85 Open source projects that are alternatives of or similar to garrison

A crowdsourced directory tracking the compliance and security practices of cloud services and their subprocessors

Network Configuration and Compliance Management

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

A small Ruby Gem to run RSpec and Serverspec, Infrataster and Capybara tests against Dockerfiles or Docker images easily.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

OpenACR is a digital native Accessibility Conformance Report (ACR). The initial development is based on Section 508 requirements. The main goal is to be able to compare the accessibility claims of digital products and services. A structured, self-validated, machine-readable documentation will provide for this.

Collection of Data Processing Agreement (DPA) and GDPR compliance resources

An open source, multi-cloud DevSecOps compliance checker

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats

List of DNS violations by implementations, software and/or systems

A plugin to enforce OPA policies with Envoy

Internet standards compliance test suite

A prototype that demonstrates a method for scoring how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber

immudb - world’s fastest immutable database, built on a zero trust model

INTERCEPT / Policy as Code Static Analysis Auditing / SAST

A FAST Kubernetes manifests validator, with support for Custom Resources!

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

SIAC is an enterprise SIEM built on open-source technology.

Speedle+ is an open source project for access management. It is based on Speedle open source project and maintained by previous Speedle maintainers.

Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber

Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

A bunch of QA checks to run against one or more servers to make sure they are built to a specific standard.

Wazuh - Tools for packages creation

A command-line and ruby API of utilities, converters and tools for creating, converting and processing security baseline formats, results and data

Binary Analysis Next Generation (BANG)

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

Plugin for sudo that requires another human to approve and monitor privileged sudo sessions

Guardian is a tool for extensible and universal data access with automated access workflows and security controls across data stores, analytical systems, and cloud products.

Wazuh - The Open Source Security Platform

merged into the TTS Handbook

Speedle is an open source project for access control.

☁️Haven GRC - easier governance, risk, and compliance 👨‍⚕️👮‍♀️🦸‍♀️🕵️‍♀️👩‍🔬

The group for companies that run open source programs

Imagine the information security compliance guideline says you need an antivirus but you run Arch Linux

Secure storage for personal records built to comply with GDPR

Run individual controls or full compliance benchmarks for NSA CISA Kubernetes Hardening Guidance across all of your Kubernetes clusters using Steampipe.

The base SIMP build repository

Wazuh - Ansible playbook

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

Simple command line tool to check for compliance against CIS Benchmarks

PowerShell scripts to ensure consistent and reliable build quality and configuration for your servers

Wazuh - Puppet module

cloudquery transforms your cloud infrastructure into SQL or Graph database for easy monitoring, governance and security.

FedRAMP Tailored.

Wazuh - Project documentation

ISC Forge is an open source DHCP conformance validation framework, primarily used for testing ISC Kea.

Sensitive Data Management: Data Discovery and Anonymization toolkit

Security scanner for your Terraform code

GCP CIS 1.1.0 Benchmark InSpec Profile

Repository to hold the new UI framework for FOSSology built with React

🔎 ScanCode detects licenses, copyrights, package manifests & dependencies and more by scanning code ... to discover and inventory open source and third-party packages used in your code.

Wazuh - Kibana plugin

Run a security scan on your terraform with the very nice https://github.com/liamg/tfsec

I AM SHER LOCKED. Dashboard for Appknox Users.

Wazuh - Docker containers

GKE CIS 1.1.0 Benchmark InSpec Profile

A web application to streamline the development of STIGs from SRGs

This module configures AWS Config, a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.

Verify that pull request titles start with a ticket ID

InSpec: Auditing and Testing Framework