Corey's starred repositories

go

The Go programming language

Language:GoLicense:BSD-3-ClauseStargazers:122295Issues:3412Issues:63119

istio

Connect, secure, control, and observe services.

Language:GoLicense:Apache-2.0Stargazers:35624Issues:982Issues:19836

sops

Simple and flexible tool for managing secrets

Language:GoLicense:MPL-2.0Stargazers:16173Issues:120Issues:784

community

Kubernetes community content

Language:Jupyter NotebookLicense:Apache-2.0Stargazers:11894Issues:692Issues:1800

prowler

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

Language:PythonLicense:Apache-2.0Stargazers:10483Issues:128Issues:899

kube-bench

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark

Language:GoLicense:Apache-2.0Stargazers:6892Issues:107Issues:475

ScoutSuite

Multi-Cloud Security Auditing Tool

Language:PythonLicense:GPL-2.0Stargazers:6567Issues:134Issues:867

kube-hunter

Hunt for security weaknesses in Kubernetes clusters

Language:PythonLicense:Apache-2.0Stargazers:4701Issues:95Issues:216

Azure-Sentinel

Cloud-native SIEM for intelligent security analytics for your entire enterprise.

Language:Jupyter NotebookLicense:MITStargazers:4457Issues:238Issues:1302

cloudsploit

Cloud Security Posture Management (CSPM)

Language:JavaScriptLicense:GPL-3.0Stargazers:3294Issues:72Issues:197

tag-security

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!

Language:HTMLLicense:NOASSERTIONStargazers:2020Issues:158Issues:523

Microsoft-Defender-for-Cloud

Welcome to the Microsoft Defender for Cloud community repository

Language:PowerShellLicense:MITStargazers:1674Issues:133Issues:160

starboard

Moved to https://github.com/aquasecurity/trivy-operator

Language:GoLicense:Apache-2.0Stargazers:1346Issues:27Issues:278

compliance-masonry

Security Documentation Builder

Language:GoLicense:NOASSERTIONStargazers:347Issues:49Issues:144

security-policy-templates

A set of policies, standards and control procedures with mapping to HIPAA, NIST CSF, PCI DSS, SOC2, FedRAMP, CIS Controls, and more.

Language:JavaScriptLicense:CC-BY-SA-4.0Stargazers:279Issues:26Issues:4

fedramp-automation

FedRAMP Automation

Language:TypeScriptLicense:NOASSERTIONStargazers:267Issues:42Issues:328

amazon-eks-custom-amis

Amazon EKS custom AMIs based on Amazon Linux 2.

Language:ShellLicense:MIT-0Stargazers:186Issues:10Issues:33

openrmf-docs

Documentation on the OpenRMF application, including scripts to run the whole stack as well as just infrastructure with documentation on using the tool.

Language:FreeMarkerLicense:GPL-3.0Stargazers:120Issues:6Issues:203
Language:ShellLicense:Apache-2.0Stargazers:118Issues:8Issues:0

security-policy-builder

CLI for generating policies, standards and control procedures (PSP) documentation in Markdown and publishing to JupiterOne or Confluence

Language:TypeScriptLicense:MPL-2.0Stargazers:81Issues:20Issues:8

go

Repository for FIPS enabled Go using OpenSSL

Language:ShellLicense:BSD-3-ClauseStargazers:66Issues:11Issues:36

OSCAL-GUI

Joint NIST/FedRAMP tool to interact with OSCAL files via a browser-based GUI

Language:PHPLicense:GPL-3.0Stargazers:42Issues:9Issues:8

fedramp

Open source tool for processing OSCAL based FedRAMP SSPs

Language:GoLicense:NOASSERTIONStargazers:36Issues:9Issues:4

fedrampup

Gathers AWS inventory and outputs CSV in the format for FedRAMP SSP

Language:GoLicense:MITStargazers:35Issues:17Issues:1

blossom-case-study

A case study for ACSAC 2022 utilizing OSCAL with a custom GitHub action to automate assessments.

Language:HTMLLicense:NOASSERTIONStargazers:23Issues:7Issues:17

fedramp-integrated-inventory-workbook

This example shows how you can create a Lambda function to retrieve inventory information to create the integrated inventory spreadsheet which can be used as a separate attachment to the FedRAMP System Security Plan (SSP)

Language:PythonLicense:MIT-0Stargazers:18Issues:6Issues:3

go-fips

FIPS 140-2-compliant Golang images based on Alpine.

Language:DockerfileLicense:MITStargazers:16Issues:3Issues:0

xccdf2csv

Convert XCCDF files from DISA STIG and OpenSCAP Content into Comma Separated Values files making it easier to convert into potential OpenControl Content.

Language:PythonStargazers:14Issues:8Issues:0

fedramp-ssp

Taking FedRAMP templates to Markdown

Language:HTMLLicense:CC0-1.0Stargazers:9Issues:3Issues:3