Gdpr TrackerA crowdsourced directory tracking the compliance and security practices of cloud services and their subprocessors
Stars: ✭ 142 (+491.67%)
NetshotNetwork Configuration and Compliance Management
Stars: ✭ 91 (+279.17%)
dep-scanFully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
Stars: ✭ 346 (+1341.67%)
DockerspecA small Ruby Gem to run RSpec and Serverspec, Infrataster and Capybara tests against Dockerfiles or Docker images easily.
Stars: ✭ 181 (+654.17%)
LynisLynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+37970.83%)
openacrOpenACR is a digital native Accessibility Conformance Report (ACR). The initial development is based on Section 508 requirements. The main goal is to be able to compare the accessibility claims of digital products and services. A structured, self-validated, machine-readable documentation will provide for this.
Stars: ✭ 61 (+154.17%)
cscannerAn open source, multi-cloud DevSecOps compliance checker
Stars: ✭ 19 (-20.83%)
ContentSecurity automation content in SCAP, OSCAL, Bash, Ansible, and other formats
Stars: ✭ 1,219 (+4979.17%)
Dns ViolationsList of DNS violations by implementations, software and/or systems
Stars: ✭ 216 (+800%)
Opa Envoy PluginA plugin to enforce OPA policies with Envoy
Stars: ✭ 185 (+670.83%)
Internet.nlInternet standards compliance test suite
Stars: ✭ 56 (+133.33%)
LOCKLEVELA prototype that demonstrates a method for scoring how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber
Stars: ✭ 98 (+308.33%)
Immudbimmudb - world’s fastest immutable database, built on a zero trust model
Stars: ✭ 3,743 (+15495.83%)
interceptINTERCEPT / Policy as Code Static Analysis Auditing / SAST
Stars: ✭ 54 (+125%)
KubeconformA FAST Kubernetes manifests validator, with support for Custom Resources!
Stars: ✭ 111 (+362.5%)
lunasecLunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Stars: ✭ 1,261 (+5154.17%)
SiacSIAC is an enterprise SIEM built on open-source technology.
Stars: ✭ 100 (+316.67%)
speedle-plusSpeedle+ is an open source project for access management. It is based on Speedle open source project and maintained by previous Speedle maintainers.
Stars: ✭ 45 (+87.5%)
Windows Secure Host BaselineConfiguration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
Stars: ✭ 1,288 (+5266.67%)
prowlerProwler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+33425%)
Server Qa ChecksA bunch of QA checks to run against one or more servers to make sure they are built to a specific standard.
Stars: ✭ 72 (+200%)
Inspec toolsA command-line and ruby API of utilities, converters and tools for creating, converting and processing security baseline formats, results and data
Stars: ✭ 65 (+170.83%)
CheckovPrevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Stars: ✭ 3,572 (+14783.33%)
Sudo pairPlugin for sudo that requires another human to approve and monitor privileged sudo sessions
Stars: ✭ 1,077 (+4387.5%)
guardianGuardian is a tool for extensible and universal data access with automated access workflows and security controls across data stores, analytical systems, and cloud products.
Stars: ✭ 127 (+429.17%)
WazuhWazuh - The Open Source Security Platform
Stars: ✭ 3,154 (+13041.67%)
SpeedleSpeedle is an open source project for access control.
Stars: ✭ 153 (+537.5%)
havengrc☁️Haven GRC - easier governance, risk, and compliance 👨⚕️👮♀️🦸♀️🕵️♀️👩🔬
Stars: ✭ 83 (+245.83%)
Todogroup.orgThe group for companies that run open source programs
Stars: ✭ 144 (+500%)
libredefenderImagine the information security compliance guideline says you need an antivirus but you run Arch Linux
Stars: ✭ 76 (+216.67%)
DatabunkerSecure storage for personal records built to comply with GDPR
Stars: ✭ 122 (+408.33%)
steampipe-mod-kubernetes-complianceRun individual controls or full compliance benchmarks for NSA CISA Kubernetes Hardening Guidance across all of your Kubernetes clusters using Steampipe.
Stars: ✭ 23 (-4.17%)
Simp CoreThe base SIMP build repository
Stars: ✭ 111 (+362.5%)
Information Security TasksThis repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Stars: ✭ 108 (+350%)
cis benchmarks auditSimple command line tool to check for compliance against CIS Benchmarks
Stars: ✭ 182 (+658.33%)
Qa Checks V4PowerShell scripts to ensure consistent and reliable build quality and configuration for your servers
Stars: ✭ 94 (+291.67%)
Cloudquerycloudquery transforms your cloud infrastructure into SQL or Graph database for easy monitoring, governance and security.
Stars: ✭ 1,300 (+5316.67%)
forgeISC Forge is an open source DHCP conformance validation framework, primarily used for testing ISC Kea.
Stars: ✭ 26 (+8.33%)
DatadefenderSensitive Data Management: Data Discovery and Anonymization toolkit
Stars: ✭ 79 (+229.17%)
TfsecSecurity scanner for your Terraform code
Stars: ✭ 3,622 (+14991.67%)
FOSSologyUIRepository to hold the new UI framework for FOSSology built with React
Stars: ✭ 35 (+45.83%)
Scancode Toolkit🔎 ScanCode detects licenses, copyrights, package manifests & dependencies and more by scanning code ... to discover and inventory open source and third-party packages used in your code.
Stars: ✭ 1,134 (+4625%)
Terraform Security ScanRun a security scan on your terraform with the very nice https://github.com/liamg/tfsec
Stars: ✭ 64 (+166.67%)
ireneI AM SHER LOCKED. Dashboard for Appknox Users.
Stars: ✭ 15 (-37.5%)
Wazuh DockerWazuh - Docker containers
Stars: ✭ 213 (+787.5%)
vulcanA web application to streamline the development of STIGs from SRGs
Stars: ✭ 30 (+25%)
terraform-aws-configThis module configures AWS Config, a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
Stars: ✭ 24 (+0%)
ticket-check-actionVerify that pull request titles start with a ticket ID
Stars: ✭ 29 (+20.83%)
InspecInSpec: Auditing and Testing Framework
Stars: ✭ 2,450 (+10108.33%)