Vanta handles/automates(ish) the compliance process for actual regulatory frameworks/programs (SOC2, ISO27001, GDPR, etc). From looking at their site/repo for Kexa, they don't have anything specific to this type of compliance.
In theory you could use Kexa to set up rules to help you achieve compliance, but you'd still need a Vanta or something else to help you understand if you're actually compliant with a given framework.
We have to look and study this solution but maybe.
We can define in a yaml a set of rules for a project and verify that no changes has been made cross platform with a cicd, docker, kub, script for compliance.
we can discuss further on slack if you want.
