84 Open source projects that are alternatives of or similar to Binaryanalysis Ng

An open source, general-purpose policy engine.

Continuous Auditing & Configuration

Sensitive Data Management: Data Discovery and Anonymization toolkit

a lightweight, security focused, BDD test framework against terraform.

The Audit Test Automation Package gives you the ability to get an overview about the compliance status of several systems. You can easily create HTML-reports and have a transparent overview over compliance and non-compliance of explicit setttings and configurations in comparison to industry standards and hardening guides.

cloudquery transforms your cloud infrastructure into SQL or Graph database for easy monitoring, governance and security.

Symmetric Encryption for Ruby Projects using OpenSSL

Secure storage for personal records built to comply with GDPR

Library and CLI tool for analysing CloudFormation templates and check them for security compliance.

🔎 ScanCode detects licenses, copyrights, package manifests & dependencies and more by scanning code ... to discover and inventory open source and third-party packages used in your code.

Detect threats with log data and improve cloud security posture

Wazuh - Puppet module

PowerShell scripts to ensure consistent and reliable build quality and configuration for your servers

The GDPR Checklist

The group for companies that run open source programs

A suite of tools to assist with reviewing Open Source Software dependencies.

Wazuh - Project documentation

Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

Wazuh - The Open Source Security Platform

Wazuh - Ruleset

GCP CIS 1.1.0 Benchmark InSpec Profile

Privacy as Code for DSAR Orchestration: Privacy Request automation to fulfill GDPR, CCPA, and LGPD data subject requests.

The base SIMP build repository

Security, Compliance and Informational Dashboard System

Run a security scan on your terraform with the very nice https://github.com/liamg/tfsec

Azure PCI PaaS Reference Architecture

A web application to streamline the development of STIGs from SRGs

SIAC is an enterprise SIEM built on open-source technology.

Wazuh - Chef cookbooks

immudb - world’s fastest immutable database, built on a zero trust model

NIST Certified SCAP 1.2 toolkit

Network Configuration and Compliance Management

Compliance automation framework, focused on SOC2

A plugin to enforce OPA policies with Envoy

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBoM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber

FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.

A crowdsourced directory tracking the compliance and security practices of cloud services and their subprocessors

macOS Security Compliance Project

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

InSpec: Auditing and Testing Framework

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

A bunch of QA checks to run against one or more servers to make sure they are built to a specific standard.

A common framework enabling companies to work together to protect consumers' privacy and data rights.

A FAST Kubernetes manifests validator, with support for Custom Resources!

An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

A privacy and security engineering toolkit: Discover, understand, pseudonymize, anonymize, encrypt and securely share sensitive and personal data: Privacy and security as code.

A small Ruby Gem to run RSpec and Serverspec, Infrataster and Capybara tests against Dockerfiles or Docker images easily.

Symmetric Encryption for Ruby Projects using OpenSSL

A command-line and ruby API of utilities, converters and tools for creating, converting and processing security baseline formats, results and data

GKE CIS 1.1.0 Benchmark InSpec Profile

Collection of Data Processing Agreement (DPA) and GDPR compliance resources

Internet standards compliance test suite

Wazuh - Docker containers

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

Speedle is an open source project for access control.

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

Plugin for sudo that requires another human to approve and monitor privileged sudo sessions