There are 35 repositories under compliance topic.
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
immudb - immutable database based on zero trust, SQL and Key-Value, tamperproof, data change history
An open source, general-purpose policy engine.
Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 240 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Security scanner for your Terraform code
Wazuh - The Open Source Security Platform
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
InSpec: Auditing and Testing Framework
The open-source cloud asset inventory powered by SQL.
Security automation content in SCAP, Bash, Ansible, and other formats
Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
a lightweight, security focused, BDD test framework against terraform.
Plugin for sudo that requires another human to approve and monitor privileged sudo sessions
LunaSec - Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service. Get started in one-click via our GitHub App or host it yourself. https://github.com/apps/lunatrace-by-lunasec/
Linting tool for CloudFormation templates
Secure SDK/vault for personal records/PII built to comply with GDPR
Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules.
NIST Certified SCAP 1.2 toolkit
A suite of tools to assist with reviewing Open Source Software dependencies.
Compliance automation framework, focused on SOC2
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
Continuously monitor your AWS attack surface and evaluate services for configurations that can lead to degradation of confidentiality, integrity or availability. All results can be exported to Security Hub, JSON, CSV, Databases, and more for further aggregation and analysis.
A FAST Kubernetes manifests validator, with support for Custom Resources!
FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.
Open Source Security Guide
Symmetric Encryption for Ruby Projects using OpenSSL
Open Security Controls Assessment Language (OSCAL)
Rudder is a configuration and security automation platform. Manage your Cloud, hybrid or on-premises infrastructure in a simple, scalable and dynamic way.
Library and CLI tool for analysing CloudFormation templates and check them for security compliance.
Wazuh - Docker containers
Wazuh - Ruleset
Binary Analysis Next Generation (BANG)