human assessor.

  • ·GateTest is not a PDPA / IM8 certifying authority — we produce the technical findings; certification still needs the PDPC's recognised assessors.
  • ·IM8 applies specifically to Singapore government suppliers — private-sector shops still get value from the same controls.

Who hires GateTest in Singapore

Singapore-listed fintech inside the MAS TRM Guidelines
GovTech vendor on AGIL-aligned procurement
Regional SaaS shipping to Singapore public-sector buyers

Pricing

Starting at $29 USD — paid via Stripe in your local currency.

Quick
$29
4 modules
Full
$99
All 91 modules
Scan + Fix
$199
+ AI auto-fix PR
Forensic
$399
+ pair review + exec summary
CLI is MIT-licensedAvailable on GitHub Marketplace soon

Try it on your own repo

$29 Quick scan, no signup. Pay only when results land.

Run a Singapore scan — $29