compliance
There are 685 repositories under compliance topic.
betterscan-ce
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
OSCAL
Open Security Controls Assessment Language (OSCAL)
wazuh-docker
Wazuh - Docker containers
super
S.U.P.E.R.M.A.N. optimizes the macOS software update experience.
awesome-security-GRC
Curated list of resources for security Governance, Risk Management, Compliance and Audit professionals and enthusiasts (if they exist).
rudder
Rudder is a configuration and security automation platform. Manage your Cloud, hybrid or on-premises infrastructure in a simple, scalable and dynamic way.
privado
Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.
symmetric-encryption
Symmetric Encryption for Ruby Projects using OpenSSL
sandworm-audit
Security & License Compliance For Your App's Dependencies 🪱
binaryanalysis-ng
Binary Analysis Next Generation (BANG)
ciso-assistant-community
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, 800-171, CyFun, CJIS, AirCyber and so much more
wazuh-dashboard-plugins
Plugins for Wazuh Dashboard
wazuh-ruleset
Wazuh - Ruleset
cfripper
Library and CLI tool for analysing CloudFormation templates and check them for security compliance.
OpenDSR
A common framework enabling companies to work together to protect consumers' privacy and data rights.
gapps
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com
steampipe-mod-aws-compliance
Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Powerpipe and Steampipe.
awesome-privacy-chinese
[WIP]国内隐私合规技术交流
xeol
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
chainloop
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
opa-envoy-plugin
A plugin to enforce OPA policies with Envoy
reposaur
Open source compliance tool for development platforms.
iambic
IAMbic is Version-Control for IAM. It centralizes and simplifies cloud access and permissions. It maintains an eventually consistent, human-readable, bi-directional representation of IAM in Git.
wazuh-ansible
Wazuh - Ansible playbook
sandworm-guard-js
Easy auditing & sandboxing for your JavaScript dependencies 🪱
dns-violations
List of DNS violations by implementations, software and/or systems
cnspec
An open source, cloud-native security to protect everything from build to runtime
cis-benchmarks-audit
Simple command line tool to check for compliance against CIS Benchmarks
Netshot
Network Configuration and Compliance Management
todogroup.org
Official TODO Website that containts TODO Guides, OSPO use cases and more resources to advance in the OSPO journey
aws-allowlister
Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.
checkov-action
This GitHub Action runs Checkov against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues.
allero
By scanning CI/CD misconfigurations, Allero helps reduce production issues, harden your security posture and shift-left CI/CD from DevOps to developers.
UTMStack
Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence
dockerspec
A small Ruby Gem to run RSpec and Serverspec, Infrataster and Capybara tests against Dockerfiles or Docker images easily.
gdpr-tracker
A crowdsourced directory tracking the compliance and security practices of cloud services and their subprocessors