Compliance

#declarative#policy-engine#cncf

Open Policy AgentGo

An open-source, general-purpose policy engine for unified, context-aware policy enforcement across the stack.

A generic and open signature format for describing log event detections, shareable across SIEM systems.

#signatures#yaml#siem

Stars10.4k

Forks2.6k

Docker bench securityShell

A script that checks for dozens of common best-practices around deploying Docker containers in production.

#container-security#audit#security

Stars9.6k

Forks1.0k

Last commit1 year ago

immudbGo

An immutable database with built-in cryptographic proof and verification, supporting SQL, Key-Value, and Document models.

#zero-trust#database#document-database

A CLI tool and Go library for generating Software Bill of Materials (SBOM) from container images and filesystems.

#sbom#container-security#cyclonedx

A CLI tool and Go library for generating Software Bill of Materials (SBOM) from container images and filesystems.

#sbom#container-security#cyclonedx

A static code analysis tool that scans infrastructure as code, container images, and open source packages for security misconfigurations and vulnerabilities.

#aws-security#azure#static-code-analysis

Stars8.7k

Forks1.3k

#aws-security#azure#kubernetes

checkovPython

A static code analysis tool that scans infrastructure as code, container images, and open source packages for security misconfigurations and vulnerabilities.

Stars8.7k

Forks1.3k

#google-cloud-platform#multi-cloud#azure

tfsecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

#google-cloud-platform#multi-cloud#azure

TFSecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

#google-cloud-platform#azure#terraform-security

tfsecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

#rego#google-cloud-platform#multi-cloud

TfsecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

Fleet device managementGo

Open-source platform for IT and security teams to manage and secure thousands of computers across diverse environments.

#osquery#vulnerability-management#it-security

Stars6.3k

Forks846

Last commit1 day ago

Awesome Security Hardening

A curated collection of security hardening guides, best practices, checklists, benchmarks, and tools for various systems and services.

#infrastructure-security#windows-hardening#infosec

Stars6.3k

Forks646

#multi-cloud#cloud-governance#rules-engine

cloud-custodianPython

A rules engine for cloud security, cost optimization, and governance using YAML policies to query, filter, and act on cloud resources.

A static code analyzer that detects security and compliance violations in Infrastructure as Code before provisioning cloud infrastructure.

#devops#terrascan#policy-as-code

Stars5.2k

Forks550

Last commit5 months ago

TerrascanGo

A static code analyzer that detects security and compliance violations in Infrastructure as Code before provisioning cloud infrastructure.

#devops#terrascan#kubernetes

Stars5.2k

Forks550

Last commit5 months ago

OSSECC

Open Source Host-based Intrusion Detection System performing log analysis, file integrity checking, rootkit detection, and active response.

#real-time-alerting#siem#policy-monitoring

Stars5.0k

Forks1.1k

#php-library#schema#schema-validation

JSON SchemaPHP

A PHP implementation for validating JSON structures against JSON Schema drafts 3, 4, 6, and 7.

Stars3.6k

Forks369

#eloquent#change-log#lumen

AuditedRuby

An ActiveRecord extension for Rails that logs all changes to your models, including who made them and why.

#rails#audit#ruby-gem

Stars3.5k

Forks663

Last commit5 months ago

Laravel AuditingPHP

A Laravel package that records change logs from Eloquent models to track discrepancies and anomalies.

Stars3.4k

Forks403

Last commit7 days ago

BearerGo

Static application security testing (SAST) tool that scans source code to discover, filter, and prioritize security and privacy risks.

#privacy-compliance#code-security#data-flow-analysis

Stars2.6k

Forks143

#privacy-compliance#code-security#data-flow-analysis

BearerGo

A static application security testing (SAST) tool that scans source code to discover, filter, and prioritize security and privacy risks.

Stars2.6k

Forks143

#hacktoberfest#kubernetes#security-scanning

KICSOpen Policy Agent

KICS is an open-source static analysis tool that finds security vulnerabilities, compliance issues, and misconfigurations in Infrastructure as Code.

Stars2.6k

Forks363

Last commit2 days ago

BallerineTypeScript

Open-source infrastructure and data orchestration platform for risk decisioning, automating KYC, KYB, underwriting, and transaction monitoring.

#back-office#data-orchestration#workflow-engine

The OWASP Mobile Application Security Verification Standard (MASVS) is the industry standard for mobile app security.

#app-security#mobile-security#standard

Stars2.4k

Forks663

Last commit4 months ago

MedplumTypeScript

A developer platform for building compliant healthcare applications with FHIR standards, authentication, and clinical data management.

#oauth#developer-platform#hipaa

Stars2.3k

Forks754

Last commit1 day ago

Linux auditd Detection RulesetShell

A production-ready auditd configuration for Linux security monitoring that works out-of-the-box across major distributions.

#security-hardening#linux-security#auditd-configuration

Stars1.8k

Forks302

Last commit2 days ago

openscapXSLT

A command-line toolkit for validating, scanning, and managing SCAP (Security Content Automation Protocol) documents.

#scanning#scap-toolkit#command-line-tool

Stars1.7k

Forks429

Last commit2 days ago

GreenmaskGo

An open-source tool for PostgreSQL and MySQL database anonymization, synthetic data generation, and logical dumping.

#logical-backup#devops#database-subsetting

Stars1.7k

Forks56