Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
-
Updated
May 17, 2024 - Python
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Operator providing Kubernetes cluster compliance checks
The official repository for the Bedrock version of Faithful 64x
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +37 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, 800-171, CyFun, CJIS, AirCyber and so much more
These are automated updated IP address blacklist/whitelist you can use to fetch and parse and put in your firewall, waf, null-routing, sinkhole or what ever you choose. The blacklists are not necessary threat actors, it's just lists i like to have ready and handy.
Open Source Multi-Cloud AWS Control Tower
Rudder is a configuration and security automation platform. Manage your Cloud, hybrid or on-premises infrastructure in a simple, scalable and dynamic way.
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Security automation content in SCAP, Bash, Ansible, and other formats
The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines
FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.
Creates a CSV file of `git log` data, useful for audit reports and other "chain of custody" type reports
This GitHub Action runs Checkov against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues.
An open source, cloud-native security to protect everything from build to runtime
Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, HIPAA HITRUST, NIST, and more across all of your Azure subscriptions using Powerpipe and Steampipe.
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
ONYX: Cisco Automated Assessment and Auditing Tool (CAAAT). An open-source tool that automatically assesses and audits Cisco IOS routers against Center for Internet Security (CIS) Cisco IOS 15 Benchmark and Cisco IOS 17 Benchmark.
A suite of tools to automate software compliance checks.
Open Source Cloud Native Application Protection Platform (CNAPP)
Add a description, image, and links to the compliance topic page so that developers can more easily learn about it.
To associate your repository with the compliance topic, visit your repo's landing page and select "manage topics."