Trending repositories for topic compliance
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Prowler is an Open Cloud Security Platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening ...
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Security automation content in SCAP, Bash, Ansible, and other formats
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com
🧵 CLI tool for directly patching container images!
SOC 2 should be easy to get done and it should be inexpensive. Here's everything you wanted to know.
SOC 2 should be easy to get done and it should be inexpensive. Here's everything you wanted to know.
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
Security automation content in SCAP, Bash, Ansible, and other formats
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
Prowler is an Open Cloud Security Platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening ...
🧵 CLI tool for directly patching container images!
S.U.P.E.R.M.A.N. optimizes the macOS software update experience.
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/co...
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Prowler is an Open Cloud Security Platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening ...
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec, Compliance/Audit Management, Privacy and supporting +90 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DS...
Security automation content in SCAP, Bash, Ansible, and other formats
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
🧵 CLI tool for directly patching container images!
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com
a lightweight, security focused, BDD test framework against terraform.
A secure, automated script to install and configure OpenVAS (Greenbone Community Edition) from source on Debian 12. Features GPG verification, self-signed SSL, and systemd integration.
SOC 2 should be easy to get done and it should be inexpensive. Here's everything you wanted to know.
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
S.U.P.E.R.M.A.N. optimizes the macOS software update experience.
Official TODO Website that containts TODO Guides, OSPO use cases and more resources to advance in the OSPO journey
🧵 CLI tool for directly patching container images!
Kexa's simple rules (Open Source) make it easy to monitoring and manage alerting of your entire cloud. With various monitoring and alerting options, instant and detailed alerts, easy-to-deploy and low...
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Security automation content in SCAP, Bash, Ansible, and other formats
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec, Compliance/Audit Management, Privacy and supporting +90 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DS...
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
a lightweight, security focused, BDD test framework against terraform.
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Prowler is an Open Cloud Security Platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening ...
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
Kexa's simple rules (Open Source) make it easy to monitoring and manage alerting of your entire cloud. With various monitoring and alerting options, instant and detailed alerts, easy-to-deploy and low...
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
A FAST Kubernetes manifests validator, with support for Custom Resources!
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec, Compliance/Audit Management, Privacy and supporting +90 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DS...
🧵 CLI tool for directly patching container images!
Security automation content in SCAP, Bash, Ansible, and other formats
S.U.P.E.R.M.A.N. optimizes the macOS software update experience.
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
A suite of tools to automate software compliance checks.
Open Source Cloud Native Application Protection Platform (CNAPP)
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
Enterprise Governance Layer (Identity, RBAC, Credentials, Auditing, Logging, Tracing) for the Model Context Protocol SDK
Kexa's simple rules (Open Source) make it easy to monitoring and manage alerting of your entire cloud. With various monitoring and alerting options, instant and detailed alerts, easy-to-deploy and low...
Sharing hEN 18031 (EN 18031) Technical Documentation & Test Plan templates to help IoT manufacturers successfully comply with the RED DA.
A curated list of references on the role of AI in safety-critical systems ⚠️
A secure, automated script to install and configure OpenVAS (Greenbone Community Edition) from source on Debian 12. Features GPG verification, self-signed SSL, and systemd integration.
Policy Module for Microsoft Active Directory Certificate Services
A compliance analysis tool which enables organizations to more quickly articulate their compliance posture and also generate supporting evidence artifacts
S.U.P.E.R.M.A.N. optimizes the macOS software update experience.
🧵 CLI tool for directly patching container images!
Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
A scalable server implementation of the OSS Review Toolkit.
SOC 2 should be easy to get done and it should be inexpensive. Here's everything you wanted to know.
A FAST Kubernetes manifests validator, with support for Custom Resources!
PAIG (Pronounced similar to paige or payj) is an open-source project designed to protect Generative AI (GenAI) applications by ensuring security, safety, and observability.
Open source ERP Solution for Nepalese businesses with HR, Payroll & Accounting compliance.
compliance assessment and POA&M management for CMMC/NIST 800-171A
A compliance analysis tool which enables organizations to more quickly articulate their compliance posture and also generate supporting evidence artifacts
Sharing hEN 18031 (EN 18031) Technical Documentation & Test Plan templates to help IoT manufacturers successfully comply with the RED DA.
A curated list of references on the role of AI in safety-critical systems ⚠️
Enterprise Governance Layer (Identity, RBAC, Credentials, Auditing, Logging, Tracing) for the Model Context Protocol SDK
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec, Compliance/Audit Management, Privacy and supporting +90 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DS...
Prowler is an Open Cloud Security Platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening ...
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
A FAST Kubernetes manifests validator, with support for Custom Resources!
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
🧵 CLI tool for directly patching container images!
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
Open Source Cloud Native Application Protection Platform (CNAPP)
Security automation content in SCAP, Bash, Ansible, and other formats
A suite of tools to automate software compliance checks.
compliance assessment and POA&M management for CMMC/NIST 800-171A
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec, Compliance/Audit Management, Privacy and supporting +90 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DS...
A secure, automated script to install and configure OpenVAS (Greenbone Community Edition) from source on Debian 12. Features GPG verification, self-signed SSL, and systemd integration.
Kexa's simple rules (Open Source) make it easy to monitoring and manage alerting of your entire cloud. With various monitoring and alerting options, instant and detailed alerts, easy-to-deploy and low...
An open-source command-line tool for cybersecurity reporting automation and a configuration language for reusable templates. Reporting-as-Code
Demonstrate integration of Senzing and Neo4j to construct an Entity Resolved Knowledge Graph
Enterprise Governance Layer (Identity, RBAC, Credentials, Auditing, Logging, Tracing) for the Model Context Protocol SDK
A scalable server implementation of the OSS Review Toolkit.
Open source ERP Solution for Nepalese businesses with HR, Payroll & Accounting compliance.
Policy Module for Microsoft Active Directory Certificate Services
SOC 2 should be easy to get done and it should be inexpensive. Here's everything you wanted to know.
Leverage Ollion's GCP Landing Zone to deploy a secure, compliant foundation with ease. The repository contains an implementation of a secure and compliant landing zone pattern that will help expedite ...
Identify hardcoded secrets in static structured text (version 2)
Check remote repositories for typical red flags like CLAs and risks due to low development activity
🧵 CLI tool for directly patching container images!