strongdm / Comply
Licence: apache-2.0
Compliance automation framework, focused on SOC2
Stars: ✭ 596
Projects that are alternatives of or similar to Comply
Gdpr Tracker
A crowdsourced directory tracking the compliance and security practices of cloud services and their subprocessors
Stars: ✭ 142 (-76.17%)
Mutual labels: gdpr, compliance
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Stars: ✭ 1,261 (+111.58%)
Mutual labels: compliance, gdpr
Immudb
immudb - world’s fastest immutable database, built on a zero trust model
Stars: ✭ 3,743 (+528.02%)
Mutual labels: gdpr, compliance
Pactmaker
Starter workflow for creating electronically signed PDF agreements.
Stars: ✭ 96 (-83.89%)
Mutual labels: gdpr, pdf-generation
fidesops
Privacy as Code for DSAR Orchestration: Privacy Request automation to fulfill GDPR, CCPA, and LGPD data subject requests.
Stars: ✭ 32 (-94.63%)
Mutual labels: compliance, gdpr
Data Processing Agreements
Collection of Data Processing Agreement (DPA) and GDPR compliance resources
Stars: ✭ 110 (-81.54%)
Mutual labels: gdpr, compliance
prowler
Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+1250%)
Mutual labels: compliance, gdpr
Itext7 Dotnet
iText 7 for .NET is the .NET version of the iText 7 library, formerly known as iTextSharp, which it replaces. iText 7 represents the next level of SDKs for developers that want to take advantage of the benefits PDF can bring. Equipped with a better document engine, high and low-level programming capabilities and the ability to create, edit and enhance PDF documents, iText 7 can be a boon to nearly every workflow.
Stars: ✭ 698 (+17.11%)
Mutual labels: gdpr, pdf-generation
kodex
A privacy and security engineering toolkit: Discover, understand, pseudonymize, anonymize, encrypt and securely share sensitive and personal data: Privacy and security as code.
Stars: ✭ 70 (-88.26%)
Mutual labels: compliance, gdpr
django-renderpdf
📄 A Django app to render django templates as PDF files.
Stars: ✭ 37 (-93.79%)
Mutual labels: templates, pdf-generation
Datadefender
Sensitive Data Management: Data Discovery and Anonymization toolkit
Stars: ✭ 79 (-86.74%)
Mutual labels: gdpr, compliance
Opendsr
A common framework enabling companies to work together to protect consumers' privacy and data rights.
Stars: ✭ 295 (-50.5%)
Mutual labels: gdpr, compliance
Lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+1433.05%)
Mutual labels: gdpr, compliance
Databunker
Secure storage for personal records built to comply with GDPR
Stars: ✭ 122 (-79.53%)
Mutual labels: gdpr, compliance
Itext7
iText 7 for Java represents the next level of SDKs for developers that want to take advantage of the benefits PDF can bring. Equipped with a better document engine, high and low-level programming capabilities and the ability to create, edit and enhance PDF documents, iText 7 can be a boon to nearly every workflow.
Stars: ✭ 913 (+53.19%)
Mutual labels: gdpr, pdf-generation
havengrc
☁️Haven GRC - easier governance, risk, and compliance 👨⚕️👮♀️🦸♀️🕵️♀️👩🔬
Stars: ✭ 83 (-86.07%)
Mutual labels: compliance, gdpr
data
The data behind the Datenanfragen.de project. This contains a directory of contact information and privacy-related data on companies under the scope of the EU GDPR, a directory of supervisory authorities for privacy concerns, a collection of templates for GDPR requests and a list of suggested companies to send access requests to.
Stars: ✭ 61 (-89.77%)
Mutual labels: templates, gdpr
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+665.27%)
Mutual labels: gdpr, compliance
Comply is a SOC2-focused compliance automation tool:
- Policy Generator: markdown-powered document pipeline for publishing auditor-friendly policy documents
- Ticketing Integration: automate compliance throughout the year via your existing ticketing system
- SOC2 Templates: open source policy and procedure templates suitable for satisfying a SOC2 audit
Installation
macOS:
brew tap strongdm/comply; brew install comply
Linux:
Go users:
go get github.com/strongdm/comply
Get Started
Start with comply init:
$ mkdir my-company
$ cd my-company
$ comply init
Once comply init is complete, just git init and git push your project to a new repository. You're ready to begin editing the included policy boilerplate text.
Discussion
Join us in Comply Users
Screenshots
Start a Project
Build PDFs
Track Policy Coverage
Dashboard
Dependencies
Comply relies on pandoc, which can be installed directly as an OS package or invoked via Docker.
CLI
NAME:
comply - policy compliance toolkit
USAGE:
comply [global options] command [command options] [arguments...]
COMMANDS:
init initialize a new compliance repository (interactive)
build, b generate a static website summarizing the compliance program
procedure, proc create ticket by procedure ID
scheduler create tickets based on procedure schedule
serve live updating version of the build command
sync sync ticket status to local cache
todo list declared vs satisfied compliance controls
help, h Shows a list of commands or help for one command
Running in Docker
Comply is currently only released for Linux and macOS, however from other operating systems it's possible to run using Docker:
# first pull the latest published docker image
$ docker pull strongdm/comply
# from an empty directory that will contain your comply project
$ docker run --rm -v "$PWD":/source -p 4000:4000 -it strongdm/comply
[email protected]:/source# comply init
✗ Organization Name:
# serve content live from an established project
$ docker run --rm -v "$PWD":/source -p 4000:4000 -it strongdm/comply
[email protected]:/source# comply serve
Serving content of output/ at http://127.0.0.1:4000 (ctrl-c to quit)
For Windows users, replace $PWD with the full path to your project directory
Ticketing Integrations:
- Jira
- Github
- Gitlab
Configuring Jira
When comply creates a ticket (through proc, for instance), it sets the following fields.
- assignee
- description
- issuetype
- labels
- project key
- reporter
- summary
Please make sure that the default Create Screen has all of those fields enabled. Additionally, make sure that there are no other required fields for the issue type you choose.
Forking and local development
Assumes installation of golang and configuration of GOPATH in .bash_profile, .zshrc, etc Inspiration: http://code.openark.org/blog/development/forking-golang-repositories-on-github-and-managing-the-import-path
$ go get github.com/strongdm/comply
$ cd $GOPATH/src/github.com/strongdm/comply ; go get ./...
$ make
$ cd example
$ mv comply.yml.example comply.yml
$ ../comply -h
$ ../comply sync
$ ../comply serve
#
$ make # recompile as needed with in $GOPATH/src/github.com/strongdm/comply
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].