compliance-as-code

Titan-Systems/titan

Titan Core - Snowflake infrastructure-as-code. Provision environments, automate deploys, CI/CD. Manage RBAC, users, roles, and data access. Declarative Python Resource API. Change Management tool for the Snowflake data warehouse.

Admyral-Technologies/admyral

🤖 Admyral enables continuous control monitoring for any custom control

awslabs/aws-config-engine-for-compliance-as-code

Manage AWS Config Rules at scale in AWS multi-account and/or multi-region environment; with fully configurable deployment (RuleSets) and analytics.

gjyoung1974/soc2-policy-templates

Template SOC2 Policy Authority - documentation pipeline

paulveillard/cybersecurity-SOAR

A collection of awesome framework, libraries, learning tutorials, videos, webcasts, technical resources and cool stuff about Security Orchestration, Automation and Response (SOAR).

aws-samples/aws-control-tower-controls-terraform

This repository describes how to use AWS Control Tower controls, HashiCorp Terraform, and infrastructure as code (IaC) to implement and administer preventive, detective, and proactive security controls. A control (also known as a guardrail) is a high-level rule that provides ongoing governance for your overall AWS Control Tower environment.

goldfiglabs/introspector

A schema and set of tools for using SQL to query cloud infrastructure.

aws-samples/aws-security-hub-response-and-remediation

Pre-configured response & remediation playbooks for AWS Security Hub

ComplianceAsCode/auditree-framework

The Auditree framework tool to run compliance control checks as unit tests.

deepfence/deepfence_runtime_api

Deepfence Runtime API & code samples

ethyca/fidesops

Privacy as Code for DSAR Orchestration: Privacy Request automation to fulfill GDPR, CCPA, and LGPD data subject requests.

aws-samples/aws-infra-policy-as-code-with-terraform

Implements OPA-based preventive security controls for AWS Infrastructure using Terraform Infrastructure as Code (IaC), that can establish a security baseline and safeguard resources before deployment into the AWS Accounts and reduce security risks.

zsolt-halo/aws-config-advanced-query

A collection of useful queries that can be used to verify compliance/security across your AWS assets

paulveillard/cybersecurity-soc-compliance

A collection of awesome framework, libraries, documents, learning tutorials, resources about SOC 2 tools and processes.

usnistgov/blossom-case-study

A case study for ACSAC 2022 utilizing OSCAL with a custom GitHub action to automate assessments.

gjyoung1974/hardened-windows-server

Hardened Windows Server image

undergroundwires/ez-consent

🍪 Minimal & vanilla JS only cookie consent banner with no dependencies with Google consent mode support

ComplianceAsCode/auditree-arboretum

The Auditree common fetchers, checks and harvest reports library.

ComplianceAsCode/auditree-harvest

The Auditree data gathering and reporting tool.

BrunoReboul/ram

Real-time Asset Monitor

gjyoung1974/policy-pipeline

Policy Pipeline : place an SDLC around your compliance documentation with a pipeline that renders policy-as-code to human friendly formats

ComplianceAsCode/auditree-plant

The Auditree tool for adding external evidence.

aws-samples/audit-manager-custom-security-frameworks

In addition to providing a solution to create and manage custom security controls and frameworks this repository provide an integration of the security frameworks of France within AWS Audit Manager in order to simplify security assessments.

iwazirijr/teaching-toolkit

collection of materials and resources I use to teach computer security classes

mitre/cosa

COSA (Compliance Orchestration Situational Awareness) is a multi-part system which allows teams to integrate compliance into a CI/CD pipeline, shift security left (in the DevSecOps process), and track/report progress towards compliance goals. It orchestrates a series of tests, each of which may be automated, manual, or inherited. As a result, it promotes incremental achievement rather than assuming that 100% automation is possible. Multiple control catalogs are supported. Note that COSA is not a scanner - instead, it uses existing scanners to perform that function, recording the results as attachments.

ComplianceAsCode/auditree-prune

The Auditree evidence removal tool.

gjyoung1974/docker-cloudsploit

dockerized-cloudsplot, CloudSploit is a security and configuration scanner that can detect hundreds of threats in your AWS account. Don't let a single misstep compromise your entire infrastructure.

mitre/compliance-mapper

(WIP) (ALPHA) Compliance Mapper is a web-based rest-api and application for information assurance control mapping

paulveillard/cybersecurity-hipaa-compliance

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about HIPAA Compliance in Cybersecurity

austinsonger/Make-HIPAA-Compliance

Helping Operating Systems become HIPAA Compliant

paulveillard/cybersecurity-compliance-as-code

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Compliance.

ATO-ASAP/website

datapio/klander

Audit your Kubernetes cluster state and reconcile it

auditmation/policy-as-code

Template for Policy as Code repositories

bazc-io/baz-test-collection

Collections help you test an aspect of your infrastructure through the Baz system. Get started at https://docs.bazc.io/quickstart