#Compliance
Showing 60 of 160 repositories tagged #compliance, ranked by stars
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Prowler is the worldโs most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Unified Policy as Code
Tfsec is now part of Trivy
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Open Source Cloud Native Application Protection Platform (CNAPP)
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
AI Agent Governance Toolkit โ Policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering for autonomous AI agents. Covers 10/10 OWASP Agentic Top 10.
Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | SLSA Level 3 Compliant for Secure Development and Build Process | Apps Available on MS Storeโจ
CISO Assistant is a one-stop-shop GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, BIA, Privacy, and Reporting. It supports 150+ global frameworks with automatic control mapping, including ISO 27001, NIST CSF, SOC 2, CIS, PCI DSS, NIS2, DORA, GDPR, HIPAA, CMMC, and more.
A FAST Kubernetes manifests validator, with support for Custom Resources!
InSpec: Auditing and Testing Framework
Security automation content in SCAP, Bash, Ansible, and other formats
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
HardeningKitty and Windows Hardening Settings
macOS Security Compliance Project
Open-source infrastructure and data orchestration platform for risk decisioning
AI Native platform to get companies compliant - Vanta & Drata Alternative
๐งต CLI tool for directly patching container images!
Compliance automation framework, focused on SOC2
HummerRisk ๆฏไบๅ็ๅฎๅ จๅนณๅฐ๏ผๅ ๆฌๆททๅไบๅฎๅ จๆฒป็ๅไบๅ็ๅฎๅ จๆฃๆตใ
Secure Vault for Customer PII/PHI/PCI/KYC Records
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
a lightweight, security focused, BDD test framework against terraform.
Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0
Linting tool for CloudFormation templates
Plugin for sudo that requires another human to approve and monitor privileged sudo sessions
Open source solutions for SOC2, GDPR, and ISO27001
Wazuh - Docker containers
Curated list of resources for security Governance, Risk Management, Compliance and Audit professionals and enthusiasts (if they exist).
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
Open Security Controls Assessment Language (OSCAL)
Plumber detects CI/CD security issues in your GitHub workflows and gives you a score
Claude Skills for Governance, Risk, & Compliance (GRC): Expert-level compliance guidance for ISO 27001, SOC 2, FedRAMP, GDPR, HIPAA, NIST CSF, PCI DSS, EU AI Act, ISO 42001, ISO 27701, DORA, CSRD, India's DPDPA, CMMC 2.0, NIST AI Risk, SWIFT, Australia's ISM, EU NIS2, CCPA/CPRA, and others. Benchmark 97% (with skills) vs 81% (without skills).
opensecurity: open-source security and compliance. See and secure your cloud, containers, code, networks, deployments, devices. Define your rules, get precise checks, fix gaps fast. Streamlined audits. No fluff.
Rudder is a configuration and security automation platform. Manage your Cloud, hybrid or on-premises infrastructure in a simple, scalable and dynamic way.
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking
Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.
SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
Binary Analysis Next Generation (BANG)
Wazuh - Ruleset
Plugins for Wazuh Dashboard
Info about many of my Terraform, AWS, DevOps, and AI (tada!) projects.
Security & License Compliance For Your App's Dependencies ๐ชฑ
[WIP]ๅฝๅ ้็งๅ่งๆๆฏไบคๆต
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
An open source, cloud-native security to protect everything from build to runtime
Wazuh - Ansible playbook
Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Powerpipe and Steampipe.
๐กโ๏ธAI-Powered Penetration Testing Framework with automated vulnerability scanning, multi-agent system, and compliance reporting๐กโ๏ธ
Open-source reference implementations for AI-enabled payment security, blockchain fraud detection, and AML/CFT compliance reasoning.
A plugin to enforce OPA policies with Envoy
Kexa's simple rules (Open Source) make it easy to monitoring and manage alerting of your entire cloud. With various monitoring and alerting options, instant and detailed alerts, easy-to-deploy and low in infrastructure costs, in turns complexity into simplicity.
AI-powered legal compliance assistant for alcohol beverage pricing laws โ extracts, analyzes, and explains New York state-level regulationsusing RAG + knowledge-graph reasoning.
This GitHub Action runs Checkov against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues.
Network Configuration and Compliance Management