#Compliance

Showing 60 of 160 repositories tagged #compliance, ranked by stars

wazuh
wazuh
wazuh

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Score
100
โ˜… 16.1k โ‘‚ 2.4k +4/day
C++
CISOfy
CISOfy
lynis

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Score
100
โ˜… 15.9k โ‘‚ 1.6k +28/day
Shell
prowler-cloud
prowler-cloud
prowler

Prowler is the worldโ€™s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

Score
100
โ˜… 14.1k โ‘‚ 2.2k +2/day
Python
open-policy-agent
open-policy-agent
opa

Open Policy Agent (OPA) is an open source, general-purpose policy engine.

Score
100
โ˜… 11.9k โ‘‚ 1.6k +4/day
Go
codenotary
codenotary
immudb

immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history

Score
80
โ˜… 9.0k โ‘‚ 371 +3/day
Go
bridgecrewio
bridgecrewio
checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Score
80
โ˜… 8.9k โ‘‚ 1.4k +3/day
Python
kyverno
kyverno
kyverno

Unified Policy as Code

Score
90
โ˜… 7.9k โ‘‚ 1.4k +1/day
Go
aquasecurity
aquasecurity
tfsec

Tfsec is now part of Trivy

Score
70
โ˜… 7.0k โ‘‚ 555 +1/day
Go
cloud-custodian
cloud-custodian
cloud-custodian

Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

Score
60
โ˜… 6.0k โ‘‚ 1.6k +1/day
Python
deepfence
deepfence
ThreatMapper

Open Source Cloud Native Application Protection Platform (CNAPP)

Score
97
โ˜… 5.3k โ‘‚ 636 +1/day
TypeScript
ossec
ossec
ossec-hids

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

Score
99
โ˜… 5.0k โ‘‚ 1.1k โ€”
C
microsoft
microsoft
agent-governance-toolkit

AI Agent Governance Toolkit โ€” Policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering for autonomous AI agents. Covers 10/10 OWASP Agentic Top 10.

Score
40
โ˜… 4.7k โ‘‚ 689 +6/day
Python
HotCakeX
HotCakeX
Harden-Windows-Security

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | SLSA Level 3 Compliant for Secure Development and Build Process | Apps Available on MS Storeโœจ

Score
96
โ˜… 4.5k โ‘‚ 320 โ€”
C#
intuitem
intuitem
ciso-assistant-community

CISO Assistant is a one-stop-shop GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, BIA, Privacy, and Reporting. It supports 150+ global frameworks with automatic control mapping, including ISO 27001, NIST CSF, SOC 2, CIS, PCI DSS, NIS2, DORA, GDPR, HIPAA, CMMC, and more.

Score
97
โ˜… 4.2k โ‘‚ 774 +4/day
Python
yannh
yannh
kubeconform

A FAST Kubernetes manifests validator, with support for Custom Resources!

Score
94
โ˜… 3.1k โ‘‚ 167 +10/day
Go
inspec
inspec
inspec

InSpec: Auditing and Testing Framework

Score
95
โ˜… 3.1k โ‘‚ 676 +1/day
Ruby
ComplianceAsCode
ComplianceAsCode
content

Security automation content in SCAP, Bash, Ansible, and other formats

Score
93
โ˜… 2.8k โ‘‚ 813 โ€”
Shell
Bearer
Bearer
bearer

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Score
91
โ˜… 2.7k โ‘‚ 141 +2/day
Go
0x6d69636b
0x6d69636b
windows_hardening

HardeningKitty and Windows Hardening Settings

Score
92
โ˜… 2.6k โ‘‚ 328 โ€”
PowerShell
usnistgov
usnistgov
macos_security

macOS Security Compliance Project

Score
20
โ˜… 2.4k โ‘‚ 300 +5/day
YAML
ballerine-io
ballerine-io
ballerine

Open-source infrastructure and data orchestration platform for risk decisioning

Score
0
โ˜… 2.4k โ‘‚ 303 +1/day
TypeScript
trycompai
trycompai
comp

AI Native platform to get companies compliant - Vanta & Drata Alternative

Score
89
โ˜… 1.7k โ‘‚ 338 โ€”
TypeScript
project-copacetic
project-copacetic
copacetic

๐Ÿงต CLI tool for directly patching container images!

Score
86
โ˜… 1.7k โ‘‚ 121 +14/day
Go
strongdm
strongdm
comply

Compliance automation framework, focused on SOC2

Score
50
โ˜… 1.6k โ‘‚ 285 +2/day
Go
HummerRisk
HummerRisk
HummerRisk

HummerRisk ๆ˜ฏไบ‘ๅŽŸ็”Ÿๅฎ‰ๅ…จๅนณๅฐ๏ผŒๅŒ…ๆ‹ฌๆททๅˆไบ‘ๅฎ‰ๅ…จๆฒป็†ๅ’Œไบ‘ๅŽŸ็”Ÿๅฎ‰ๅ…จๆฃ€ๆต‹ใ€‚

Score
54
โ˜… 1.5k โ‘‚ 239 โ€”
Java
securitybunker
securitybunker
databunker

Secure Vault for Customer PII/PHI/PCI/KYC Records

Score
84
โ˜… 1.5k โ‘‚ 94 โ€”
Go
lunasec-io
lunasec-io
lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Score
53
โ˜… 1.5k โ‘‚ 167 โ€”
TypeScript
terraform-compliance
terraform-compliance
cli

a lightweight, security focused, BDD test framework against terraform.

Score
91
โ˜… 1.5k โ‘‚ 159 +1/day
Python
aws-cloudformation
aws-cloudformation
cloudformation-guard

Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0

Score
85
โ˜… 1.4k โ‘‚ 196 +1/day
Rust
stelligent
stelligent
cfn_nag

Linting tool for CloudFormation templates

Score
51
โ˜… 1.3k โ‘‚ 209 โ€”
Ruby
square
square
sudo_pair

Plugin for sudo that requires another human to approve and monitor privileged sudo sessions

Score
50
โ˜… 1.3k โ‘‚ 46 โ€”
Rust
getprobo
getprobo
probo

Open source solutions for SOC2, GDPR, and ISO27001

Score
60
โ˜… 1.2k โ‘‚ 177 +4/day
Go
wazuh
wazuh
wazuh-docker

Wazuh - Docker containers

Score
88
โ˜… 1.1k โ‘‚ 564 +2/day
Shell
Arudjreis
Arudjreis
awesome-security-GRC

Curated list of resources for security Governance, Risk Management, Compliance and Audit professionals and enthusiasts (if they exist).

Score
57
โ˜… 1.1k โ‘‚ 206 +3/day
tern-tools
tern-tools
tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

Score
64
โ˜… 1.0k โ‘‚ 187 โ€”
Python
usnistgov
usnistgov
OSCAL

Open Security Controls Assessment Language (OSCAL)

Score
82
โ˜… 925 โ‘‚ 244 +3/day
XSLT
getplumber
getplumber
plumber

Plumber detects CI/CD security issues in your GitHub workflows and gives you a score

Score
73
โ˜… 754 โ‘‚ 30 +1/day
Go
Sushegaad
Sushegaad
Claude-Skills-Governance-Risk-and-Compliance

Claude Skills for Governance, Risk, & Compliance (GRC): Expert-level compliance guidance for ISO 27001, SOC 2, FedRAMP, GDPR, HIPAA, NIST CSF, PCI DSS, EU AI Act, ISO 42001, ISO 27701, DORA, CSRD, India's DPDPA, CMMC 2.0, NIST AI Risk, SWIFT, Australia's ISM, EU NIS2, CCPA/CPRA, and others. Benchmark 97% (with skills) vs 81% (without skills).

Score
80
โ˜… 729 โ‘‚ 151 +5/day
HTML
opengovern
opengovern
opensecurity

opensecurity: open-source security and compliance. See and secure your cloud, containers, code, networks, deployments, devices. Define your rules, get precise checks, fix gaps fast. Streamlined audits. No fluff.

Score
34
โ˜… 716 โ‘‚ 29 โ€”
TypeScript
Normation
Normation
rudder

Rudder is a configuration and security automation platform. Manage your Cloud, hybrid or on-premises infrastructure in a simple, scalable and dynamic way.

Score
77
โ˜… 692 โ‘‚ 89 โ€”
Scala
bmarsh9
bmarsh9
gapps

Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking

Score
74
โ˜… 685 โ‘‚ 150 +2/day
HTML
utmstack
utmstack
UTMStack

Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.

Score
72
โ˜… 577 โ‘‚ 75 +1/day
TypeScript
chainloop-dev
chainloop-dev
chainloop

SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more

Score
70
โ˜… 568 โ‘‚ 53 โ€”
Go
armijnhemel
armijnhemel
binaryanalysis-ng

Binary Analysis Next Generation (BANG)

Score
69
โ˜… 529 โ‘‚ 72 โ€”
Python
wazuh
wazuh
wazuh-ruleset

Wazuh - Ruleset

Score
39
โ˜… 523 โ‘‚ 232 โ€”
Python
wazuh
wazuh
wazuh-dashboard-plugins

Plugins for Wazuh Dashboard

Score
78
โ˜… 516 โ‘‚ 236 โ€”
TypeScript
antonbabenko
antonbabenko
terraform-aws-devops

Info about many of my Terraform, AWS, DevOps, and AI (tada!) projects.

Score
88
โ˜… 500 โ‘‚ 94 โ€”
sandworm-hq
sandworm-hq
sandworm-audit

Security & License Compliance For Your App's Dependencies ๐Ÿชฑ

Score
19
โ˜… 475 โ‘‚ 7 โ€”
JavaScript
international-explore
international-explore
awesome-privacy-chinese

[WIP]ๅ›ฝๅ†…้š็งๅˆ่ง„ๆŠ€ๆœฏไบคๆต

Score
23
โ˜… 474 โ‘‚ 72 +1/day
xeol-io
xeol-io
xeol

A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs

Score
65
โ˜… 442 โ‘‚ 33 +2/day
Go
mondoohq
mondoohq
cnspec

An open source, cloud-native security to protect everything from build to runtime

Score
66
โ˜… 432 โ‘‚ 38 +1/day
Go
wazuh
wazuh
wazuh-ansible

Wazuh - Ansible playbook

Score
76
โ˜… 415 โ‘‚ 232 +1/day
Shell
turbot
turbot
steampipe-mod-aws-compliance

Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Powerpipe and Steampipe.

Score
64
โ˜… 413 โ‘‚ 70 โ€”
Puppet
SHAdd0WTAka
SHAdd0WTAka
Zen-Ai-Pentest

๐Ÿ›กโš”๏ธAI-Powered Penetration Testing Framework with automated vulnerability scanning, multi-agent system, and compliance reporting๐Ÿ›กโš”๏ธ

Score
68
โ˜… 413 โ‘‚ 73 +2/day
Python
mine-ai-xyz
mine-ai-xyz
mine-ai

Open-source reference implementations for AI-enabled payment security, blockchain fraud detection, and AML/CFT compliance reasoning.

Score
100
โ˜… 375 โ‘‚ 1 โ€”
Python
open-policy-agent
open-policy-agent
opa-envoy-plugin

A plugin to enforce OPA policies with Envoy

Score
85
โ˜… 357 โ‘‚ 127 โ€”
Go
kexa-io
kexa-io
Kexa

Kexa's simple rules (Open Source) make it easy to monitoring and manage alerting of your entire cloud. With various monitoring and alerting options, instant and detailed alerts, easy-to-deploy and low in infrastructure costs, in turns complexity into simplicity.

Score
62
โ˜… 350 โ‘‚ 13 โ€”
TypeScript
Ramseygithub
Ramseygithub
ai-legal-compliance-assistant

AI-powered legal compliance assistant for alcohol beverage pricing laws โ€” extracts, analyzes, and explains New York state-level regulationsusing RAG + knowledge-graph reasoning.

Score
75
โ˜… 329 โ‘‚ 45 +1/day
Python
bridgecrewio
bridgecrewio
checkov-action

This GitHub Action runs Checkov against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues.

Score
82
โ˜… 311 โ‘‚ 115 +2/day
HCL
netfishers-onl
netfishers-onl
Netshot

Network Configuration and Compliance Management

Score
100
โ˜… 281 โ‘‚ 69 โ€”
Java
Related Topics
#security#pci-dss#gdpr#security-tools#devsecops#security-hardening#audit#aws#soc2#vulnerability-detection#devops

ยฉ 2026 GitRepoTrend ยท GitHub repositories by topic ยท Updated weekly