compliance

There are 47 repositories under compliance topic.

CISOfy / lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
auditing compliance devops devops-tools gdpr hardening hipaa linux pci-dss security-audit security-hardening security-scanner security-tools security-vulnerability shell system-hardening unix vulnerability-assessment vulnerability-detection vulnerability-scanners
Language:Shell 12834
prowler
prowler-cloud / prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
security security-tools security-audit security-hardening hardening aws cis-benchmark compliance gdpr forensics cloud well-architected devsecops azure iam python gcp multi-cloud
Language:Python 10279
wazuh / wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
cloud-security compliance configuration-assessement container-security cybersecurity file-integrity-monitoring incident-response infosec log-analysis malware-detection pci-dss security security-audit security-automation security-hardening security-tools siem vulnerability-detection wazuh xdr
Language:C 9719
open-policy-agent / opa
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
authorization cloud-native compliance declarative doge json lolcat opa open-policy-agent policy
Language:Go 9360
immudb
codenotary / immudb
immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history
auditable compliance cryptographic database gdpr go immutable immutable-database key-value merkle-tree pci-dss performance sql tamper-evident tamperproof timetravel verification verify zero-trust
Language:Go 8528
bridgecrewio / checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
terraform static-analysis aws gcp azure aws-security cloudformation scans compliance kubernetes infrastructure-as-code devops hacktoberfest
Language:Python 6761
tfsec
aquasecurity / tfsec
Tfsec is now part of Trivy
terraform security scanner static-analysis ci aws azure google-cloud-platform compliance infrastructure-as-code devsecops vulnerability-scanners misconfiguration digitalocean devops linter go terraform-security hacktoberfest
Language:Go 6620
cloud-custodian
cloud-custodian / cloud-custodian
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
aws compliance cloud rules-engine cloud-computing management serverless lambda gcp azure
Language:Python 5305
ThreatMapper
deepfence / ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
cloud-native cloudsecurity cnapp compliance containers cspm cwpp devops devsecops hacktoberfest kubernetes observability registry-scanning scanning-tool secops security-tools threat-analysis vulnerability-detection vulnerability-management vulnerability-scanners
Language:TypeScript 4723
ossec / ossec-hids
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
compliance file-integrity-management fim hids intrusion-detection loganalyzer nist800-53 ossec pci-dss policy-monitoring security
Language:C 4343
inspec / inspec
InSpec: Auditing and Testing Framework
audit compliance devops devsec inspec security spec tdd tdd-utilities testing
Language:Ruby 2832
0x6d69636b / windows_hardening
HardeningKitty and Windows Hardening Settings
windows hardening security windows-10 blueteam defense audit powershell windows-hardening registry checklist compliance bsi cis security-baseline sisyphus stig windows-11 windows-server
Language:PowerShell 2278
ComplianceAsCode / content
Security automation content in SCAP, Bash, Ansible, and other formats
security compliance scap xccdf oval cpe cce usgcb pci-dss ospp stig application-security security-tools security-hardening security-automation security-profile hardening information-security cybersecurity ansible
Language:Shell 2135
yannh / kubeconform
A FAST Kubernetes manifests validator, with support for Custom Resources!
compliance kubernetes validation
Language:Go 2057
ballerine
ballerine-io / ballerine
Open-source infrastructure and data orchestration platform for risk decisioning
back-office case-management compliance dashboard flow fraud id-card-camera identity-verification idv know-your-customer kyc liveliness ocr onboarding orchestration risk-management rule-engine sdk svelte kyb
Language:TypeScript 2012
bearer
Bearer / bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
appsec compliance devsecops devsecops-tools security security-tools dataflow gdpr privacy sast static-code-analysis vulnerability security-audit security-scanner vulnerabilities code-quality static-analysis security-automation owasp
Language:Go 1887
HummerRisk / HummerRisk
HummerRisk 是云原生安全平台，包括混合云安全治理和云原生安全检测。
cloud-custodian cloud-native prowler security sbom cloud-native-security cspm k8s-security kubernetes-security trivy compliance compliance-as-code vulnerability
Language:Java 1770
usnistgov / macos_security
macOS Security Compliance Project
apple bash compliance macos mdm python3 zsh
Language:YAML 1645
nsacyber / Windows-Secure-Host-Baseline
Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
adobe-reader applocker audit auditing certificates chrome-browser compliance group-policy internet-explorer microsoft-office nessus windows windows-10 windows-firewall windows-server windows-server-2016
Language:HTML 1545
ort
oss-review-toolkit / ort
A suite of tools to automate software compliance checks.
license-scan package-scan package-manager dependencies dependency-graph license copyright spdx copyright-scan compliance license-checking oss-compliance license-management sbom sbom-generator open-source-licensing ospo cyclonedx sca hacktoberfest
Language:Kotlin 1535
bytedance / appshark
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
android compliance static-analysis vulnerability
Language:Kotlin 1469
lunasec-io / lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
tokenization web-security compliance security soc2 pci-dss gdpr zero-trust devsecops log4shell dependency-analysis scanning cybersecurity security-tools scanning-tool cve-scanning sbom sbom-generator continuous-delivery software-composition-analysis
Language:TypeScript 1424
terraform-compliance / cli
a lightweight, security focused, BDD test framework against terraform.
bdd bdd-style compliance hashicorp infrastructure terraform testing testing-framework
Language:Python 1337
OpenSCAP / openscap
NIST Certified SCAP 1.2 toolkit
compliance cpe data-stream openscap oval scanning scap xccdf
Language:XSLT 1316
strongdm / comply
Compliance automation framework, focused on SOC2
compliance documentation-toolchain gdpr go golang grc hipaa iso27001 pdf-generation soc2 templates
Language:Go 1272
aws-cloudformation / cloudformation-guard
Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0
cfn-guard cloudformation compliance governance k8s policy-as-code policy-rule-evaluation security terraform
Language:Rust 1260
cfn_nag
stelligent / cfn_nag
Linting tool for CloudFormation templates
continuous-testing unit-testing cloudformation aws devops iam-rules cloudformation-templates cfn-nag open-source static-analysis stelligent cfn lint linting amazon security security-automation cloudformation-security hacktoberfest compliance
Language:Ruby 1247
square / sudo_pair
Plugin for sudo that requires another human to approve and monitor privileged sudo sessions
authentication compliance linux pairing pam rust security sudo
Language:Rust 1238
databunker
securitybunker / databunker
Secure SDK/vault for personal records/PII built to comply with GDPR
gdpr pii piidata security privacy privacy-by-design user-consent ccpa compliance legaltech anonymization data-anonymization database encryption vault tokenization application-server passportjs data-protection secure-storage
Language:Go 1229
ciso-assistant-community
intuitem / ciso-assistant-community
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +54 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, 800-171, CyFun, CJIS, AirCyber, NCSC, ECC, SCF and so much more
cmmc compliance grc soc2 gdpr audit anssi iso27001 cis dora governance hipaa risk-management owasp nist privacy fedramp bsi cybersecurity cjis
Language:Python 968
owasp-dep-scan / dep-scan
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
compliance containers cve cyclonedx dependency-analysis dependency-audit devsecops reachability-analysis risk-audit sbom sca security-audit security-tools supply-chain-security vex vulnerability-scanners
Language:Python 955
tern-tools / tern
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
python containers oss-compliance sbom docker compliance spdx tool dependencies software-composition-analysis risk-management open-source supply-chain-security metadata-extraction
Language:Python 949
ElectricEye
jonrau1 / ElectricEye
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks
security-tools security-audit cloud-security security-monitoring aws-security security-hub cloud-compliance-reporting cloud-auditing security-engineering devsecops aws-audit aws-compliance compliance attack-surface-management aws gcp-security multicloud saas-security google-cloud-security asset-management
Language:Python 916
Open-Source-Security-Guide
mikeroyal / Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
vulnerabilities vulnerability-detection privacy-protection pentesters network-analysis intrusion-detection infosec incident-management mitre-attack detection-engineering kali-linux offensive-security information-security siem compliance cyber-security scanning-tool incident-response forensics-tools surveillance
Language:Go 882
project-copacetic / copacetic
🧵 CLI tool for directly patching container images using reports from vulnerability scanners
cncf compliance container-image container-security containers devsecops docker hacktoberfest patching security trivy vulnerability
Language:Go 850
fossology / fossology
FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.
fossology spdx license-management license compliance oss license-checking license-scan compliance-check compliance-automation spdx-licenses
Language:PHP 772