Trending repositories for topic compliance
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...
opencomply simplifies security and compliance, from containers to cloud. Assess your resources (cloud servers, Jira, deployments, GitHub, etc.), define granular controls, get precise checks, and proac...
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Open Source Cloud Native Application Protection Platform (CNAPP)
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
🧵 CLI tool for directly patching container images!
Security automation content in SCAP, Bash, Ansible, and other formats
The Auditree framework tool to run compliance control checks as unit tests.
FBPro Audit Test Automation Package allows you to create compliance reports for your systems. The resulting HTML-reports provide a transparent overview of your devices' security configuration compared...
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
Evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/co...
opencomply simplifies security and compliance, from containers to cloud. Assess your resources (cloud servers, Jira, deployments, GitHub, etc.), define granular controls, get precise checks, and proac...
The Auditree framework tool to run compliance control checks as unit tests.
FBPro Audit Test Automation Package allows you to create compliance reports for your systems. The resulting HTML-reports provide a transparent overview of your devices' security configuration compared...
S.U.P.E.R.M.A.N. optimizes the macOS software update experience.
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
🧵 CLI tool for directly patching container images!
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
Evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Open Source Cloud Native Application Protection Platform (CNAPP)
Security automation content in SCAP, Bash, Ansible, and other formats
Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/co...
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Open Source Cloud Native Application Protection Platform (CNAPP)
opencomply simplifies security and compliance, from containers to cloud. Assess your resources (cloud servers, Jira, deployments, GitHub, etc.), define granular controls, get precise checks, and proac...
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Curated list of resources for security Governance, Risk Management, Compliance and Audit professionals and enthusiasts (if they exist).
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
A FAST Kubernetes manifests validator, with support for Custom Resources!
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
🧵 CLI tool for directly patching container images!
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
A suite of tools to automate software compliance checks.
opencomply simplifies security and compliance, from containers to cloud. Assess your resources (cloud servers, Jira, deployments, GitHub, etc.), define granular controls, get precise checks, and proac...
SOC 2 should be easy to get done and it should be inexpensive. Here's everything you wanted to know.
FBPro Audit Test Automation Package allows you to create compliance reports for your systems. The resulting HTML-reports provide a transparent overview of your devices' security configuration compared...
The Auditree framework tool to run compliance control checks as unit tests.
Curated list of resources for security Governance, Risk Management, Compliance and Audit professionals and enthusiasts (if they exist).
compliance assessment and POA&M management for CMMC/NIST 800-171A
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
S.U.P.E.R.M.A.N. optimizes the macOS software update experience.
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
Evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
🧵 CLI tool for directly patching container images!
Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com
A plugin to enforce OPA policies with Envoy
Open Source Cloud Native Application Protection Platform (CNAPP)
AML Checker detection and analysis tools for cryptocurrency transactions using machine learning and blockchain data. Ensuring compliance and reducing money laundering risks.
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
A FAST Kubernetes manifests validator, with support for Custom Resources!
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
A suite of tools to automate software compliance checks.
AML Checker detection and analysis tools for cryptocurrency transactions using machine learning and blockchain data. Ensuring compliance and reducing money laundering risks.
Security automation content in SCAP, Bash, Ansible, and other formats
Open Source Cloud Native Application Protection Platform (CNAPP)
AML Checker detection and analysis tools for cryptocurrency transactions using machine learning and blockchain data. Ensuring compliance and reducing money laundering risks.
opencomply simplifies security and compliance, from containers to cloud. Assess your resources (cloud servers, Jira, deployments, GitHub, etc.), define granular controls, get precise checks, and proac...
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com
An open-source command-line tool for cybersecurity reporting automation and a configuration language for reusable templates. Reporting-as-Code
compliance assessment and POA&M management for CMMC/NIST 800-171A
Policy Module for Microsoft Active Directory Certificate Services
Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.
FBPro Audit Test Automation Package allows you to create compliance reports for your systems. The resulting HTML-reports provide a transparent overview of your devices' security configuration compared...
A scalable server implementation of the OSS Review Toolkit.
OpenIDM is an open standards based Identity Management, Provisioning and Compliance solution. Experience shows that the most important features of an identity management product are: high flex...
The Auditree framework tool to run compliance control checks as unit tests.
SOC 2 should be easy to get done and it should be inexpensive. Here's everything you wanted to know.
Run individual configuration, compliance and security controls or full compliance benchmarks for CIS across all of your GCP projects using Powerpipe and Steampipe.
Curated list of resources for security Governance, Risk Management, Compliance and Audit professionals and enthusiasts (if they exist).
PAIG (Pronounced similar to paige or payj) is an open-source project designed to protect Generative AI (GenAI) applications by ensuring security, safety, and observability.
compliance assessment and POA&M management for CMMC/NIST 800-171A
AML Checker detection and analysis tools for cryptocurrency transactions using machine learning and blockchain data. Ensuring compliance and reducing money laundering risks.
A compliance analysis tool which enables organizations to more quickly articulate their compliance posture and also generate supporting evidence artifacts
Demonstrate integration of Senzing and Neo4j to construct an Entity Resolved Knowledge Graph
A scalable server implementation of the OSS Review Toolkit.
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
A FAST Kubernetes manifests validator, with support for Custom Resources!
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
🧵 CLI tool for directly patching container images!
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Open Source Cloud Native Application Protection Platform (CNAPP)
Security automation content in SCAP, Bash, Ansible, and other formats
Open-source infrastructure and data orchestration platform for risk decisioning
A suite of tools to automate software compliance checks.
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PS...
compliance assessment and POA&M management for CMMC/NIST 800-171A
Enterprise-ready SIEM, SOAR and Compliance powered by real-time correlation and threat intelligence.
Kexa's simple rules (Open Source) make it easy to monitoring and manage alerting of your entire cloud. With various monitoring and alerting options, instant and detailed alerts, easy-to-deploy and low...
SOC 2 should be easy to get done and it should be inexpensive. Here's everything you wanted to know.
Open-source graph tool for exploring blockchain transactions with a focus on compliance and risk analysis.
Identify hardcoded secrets in static structured text (version 2)
Policy Module for Microsoft Active Directory Certificate Services
AML Checker detection and analysis tools for cryptocurrency transactions using machine learning and blockchain data. Ensuring compliance and reducing money laundering risks.
Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
🧵 CLI tool for directly patching container images!
This repository describes how to use AWS Control Tower controls, HashiCorp Terraform, and infrastructure as code (IaC) to implement and administer preventive, detective, and proactive security control...
Evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
Implements OPA-based preventive security controls for AWS Infrastructure using Terraform Infrastructure as Code (IaC), that can establish a security baseline and safeguard resources before deployment ...