106 Open source projects that are alternatives of or similar to vulcan

InSpec Profile for the EL7 DISA STIG

InSpec: Auditing and Testing Framework

GKE CIS 1.1.0 Benchmark InSpec Profile

DEPRECATED: A set of utilities for converting and working with compliance data for viewing in the heimdall applications

Ansible role for Red Hat 8 STIG Baseline

Privacy as Code for DSAR Orchestration: Privacy Request automation to fulfill GDPR, CCPA, and LGPD data subject requests.

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

Testing for the Cloud

Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

Binary Analysis Next Generation (BANG)

ATT&CK Evaluations website (DEPRECATED)

A prototype that demonstrates a method for scoring how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber

A plugin to enforce OPA policies with Envoy

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Wazuh - Tools for packages creation

FedRAMP Tailored.

STIG Standalone Windows Servers to DoD STIG/SRG Requirements and NSACyber Guidance. The ultimate Windows Server security and compliance script!

List of DNS violations by implementations, software and/or systems

Guardian is a tool for extensible and universal data access with automated access workflows and security controls across data stores, analytical systems, and cloud products.

Wazuh - Docker containers

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

A small Ruby Gem to run RSpec and Serverspec, Infrataster and Capybara tests against Dockerfiles or Docker images easily.

InSpec VMware Resource Pack (Incubation)

immudb - world’s fastest immutable database, built on a zero trust model

A crowdsourced directory tracking the compliance and security practices of cloud services and their subprocessors

INTERCEPT / Policy as Code Static Analysis Auditing / SAST

Ansible role for the Windows 2012 Member Server STIG

A FAST Kubernetes manifests validator, with support for Custom Resources!

A schema and set of tools for using SQL to query cloud infrastructure.

ISC Forge is an open source DHCP conformance validation framework, primarily used for testing ISC Kea.

Simple command line tool to check for compliance against CIS Benchmarks

CIS Distribution Independent Linux Benchmark - InSpec Profile

Pre-configured response & remediation playbooks for AWS Security Hub

A FUSE interface to the NCBI Sequence Read Archive (SRA)

This module configures AWS Config, a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.

Security scanner for your Terraform code

Verify that pull request titles start with a ticket ID

Wazuh - Kibana plugin

MITRE Shield website

DevSec PostgreSQL Baseline - InSpec Profile

Speedle+ is an open source project for access management. It is based on Speedle open source project and maintained by previous Speedle maintainers.

Collection of Data Processing Agreement (DPA) and GDPR compliance resources

Wazuh - The Open Source Security Platform

☁️Haven GRC - easier governance, risk, and compliance 👨‍⚕️👮‍♀️🦸‍♀️🕵️‍♀️👩‍🔬

Speedle is an open source project for access control.

merged into the TTS Handbook

The group for companies that run open source programs

OpenACR is a digital native Accessibility Conformance Report (ACR). The initial development is based on Section 508 requirements. The main goal is to be able to compare the accessibility claims of digital products and services. A structured, self-validated, machine-readable documentation will provide for this.

Secure storage for personal records built to comply with GDPR

STIX data representing MITRE ATT&CK

The base SIMP build repository

Run individual controls or full compliance benchmarks for NSA CISA Kubernetes Hardening Guidance across all of your Kubernetes clusters using Steampipe.

Wazuh - Ansible playbook

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

Network Security data repository for automation, reporting and compliance of firewall rules

SIAC is an enterprise SIEM built on open-source technology.

Imagine the information security compliance guideline says you need an antivirus but you run Arch Linux

Repository to hold the new UI framework for FOSSology built with React

A python module for working with ATT&CK

PowerShell scripts to ensure consistent and reliable build quality and configuration for your servers