Open-source infrastructure and data orchestration platform for risk decisioning
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
Official TODO Website that containts TODO Guides, OSPO use cases and more resources to advance in the OSPO journey
A suite of tools to automate software compliance checks.
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
CI/CD utils for gardener project
Open Source Cloud Native Application Protection Platform (CNAPP)
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
The official repository for the Bedrock version of Faithful 64x
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +37 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, 800-171, CyFun, CJIS, AirCyber and so much more
These are automated updated IP address blacklist/whitelist you can use to fetch and parse and put in your firewall, waf, null-routing, sinkhole or what ever you choose. The blacklists are not necessary threat actors, it's just lists i like to have ready and handy.
A scalable solution that manages public complaints as well as investigative case files for multiple Compliance and Enforcement divisions across the natural resource sector.
Security automation content in SCAP, Bash, Ansible, and other formats
Operator providing Kubernetes cluster compliance checks
This tool allows you to easily run your cfn-guard tests against your cfn-guard rules.
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
Add a description, image, and links to the compliance topic page so that developers can more easily learn about it.
To associate your repository with the compliance topic, visit your repo's landing page and select "manage topics."