Open Source Cloud Native Application Protection Platform (CNAPP)
-
Updated
Jun 3, 2024 - TypeScript
Open Source Cloud Native Application Protection Platform (CNAPP)
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
The official repository for the Bedrock version of Faithful 64x
These are automated updated IP address blacklist/whitelist you can use to fetch and parse and put in your firewall, waf, null-routing, sinkhole or what ever you choose. The blacklists are not necessary threat actors, it's just lists i like to have ready and handy.
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +43 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, 800-171, CyFun, CJIS, AirCyber and so much more
Open Policy Agent (OPA) is an open source, general-purpose policy engine.
Cloud operations platform
Open-source infrastructure and data orchestration platform for risk decisioning
This GitHub Action runs Checkov against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues.
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Observe and alert on GitHub Secrets to facilitate regular rotation and enhance security and compliance.
An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.
Library and CLI tool for analysing CloudFormation templates and check them for security compliance.
[wip]Compliance Automation for OSS - GitHub Automation Tool - A solution for automated and scheduled execution of workflows via GitHub Action.
A suite of tools to automate software compliance checks.
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
ONYX: Cisco Automated Assessment and Auditing Tool (CAAAT). An open-source tool that automatically assesses and audits Cisco IOS routers against Center for Internet Security (CIS) Cisco IOS 15 Benchmark and Cisco IOS 17 Benchmark.
Rudder is a configuration and security automation platform. Manage your Cloud, hybrid or on-premises infrastructure in a simple, scalable and dynamic way.
Tool to check licensing of Composer depdencies against a set of rules to ensure compliance
Add a description, image, and links to the compliance topic page so that developers can more easily learn about it.
To associate your repository with the compliance topic, visit your repo's landing page and select "manage topics."