141 Open Source Compliance Software Projects
Free and open source compliance code projects including engines, APIs, generators, and tools.
Lynis 9227 ⭐
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Ossec Hids 3597 ⭐
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Cloud Custodian 3952 ⭐
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Toniblyx Prowler 4603 ⭐
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Immudb 6785 ⭐
immudb - immutable database based on zero trust, SQL and Key-Value, tamperproof, data change history
Windows Secure Host Baseline 1333 ⭐
Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
Checkov 3642 ⭐
Prevent cloud misconfigurations during build-time for Terraform, CloudFormation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Sudo_pair 1120 ⭐
Plugin for sudo that requires another human to approve and monitor privileged sudo sessions
Scancode Toolkit 1339 ⭐
:mag_right: ScanCode detects licenses, copyrights, package manifests & dependencies and more by scanning code ... to discover and inventory open source and third-party packages used in your code.
Panther Labs Panther 905 ⭐
[DEPRECATED] Detect threats with log data and improve cloud security posture
Fossology 518 ⭐
FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.
Normation Rudder 335 ⭐
Rudder is a configuration and security automation platform. Manage your Cloud, hybrid or on-premises infrastructure in a simple, scalable and dynamic way.
Opendsr 317 ⭐
A common framework enabling companies to work together to protect consumers' privacy and data rights.
Cfripper 320 ⭐
Library and CLI tool for analysing CloudFormation templates and check them for security compliance.
Dockerspec 182 ⭐
A small Ruby Gem to run RSpec and Serverspec, Infrataster and Capybara tests against Dockerfiles or Docker images easily.
Gdpr Tracker 150 ⭐
A crowdsourced directory tracking the compliance and security practices of cloud services and their subprocessors
Data Processing Agreements 116 ⭐
Collection of Data Processing Agreement (DPA) and GDPR compliance resources
Qa Checks V4 100 ⭐
PowerShell scripts to ensure consistent and reliable build quality and configuration for your servers
Locklevel 96 ⭐
A prototype that demonstrates a method for scoring how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber
Citellus 86 ⭐
Automation Troubleshooting Framework to validate and report configuration, software installed, etc with bash, python, and your language of choice.
Information Security Tasks 131 ⭐
This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Server Qa Checks 73 ⭐
A bunch of QA checks to run against one or more servers to make sure they are built to a specific standard.
Splunk Assessment Of Mitigation Implementations 71 ⭐
Automatically scores how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber
Inspec_tools 77 ⭐
A command-line and ruby API of utilities, converters and tools for creating, converting and processing security baseline formats, results and data
Parse Efd Fiscal 54 ⭐
Projeto voltado para fazer o mapeamento e parse do sped fiscal para dentro do banco de dados
Terraform Security Scan 88 ⭐
Run a security scan on your terraform with the very nice https://github.com/liamg/tfsec
Sw360portal 34 ⭐
We have moved and *archived* this repository. Pls. continue at the new place at https://github.com/eclipse/sw360 ... A software component catalogue application - designed to work with FOSSology.
Clouditor 39 ⭐
The Clouditor is a tool to support continuous cloud assurance. Developed by Fraunhofer AISEC.
Audit Test Automation 35 ⭐
The Audit Test Automation Package gives you the ability to get an overview about the compliance status of several systems. You can easily create HTML-reports and have a transparent overview over compliance and non-compliance of explicit setttings and configurations in comparison to industry standards and hardening guides.
Isc Projects Forge 22 ⭐
ISC Forge is an open source DHCP conformance validation framework, primarily used for testing ISC Kea.
Cookie Consent Box 42 ⭐
A tiny, dependency-free cookie box widget that helps you to be GDPR complaint after including 8 kB of code (gzipped)
Alcideio Advisor 34 ⭐
Alcide Kubernetes Advisor ... Cluster Hygiene & Security Scanner - Pipeline Integration
Speedle Plus 39 ⭐
Speedle+ is an open source project for access management. It is based on Speedle open source project and maintained by previous Speedle maintainers.
Kolide Fleet Chart 13 ⭐
kolide-fleet-chart Chart for Kubernetes includes kolide-fleet, MySQL Database and Redis cache
Compliance Scripts 15 ⭐
A collection of scripts for license compliance scanning, mostly experimental
Cloudformation Guard 866 ⭐
Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules.
Tern 640 ⭐
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBoM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
Steampipe Mod Aws Compliance 197 ⭐
Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Steampipe.
Aws Allowlister 169 ⭐
Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.