fedramp

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec, Compliance/Audit Management, Privacy and supporting +100 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, CyFun, AirCyber, NCSC, ECC, SCF and so much mor

A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs

FedRAMP Automation

Open Source AWS Control Tower

Docker Enterprise Edition Security Controls for Compliance

Secure SDLC process template

Open source tool for processing OSCAL based FedRAMP SSPs

Coalfire AWS RAMP/pak Reference Architecture

Gathers AWS inventory and outputs CSV in the format for FedRAMP SSP

FedRAMP Dashboard BPA Order

NIST OSCAL SDK and CLI

A collection of awesome framework, libraries, learning tutorials, videos, webcasts, technical resources and cool stuff about General Data Protection Regulation (GDPR).

Coalfire GCP RAMP/pak Reference Architecture

FedRAMP SSP API in Python

Point of Concept: To help to automate the collection of evidence for SOC 2 Audits and etc.

Coalfire Azure RAMP/pak Reference Architecture

A comprehensive Model Context Protocol (MCP) server providing enterprise-grade Static Application Security Testing (SAST) with advanced compliance verification, multi-tenant management, AI-powered analysis, and automated remediation workflows.

Deploy Anchore Enterprise in an environment of your choice. Then follow through a series of labs that showcase how you can improve security across your software supply chain.

dockerized-cloudsplot, CloudSploit is a security and configuration scanner that can detect hundreds of threats in your AWS account. Don't let a single misstep compromise your entire infrastructure.

Docker Build for GRC Tool - Eramba is a tool that helps with compliance, risk management, control testing, exception management, etc.