PantherDetect threats with log data and improve cloud security posture
Stars: ✭ 885 (+803.06%)
Wazuh ChefWazuh - Chef cookbooks
Stars: ✭ 9 (-90.82%)
Clia lightweight, security focused, BDD test framework against terraform.
Stars: ✭ 918 (+836.73%)
OpenscapNIST Certified SCAP 1.2 toolkit
Stars: ✭ 750 (+665.31%)
ComplyCompliance automation framework, focused on SOC2
Stars: ✭ 596 (+508.16%)
OpaAn open source, general-purpose policy engine.
Stars: ✭ 5,939 (+5960.2%)
TernTern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBoM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
Stars: ✭ 505 (+415.31%)
OrtA suite of tools to assist with reviewing Open Source Software dependencies.
Stars: ✭ 446 (+355.1%)
FossologyFOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.
Stars: ✭ 440 (+348.98%)
Macos securitymacOS Security Compliance Project
Stars: ✭ 348 (+255.1%)
Cloud CustodianRules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Stars: ✭ 3,926 (+3906.12%)
Ossec HidsOSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Stars: ✭ 3,580 (+3553.06%)
RudderContinuous Auditing & Configuration
Stars: ✭ 314 (+220.41%)
OpendsrA common framework enabling companies to work together to protect consumers' privacy and data rights.
Stars: ✭ 295 (+201.02%)
CfripperLibrary and CLI tool for analysing CloudFormation templates and check them for security compliance.
Stars: ✭ 265 (+170.41%)
compliance-trestleAn opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.
Stars: ✭ 53 (-45.92%)
fidesopsPrivacy as Code for DSAR Orchestration: Privacy Request automation to fulfill GDPR, CCPA, and LGPD data subject requests.
Stars: ✭ 32 (-67.35%)
kodexA privacy and security engineering toolkit: Discover, understand, pseudonymize, anonymize, encrypt and securely share sensitive and personal data: Privacy and security as code.
Stars: ✭ 70 (-28.57%)
Audit-Test-AutomationThe Audit Test Automation Package gives you the ability to get an overview about the compliance status of several systems. You can easily create HTML-reports and have a transparent overview over compliance and non-compliance of explicit setttings and configurations in comparison to industry standards and hardening guides.
Stars: ✭ 37 (-62.24%)
garrisonSecurity, Compliance and Informational Dashboard System
Stars: ✭ 24 (-75.51%)
vulcanA web application to streamline the development of STIGs from SRGs
Stars: ✭ 30 (-69.39%)
libredefenderImagine the information security compliance guideline says you need an antivirus but you run Arch Linux
Stars: ✭ 76 (-22.45%)
speedle-plusSpeedle+ is an open source project for access management. It is based on Speedle open source project and maintained by previous Speedle maintainers.
Stars: ✭ 45 (-54.08%)
FOSSologyUIRepository to hold the new UI framework for FOSSology built with React
Stars: ✭ 35 (-64.29%)
terraform-aws-configThis module configures AWS Config, a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
Stars: ✭ 24 (-75.51%)
interceptINTERCEPT / Policy as Code Static Analysis Auditing / SAST
Stars: ✭ 54 (-44.9%)
cscannerAn open source, multi-cloud DevSecOps compliance checker
Stars: ✭ 19 (-80.61%)
forgeISC Forge is an open source DHCP conformance validation framework, primarily used for testing ISC Kea.
Stars: ✭ 26 (-73.47%)
wazuh-packagesWazuh - Tools for packages creation
Stars: ✭ 54 (-44.9%)
ticket-check-actionVerify that pull request titles start with a ticket ID
Stars: ✭ 29 (-70.41%)
guardianGuardian is a tool for extensible and universal data access with automated access workflows and security controls across data stores, analytical systems, and cloud products.
Stars: ✭ 127 (+29.59%)