compliance
There are 683 repositories under compliance topic.
CISOfy/lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
prowler-cloud/prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
wazuh/wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
open-policy-agent/opa
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
codenotary/immudb
immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history
aquasecurity/tfsec
Security scanner for your Terraform code
bridgecrewio/checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
cloud-custodian/cloud-custodian
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
deepfence/ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
ossec/ossec-hids
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
inspec/inspec
InSpec: Auditing and Testing Framework
0x6d69636b/windows_hardening
HardeningKitty and Windows Hardening settings and configurations
ComplianceAsCode/content
Security automation content in SCAP, Bash, Ansible, and other formats
yannh/kubeconform
A FAST Kubernetes manifests validator, with support for Custom Resources!
ballerine-io/ballerine
Open-source infrastructure and data orchestration platform for risk decisioning
Bearer/bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
HummerRisk/HummerRisk
HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。
usnistgov/macos_security
macOS Security Compliance Project
nsacyber/Windows-Secure-Host-Baseline
Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
oss-review-toolkit/ort
A suite of tools to automate software compliance checks.
bytedance/appshark
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
lunasec-io/lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
terraform-compliance/cli
a lightweight, security focused, BDD test framework against terraform.
OpenSCAP/openscap
NIST Certified SCAP 1.2 toolkit
strongdm/comply
Compliance automation framework, focused on SOC2
aws-cloudformation/cloudformation-guard
Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0
square/sudo_pair
Plugin for sudo that requires another human to approve and monitor privileged sudo sessions
stelligent/cfn_nag
Linting tool for CloudFormation templates
securitybunker/databunker
Secure SDK/vault for personal records/PII built to comply with GDPR
tern-tools/tern
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
jonrau1/ElectricEye
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks
mikeroyal/Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
project-copacetic/copacetic
🧵 CLI tool for directly patching container images using reports from vulnerability scanners
fossology/fossology
FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.
privacyradius/gdpr-checklist
The GDPR Checklist
owasp-dep-scan/dep-scan
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.