Trending repositories for topic compliance
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
A FAST Kubernetes manifests validator, with support for Custom Resources!
🧵 CLI tool for directly patching container images!
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Security automation content in SCAP, Bash, Ansible, and other formats
Open Source Cloud Native Application Protection Platform (CNAPP)
immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history
compliance assessment and POA&M management for CMMC/NIST 800-171A
Policy Module for Microsoft Active Directory Certificate Services
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
a lightweight, security focused, BDD test framework against terraform.
compliance assessment and POA&M management for CMMC/NIST 800-171A
Policy Module for Microsoft Active Directory Certificate Services
🧵 CLI tool for directly patching container images!
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
A FAST Kubernetes manifests validator, with support for Custom Resources!
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
Security automation content in SCAP, Bash, Ansible, and other formats
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
a lightweight, security focused, BDD test framework against terraform.
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Open Source Cloud Native Application Protection Platform (CNAPP)
immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
🧵 CLI tool for directly patching container images!
A FAST Kubernetes manifests validator, with support for Custom Resources!
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
Open Source Cloud Native Application Protection Platform (CNAPP)
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & ...
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Policy Module for Microsoft Active Directory Certificate Services
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
a lightweight, security focused, BDD test framework against terraform.
compliance assessment and POA&M management for CMMC/NIST 800-171A
The official repository for the Bedrock version of Faithful 64x
Policy Module for Microsoft Active Directory Certificate Services
OpenACR is a digital native Accessibility Conformance Report (ACR). The initial development is based on Section 508 requirements. The main goal is to be able to compare the accessibility claims of dig...
🧵 CLI tool for directly patching container images!
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & ...
A FAST Kubernetes manifests validator, with support for Custom Resources!
S.U.P.E.R.M.A.N. optimizes the macOS software update experience.
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence
This GitHub Action runs Checkov against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance ...
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
compliance assessment and POA&M management for CMMC/NIST 800-171A
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
🧵 CLI tool for directly patching container images!
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
compliance assessment and POA&M management for CMMC/NIST 800-171A
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Open Source Cloud Native Application Protection Platform (CNAPP)
Security automation content in SCAP, Bash, Ansible, and other formats
A FAST Kubernetes manifests validator, with support for Custom Resources!
immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & ...
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com
compliance assessment and POA&M management for CMMC/NIST 800-171A
Demonstrate integration of Senzing and Neo4j to construct an Entity Resolved Knowledge Graph
Policy Module for Microsoft Active Directory Certificate Services
FBPro Audit Test Automation Package allows you to create compliance reports for your systems. The resulting HTML-reports provide a transparent overview of your devices' security configuration compared...
SOC 2 should be easy to get done and it should be inexpensive. Here's everything you wanted to know.
OpenACR is a digital native Accessibility Conformance Report (ACR). The initial development is based on Section 508 requirements. The main goal is to be able to compare the accessibility claims of dig...
Implements OPA-based preventive security controls for AWS Infrastructure using Terraform Infrastructure as Code (IaC), that can establish a security baseline and safeguard resources before deployment ...
🧵 CLI tool for directly patching container images!
PAIG (Pronounced similar to paige or payj) is an open-source project designed to protect Generative AI (GenAI) applications by ensuring security, safety, and observability.
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com
The official repository for the Bedrock version of Faithful 64x
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
Simple, yet powerful compliance solutions for Indian businesses
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.
PAIG (Pronounced similar to paige or payj) is an open-source project designed to protect Generative AI (GenAI) applications by ensuring security, safety, and observability.
compliance assessment and POA&M management for CMMC/NIST 800-171A
A compliance analysis tool which enables organizations to more quickly articulate their compliance posture and also generate supporting evidence artifacts
An open-source command-line tool for cybersecurity reporting automation and a configuration language for reusable templates. Reporting-as-Code
Open-source graph tool for exploring blockchain transactions with a focus on compliance and risk analysis.
Demonstrate integration of Senzing and Neo4j to construct an Entity Resolved Knowledge Graph
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
A FAST Kubernetes manifests validator, with support for Custom Resources!
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
🧵 CLI tool for directly patching container images!
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Open Source Cloud Native Application Protection Platform (CNAPP)
Open-source infrastructure and data orchestration platform for risk decisioning
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
Security automation content in SCAP, Bash, Ansible, and other formats
A suite of tools to automate software compliance checks.
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
compliance assessment and POA&M management for CMMC/NIST 800-171A
Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence
Kexa's simple rules (Open Source) make it easy to monitoring and manage alerting of your entire cloud. With various monitoring and alerting options, instant and detailed alerts, easy-to-deploy and low...
Open-source graph tool for exploring blockchain transactions with a focus on compliance and risk analysis.
Identify hardcoded secrets in static structured text (version 2)
Policy Module for Microsoft Active Directory Certificate Services
This repository describes how to use AWS Control Tower controls, HashiCorp Terraform, and infrastructure as code (IaC) to implement and administer preventive, detective, and proactive security control...
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
This pattern describes how to use AWS Control Tower Controls, AWS Cloud Development Kit (CDK) and infrastructure as code to implement and administer preventive, detective and proactive security on AWS...
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com
🧵 CLI tool for directly patching container images!
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
Implements OPA-based preventive security controls for AWS Infrastructure using Terraform Infrastructure as Code (IaC), that can establish a security baseline and safeguard resources before deployment ...
Simple, yet powerful compliance solutions for Indian businesses