Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking.
Alternatives To Gapps
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
2 days ago1February 27, 2018152gpl-3.0Shell
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
7 hours ago25apache-2.0Python
Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.
6 hours ago2,368otherC
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Tfsec5,905133 days ago404September 21, 2022112mitGo
Security scanner for your Terraform code
Ossec Hids3,980
21 hours ago336otherC
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Inspec2,667446179 days ago286July 13, 2022373otherRuby
InSpec: Auditing and Testing Framework
8 hours ago3May 23, 2019191gpl-3.0JavaScript
Cloud Security Posture Management (CSPM)
a month ago9mitPowerShell
HardeningKitty and Windows Hardening settings and configurations
7 hours ago364otherShell
Security automation content in SCAP, Bash, Ansible, and other formats
Hipaa Compliance Developers Guide1,569
3 months ago1
A developers guide to HIPAA compliance and application development.
Alternatives To Gapps
Select To Compare

Alternative Project Comparisons


Please consider supporting the project

❄️ View the Gapps site

Table of Contents

  1. About
  2. Getting Started
  3. Supported Frameworks
  4. Roadmap
  5. Things to know
  6. FAQ

New Features ❄️

  • SOC2, NIST CSF, NIST-800-53, CMMC, HIPAA, ASVS, ISO27001, CSC CIS18, PCI DSS and SSF have been added! That makes 10 total frameworks
  • Total revamp of the UI
  • Multi-tenancy is now supported!
  • Collaboration with auditors
  • Vendor Questionnaires

Next big features ❄️


Gapps is an Security compliance platform that makes it easy to track your progress against various security frameworks. Gapps is currently in Alpha mode - while it works great, there may be some breaking changes as it evolves. Please do not use this in production.... yet!.

  • Supports 10 security compliance frameworks (more coming)
  • 1500+ controls and 25+ policies out of the box for the frameworks (majority of policies are sourced from strongdm/comply)
  • Track the status of each control
  • Add custom controls/policies
  • WYSIWYG content editor
  • Vendor questionnaires

Check out the intro video below!

Captures from the platform

Home Dashboard
Project Controls
Project Controls (Dark Mode)
Track Progress of Controls

Getting Started

Setting up the server with Docker in 2 minutes

The following instructions are to get you started very quickly. The image will be pulled from Docker Hub

$ git clone; cd gapps
$ docker-compose up -d

The server should be running on http://<your-ip>:5000
The default email/password is [email protected]:admin

Next, create a project and select the framework (SOC2). Based on the selected criteria, controls and policies will be automatically added to your project. You can also go to the Controls and Policies page and add them to your project.


You can setup email (for sending user invites) as well by setting the following environment variables (docker-compose file or elsewhere)

MAIL_USERNAME="[email protected]"
MAIL_PASSWORD="app password" #

Supported frameworks

  • SOC2
  • CMMC
  • ASVS
  • ISO27001
  • NIST 800-53
  • CSC CIS 18
  • SSF (custom framework "Startup Security Framework")


Take a look at the project

Things to know

  • Authentication is fully functioning but authorization is not complete. In other words, the roles assigned to users are not respected. There is a ticket open to address this
  • The mitigation details of the controls are not documented. So it won't tell you how to mitigate a specific control. This requires a ton of work to complete but there is a ticket
  • Difficulty to Implement (dtc) is a field attached to the controls and every single control is labeled as "Easy" (that doesn't actually mean it is easy). This also requires a ton of work to update.


If you get a database connection error trying to start Gapps, you need to update (or remove) your env variables
[INFO] Checking if we can connect to the database server: postgresql://db1:[email protected]/db1
[ERROR] could not connect to server: Connection refused
        Is the server running on host "localhost" ( and accepting
        TCP/IP connections on port 5432?
could not connect to server: Cannot assign requested address
        Is the server running on host "localhost" (::1) and accepting
        TCP/IP connections on port 5432?

Can usually be fixed by unsetting two variables if running within docker. If you want to use a external database, see the next FAQ

Set env variables for the database connection

The value db1 is the default value for the username, database and password. If you would like to change it, update db1 with the respective values and postgres for the host.

export SQLALCHEMY_DATABASE_URI="postgresql://db1:[email protected]/db1"
Resetting the database

When starting Gapps for the first time, it will automatically create the database models. If you want to reset the data (e.g. delete all data), you can set the RESET_DB env variable such as export RESET_DB=yes.

Running Gapps for development

Sometimes you may want to run Gapps outside of Docker. You can do this by starting the Postgres container and then starting Gapps in the foreground.

  1. Uncomment ports declaration here
  2. Start the postgres container: docker-compose up -d postgres
  3. Set the following env variables:
export POSTGRES_HOST=${POSTGRES_HOST:-localhost}
export SQLALCHEMY_DATABASE_URI="postgresql://db1:[email protected]/db1"
  1. Run export FLASK_CONFIG=development;bash
  2. Gapps should be running and connected to the database. You can now make changes to the code.
Running with Docker Desktop
  1. Download the docker-compose.yml file
  2. Open up a elevated command prompt and change directories (cd) to where the docker-compose.yml file was downloaded (likely Downloads)
  3. Run docker compose up
Perform database migration
docker-compose up -d
docker exec -it gapps bash
python3 db migrate
python3 db stamp head
python3 db upgrade
Upgrading versions

1.) Edit docker-compose.yml file with the desired version from Docker Hub. Anywhere you see the old version in the compose file (should be 4 instances), update it with the desired version. (e.g. bmarsh13/gapps:3.3.9 -> bmarsh13/gapps:3.4.0)
2.) docker-compose up -d
3.) Perform database migration if neccesary

Popular Compliance Projects
Popular Security Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Pci Dss