compliance

There are 685 repositories under compliance topic.

  • betterscan-ce

    Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

    Language:Python703

  • OSCAL

    Open Security Controls Assessment Language (OSCAL)

    Language:XSLT641

  • wazuh-docker

    Wazuh - Docker containers

    Language:Shell592

  • super

    S.U.P.E.R.M.A.N. optimizes the macOS software update experience.

    Language:Shell577
  • awesome-security-GRC

    awesome-security-GRC

    Curated list of resources for security Governance, Risk Management, Compliance and Audit professionals and enthusiasts (if they exist).

    543

  • rudder

    Rudder is a configuration and security automation platform. Manage your Cloud, hybrid or on-premises infrastructure in a simple, scalable and dynamic way.

    Language:Scala499

  • privado

    Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.

    Language:Dockerfile478

  • symmetric-encryption

    Symmetric Encryption for Ruby Projects using OpenSSL

    Language:Ruby474

  • sandworm-audit

    Security & License Compliance For Your App's Dependencies 🪱

    Language:JavaScript465

  • binaryanalysis-ng

    Binary Analysis Next Generation (BANG)

    Language:Python456
  • ciso-assistant-community

    ciso-assistant-community

    CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, 800-171, CyFun, CJIS, AirCyber and so much more

    Language:Python420

  • wazuh-dashboard-plugins

    Plugins for Wazuh Dashboard

    Language:TypeScript404

  • wazuh-ruleset

    Wazuh - Ruleset

    Language:Python402
  • cfripper

    cfripper

    Library and CLI tool for analysing CloudFormation templates and check them for security compliance.

    Language:Python389

  • OpenDSR

    A common framework enabling companies to work together to protect consumers' privacy and data rights.

    364

  • gapps

    Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com

    Language:HTML358
  • steampipe-mod-aws-compliance

    steampipe-mod-aws-compliance

    Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Powerpipe and Steampipe.

    Language:HCL355

  • awesome-privacy-chinese

    [WIP]国内隐私合规技术交流

    353

  • xeol

    A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs

    Language:Go329

  • chainloop

    Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

    Language:Go319

  • opa-envoy-plugin

    A plugin to enforce OPA policies with Envoy

    Language:Go309

  • reposaur

    Open source compliance tool for development platforms.

    Language:Go281

  • iambic

    IAMbic is Version-Control for IAM. It centralizes and simplifies cloud access and permissions. It maintains an eventually consistent, human-readable, bi-directional representation of IAM in Git.

    Language:Python274

  • wazuh-ansible

    Wazuh - Ansible playbook

    Language:Jinja253

  • sandworm-guard-js

    Easy auditing & sandboxing for your JavaScript dependencies 🪱

    Language:JavaScript250

  • dns-violations

    List of DNS violations by implementations, software and/or systems

    242

  • cnspec

    An open source, cloud-native security to protect everything from build to runtime

    Language:Go237

  • cis-benchmarks-audit

    Simple command line tool to check for compliance against CIS Benchmarks

    Language:Python235

  • Netshot

    Network Configuration and Compliance Management

    Language:Java232

  • todogroup.org

    Official TODO Website that containts TODO Guides, OSPO use cases and more resources to advance in the OSPO journey

    Language:HTML231

  • aws-allowlister

    Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.

    Language:Python218

  • checkov-action

    This GitHub Action runs Checkov against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues.

    Language:HCL216

  • allero

    By scanning CI/CD misconfigurations, Allero helps reduce production issues, harden your security posture and shift-left CI/CD from DevOps to developers.

    Language:Go205

  • UTMStack

    Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence

    Language:Java188

  • dockerspec

    A small Ruby Gem to run RSpec and Serverspec, Infrataster and Capybara tests against Dockerfiles or Docker images easily.

    Language:Ruby180

  • gdpr-tracker

    A crowdsourced directory tracking the compliance and security practices of cloud services and their subprocessors

    Language:JavaScript176