compliance
There are 1067 repositories under compliance topic.
CISOfy/lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
wazuh/wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
prowler-cloud/prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuous monitoring, security assessments & audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
open-policy-agent/opa
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
codenotary/immudb
immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history
bridgecrewio/checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
aquasecurity/tfsec
Tfsec is now part of Trivy
cloud-custodian/cloud-custodian
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
deepfence/ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
ossec/ossec-hids
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
intuitem/ciso-assistant-community
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec, Compliance/Audit Management, Privacy and supporting +100 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, CyFun, AirCyber, NCSC, ECC, SCF and so much more
inspec/inspec
InSpec: Auditing and Testing Framework
yannh/kubeconform
A FAST Kubernetes manifests validator, with support for Custom Resources!
ComplianceAsCode/content
Security automation content in SCAP, Bash, Ansible, and other formats
0x6d69636b/windows_hardening
HardeningKitty and Windows Hardening Settings
Bearer/bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
ballerine-io/ballerine
Open-source infrastructure and data orchestration platform for risk decisioning
usnistgov/macos_security
macOS Security Compliance Project
oss-review-toolkit/ort
A suite of tools to automate software compliance checks.
bytedance/appshark
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
nsacyber/Windows-Secure-Host-Baseline
Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
OpenSCAP/openscap
NIST Certified SCAP 1.2 toolkit
HummerRisk/HummerRisk
HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。
lunasec-io/lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
project-copacetic/copacetic
🧵 CLI tool for directly patching container images!
strongdm/comply
Compliance automation framework, focused on SOC2
terraform-compliance/cli
a lightweight, security focused, BDD test framework against terraform.
aws-cloudformation/cloudformation-guard
Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0
securitybunker/databunker
Secure Vault for Customer PII/PHI/PCI/KYC Records
stelligent/cfn_nag
Linting tool for CloudFormation templates
square/sudo_pair
Plugin for sudo that requires another human to approve and monitor privileged sudo sessions
owasp-dep-scan/dep-scan
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
trycompai/comp
The open source compliance platform - Drata & Vanta Alternative
jonrau1/ElectricEye
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks
mikeroyal/Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
tern-tools/tern
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.