Repository navigation

#

compliance

CISOfy / lynis 

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

ShellLinuxpci-dsscompliance安全security-hardeningsecurity-scannerhipaaUnixvulnerability-detectionvulnerability-scannersvulnerability-assessmentDevOpsdevops-toolshardeningauditinggdpr
Shell
14532
9 小时前
wazuh / wazuh 

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

安全complianceLoggingvulnerability-detectionCybersecurityfile-integrity-monitoringmalware-detectioncloud-securitycontainer-securitysecurity-automationsiemxdrconfiguration-assessementincident-responsepci-dsssecurity-hardeningwazuh
C
13152
20 分钟前
prowler-cloud/prowler
prowler-cloud / prowler 

Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuous monitoring, security assessments & audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more

安全security-hardeninghardeningAmazon Web Servicescis-benchmarkcompliancegdprforensicscloudwell-architecteddevsecopsAzureiamPythonGoogle 云multi-cloudcspmcloudsecurity
Python
11994
5 小时前
open-policy-agent / opa 

Open Policy Agent (OPA) is an open source, general-purpose policy engine.

Open Policy AgentpolicydeclarativeJSONcompliancecloud-nativeAuthorizationdogelolcat
Go
10563
5 天前
codenotary/immudb
codenotary / immudb 

immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history

key-valueimmutablemerkle-treeGo数据库tamperproofverificationimmutable-databasecompliancepci-dssgdprverifyperformanceSQLtimetravelzero-trust
Go
8802
3 个月前
bridgecrewio / checkov 

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Terraformstatic-analysisAmazon Web ServicesGoogle 云Azureaws-securitycloudformationscanscomplianceKubernetesInfrastructure as codeDevOpsHacktoberfest
Python
7814
14 小时前
aquasecurity/tfsec
aquasecurity / tfsec 

Tfsec is now part of Trivy

Terraform安全scannerstatic-analysis持续集成Amazon Web ServicesAzureGoogle 云complianceInfrastructure as codedevsecopsvulnerability-scannersmisconfigurationdigitaloceanDevOpslinterGoHacktoberfest
Go
6869
15 天前
cloud-custodian/cloud-custodian
cloud-custodian / cloud-custodian 

Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

Amazon Web Servicescompliancecloudrules-enginecloud-computingmanagementServerlesslambdaGoogle 云Azure
Python
5774
4 小时前
deepfence/ThreatMapper
deepfence / ThreatMapper 

Open Source Cloud Native Application Protection Platform (CNAPP)

cloud-nativevulnerability-managementthreat-analysisdevsecopssecopsregistry-scanning安全cwppobservabilitycloudsecurityvulnerability-scannersvulnerability-detectionscanning-toolcnappcompliancecontainerscspmDevOpsKubernetesHacktoberfest
TypeScript
5073
1 个月前
ossec / ossec-hids 

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

hids安全pci-dssnist800-53osseccomplianceintrusion-detectionfimloganalyzerpolicy-monitoring
C
4804
7 个月前
intuitem/ciso-assistant-community
intuitem / ciso-assistant-community 

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec, Compliance/Audit Management, Privacy and supporting +100 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, CyFun, AirCyber, NCSC, ECC, SCF and so much mor

compliancegrcsoc2gdprauditiso27001cisdorarisk-managementowaspnist隐私fedrampbsiCybersecurityismsebios-rmnis2安全mcp
Python
3102
8 小时前
inspec / inspec 

InSpec: Auditing and Testing Framework

auditinspec安全compliancedevsecDevOpstdd-utilitiesTest-driven developmentspecTesting
Ruby
2992
10 小时前
yannh / kubeconform 

A FAST Kubernetes manifests validator, with support for Custom Resources!

Kubernetesvalidationcompliance
Go
2734
3 个月前
ComplianceAsCode / content 

Security automation content in SCAP, Bash, Ansible, and other formats

安全compliancepci-dssstigapplication-securitysecurity-hardeningsecurity-automationhardeningCybersecurityAnsible
Shell
2516
13 小时前
0x6d69636b / windows_hardening 

HardeningKitty and Windows Hardening Settings

Windowshardening安全blueteamdefenseauditPowerShellwindows-hardeningregistrychecklistcompliancebsicisstigwindows-server
PowerShell
2515
9 天前
Bearer / bearer 

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

appseccompliancedevsecopsdevsecops-tools安全dataflowgdpr隐私sastStatic code analysisvulnerabilitysecurity-scannervulnerabilitiesCode qualitystatic-analysissecurity-automationowasp
Go
2380
2 天前
ballerine-io/ballerine
ballerine-io / ballerine 

Open-source infrastructure and data orchestration platform for risk decisioning

compliancedashboardflowfraudkycOCRonboardingorchestrationrisk-managementrule-engineSDKSvelte
TypeScript
2257
13 天前
usnistgov / macos_security 

macOS Security Compliance Project

ApplemacOScomplianceZshBashPythonmdm
YAML
2078
3 小时前
oss-review-toolkit/ort
oss-review-toolkit / ort 

A suite of tools to automate software compliance checks.

Package manager依赖管理dependency-graphlicensecopyrightspdxcompliancelicense-managementsbomsbom-generatoropen-source-licensingospocyclonedxscaHacktoberfestcradora
Kotlin
1797
2 小时前
bytedance / appshark 

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.

Androidcompliancestatic-analysisvulnerability
Kotlin
1669
7 个月前