Awesome Open Source

Programming Languages

Search results for compliance

728 search results found

Lynis ⭐ 12,150

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Prowler ⭐ 9,547

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

Open Policy Agent (OPA) is an open source, general-purpose policy engine.

Immudb ⭐ 8,416

immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history

Wazuh ⭐ 8,176

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Tfsec ⭐ 6,548

Security scanner for your Terraform code

Checkov ⭐ 6,284

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Cloud Custodian ⭐ 5,207

Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

Threatmapper ⭐ 4,534

Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

Ossec Hids ⭐ 4,145

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

CSV data manipulation made easy in PHP

Inspec ⭐ 2,805

InSpec: Auditing and Testing Framework

Content ⭐ 2,065

Security automation content in SCAP, Bash, Ansible, and other formats

Windows_hardening ⭐ 2,062

HardeningKitty and Windows Hardening settings and configurations

Ballerine ⭐ 1,858

Open-source infrastructure and data orchestration platform for risk decisioning

Ua .netstandard ⭐ 1,785

OPC Unified Architecture .NET Standard

Hummerrisk ⭐ 1,702

HummerRisk 是云原生安全平台，包括混合云安全治理和云原生安全检测。

Kubeconform ⭐ 1,595

A FAST Kubernetes manifests validator, with support for Custom Resources!

Hipaa Compliance Developers Guide ⭐ 1,569

A developers guide to HIPAA compliance and application development.

Bearer ⭐ 1,554

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Awesome Cloud Security ⭐ 1,549

🛡️ Awesome Cloud Security Resources ⚔️

Macos_security ⭐ 1,444

macOS Security Compliance Project

A suite of tools to automate software compliance checks.

Appshark ⭐ 1,382

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.

Lunasec ⭐ 1,355

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunase

a lightweight, security focused, BDD test framework against terraform.

Windows Secure Host Baseline ⭐ 1,306

Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber

Auditd ⭐ 1,293

Best Practice Auditd Configuration

Openscap ⭐ 1,217

NIST Certified SCAP 1.2 toolkit

Databunker ⭐ 1,208

Secure SDK/vault for personal records/PII built to comply with GDPR

Cement ⭐ 1,196

Application Framework for Python

Cloudformation Guard ⭐ 1,196

Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpy

Sudo_pair ⭐ 1,169

Plugin for sudo that requires another human to approve and monitor privileged sudo sessions

Cfn_nag ⭐ 1,105

Linting tool for CloudFormation templates

Pacbot ⭐ 1,104

PacBot (Policy as Code Bot)

Taplo ⭐ 1,012

A TOML toolkit written in Rust

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

Tinyriscv ⭐ 865

A very simple and easy to understand RISC-V core.

Compliance automation framework, focused on SOC2

Open Source Security Guide ⭐ 795

Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.

Electriceye ⭐ 794

ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

Linux Baseline ⭐ 740

DevSec Linux Baseline - InSpec Profile

An official read-only mirror of http://hg.nginx.org/njs/ which is updated hourly.

Fossology ⭐ 712

FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.

PHP's time range API

Gdpr Checklist ⭐ 689

The GDPR Checklist

Promises Tests ⭐ 683

Compliances tests for Promises/A+

Copacetic ⭐ 679

🧵 CLI tool for directly patching container images using reports from vulnerability scanners

Betterscan Ce ⭐ 673

Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

Dep Scan ⭐ 673

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

Kibitzr ⭐ 603

Personal Web Assistant

Open Security Controls Assessment Language (OSCAL)

Wazuh Docker ⭐ 532

Wazuh - Docker containers

S.U.P.E.R.M.A.N. optimizes the macOS software update experience.

Aura.router ⭐ 486

A web router implementation for PHP.

Trojanx ⭐ 485

Trojan Client for macOS, ported from ShadowsocksX-NG. Please use it in compliance with laws, regulations and rules.

Rudder is a configuration and security automation platform. Manage your Cloud, hybrid or on-premises infrastructure in a simple, scalable and dynamic way.

Symmetric Encryption ⭐ 477

Symmetric Encryption for Ruby Projects using OpenSSL

Sandworm Audit ⭐ 455

Security & License Compliance For Your App's Dependencies 🪱

Privado ⭐ 454

Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.

Terraform Validator ⭐ 442

Terraform Validator is not an officially supported Google product; it is a library for conversion of Terraform plan data to CAI Assets. If you have been using terraform-validator directly in the past, we recommend migrating to `gcloud beta terraform vet`.

Binaryanalysis Ng ⭐ 438

Binary Analysis Next Generation (BANG)

Awesome Security Grc ⭐ 427

Curated list of resources for security Governance, Risk Management, Compliance and Audit professionals and enthusiasts (if they exist).

Go Redis ⭐ 410

Google Go Client and Connectors for Redis

🗄️ Stream plugin for WordPress

PHP-RBAC is an authorization library for PHP. It provides developers with NIST Level 2 Standard Role Based Access Control and more, in the fastest implementation yet.

Cfripper ⭐ 384

Library and CLI tool for analysing CloudFormation templates and check them for security compliance.

Wazuh Dashboard Plugins ⭐ 376

Plugins for Wazuh Dashboard

Opendsr ⭐ 356

A common framework enabling companies to work together to protect consumers' privacy and data rights.

Uri Parser ⭐ 352

RFC3986/RFC3987 compliant URI parser

Aura.di ⭐ 345

Dependency Injection System

Compliance Masonry ⭐ 336

Security Documentation Builder

PyAIML is an interpreter for AIML (Artificial Intelligence Markup Language). cloned from sf.net.

Steampipe Mod Aws Compliance ⭐ 334

Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Steampipe.

Riscv Crypto ⭐ 330

RISC-V cryptography extensions standardisation work.

Reuse Tool ⭐ 329

reuse is a tool for compliance with the REUSE recommendations.

Uri Components ⭐ 298

[READ-ONLY] League URI components objects

Opa Envoy Plugin ⭐ 296

A plugin to enforce OPA policies with Envoy

Ninegridview ⭐ 291

一个九宫格自定义控件，实现类似微信和微博的九宫格图片显示

A scanner for deprecated and end-of-life (EOL) software in container images, filesystems, and SBOMs

Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking. https://gapps.darkbanner.com

O365 Admin Center ⭐ 271

The O365 Admin Center is a GUI application that administrators can use to administer every aspect of Office 365 including Exchange Online, Compliance Center, SharePoint and Skype for Business.

Ssh Baseline ⭐ 270

DevSec SSH Baseline - InSpec Profile

Awesome Privacy Chinese ⭐ 268

[WIP]国内隐私合规技术交流

A tool to test web content for accessibility and 508 compliance.

IAMbic is Version-Control for IAM. It centralizes and simplifies cloud access and permissions. It maintains an eventually consistent, human-readable, bi-directional representation of IAM in Git.

Cloudstack Archive ⭐ 258

DEPRECATED & read-only!! - This repo exists for GPL compliance only. CloudStack development has moved to the ASF - see http://cloudstack.apache.org/

Reposaur ⭐ 252

Open source compliance tool for development platforms.

Intunebackupandrestore ⭐ 246

PowerShell Module that queries Microsoft Graph, and allows for cross-tenant Backup & Restore actions of your Intune Configuration.

Sandworm Guard Js ⭐ 245

Easy auditing & sandboxing for your JavaScript dependencies 🪱

IceWM releases only, see Wiki

Spdx Spec ⭐ 241

The SPDX specification in MarkDown and HTML formats.

Security Policy Templates ⭐ 238

A set of policies, standards and control procedures with mapping to HIPAA, NIST CSF, PCI DSS, SOC2, FedRAMP, CIS Controls, and more.

Dns Violations ⭐ 234

List of DNS violations by implementations, software and/or systems

Laravel Gdpr ⭐ 234

GDPR compliance with ease.

Wazuh Ansible ⭐ 227

Wazuh - Ansible playbook

Chainloop ⭐ 225

Chainloop is an open source software supply chain control plane, a single source of truth for artifacts plus a declarative attestation crafting process.

Aws Config Engine For Compliance As Code ⭐ 224

Manage AWS Config Rules at scale in AWS multi-account and/or multi-region environment; with fully configurable deployment (RuleSets) and analytics.

Container Compliance ⭐ 224

Assessing compliance of a container

1-100 of 728 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2024 Awesome Open Source. All rights reserved.