Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

Open Policy Agent (OPA) is an open source, general-purpose policy engine.

immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Tfsec is now part of Trivy

Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

Open Source Cloud Native Application Protection Platform (CNAPP)

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | SLSA Level 3 Compliant for Secure Development and Build Process | Apps Available on MS Store✨

CISO Assistant is a one-stop-shop GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, Privacy, and Reporting. It supports 100+ global frameworks with automatic control mapping, including ISO 27001, NIST CSF, SOC 2, CIS, PCI DSS, NIS2, DORA, GDPR, HIPAA, CMMC, and more.

InSpec: Auditing and Testing Framework

A FAST Kubernetes manifests validator, with support for Custom Resources!

Security automation content in SCAP, Bash, Ansible, and other formats

HardeningKitty and Windows Hardening Settings

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Open-source infrastructure and data orchestration platform for risk decisioning

macOS Security Compliance Project

A suite of tools to automate software compliance checks.

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.

NIST Certified SCAP 1.2 toolkit

Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber

🧵 CLI tool for directly patching container images!

HummerRisk 是云原生安全平台，包括混合云安全治理和云原生安全检测。

Compliance automation framework, focused on SOC2

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

a lightweight, security focused, BDD test framework against terraform.

AI Native platform to get companies compliant - Vanta & Drata Alternative

Secure Vault for Customer PII/PHI/PCI/KYC Records