#
compliance
Here are 272 public repositories matching this topic...
An open source, general-purpose policy engine.
-
Updated
Aug 24, 2020 - Go
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
security
intrusion-detection
pci-dss
compliance
hids
fim
loganalyzer
ossec
policy-monitoring
nist800-53
file-integrity-management
-
Updated
Aug 10, 2020 - C
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
-
Updated
Aug 24, 2020 - Python
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains all CIS controls listed here https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf and more than 100 additional checks that help on GDPR, HIPAA and other security requirements.
aws
security
cis
security-audit
cloud
aws-cli
assessment
forensics
compliance
hardening
security-hardening
hipaa
cloudtrail
gdpr
security-tools
cis-benchmark
aws-auditing
prowler
well-architected
-
Updated
Aug 21, 2020 - Shell
aaronlippold
commented
Aug 4, 2020
The postgres_session resource needs to allow the user to pass a port for the target db as we do for host and db_name etc
Wazuh - The Open Source Security Platform
security
elasticsearch
log-analysis
monitoring
incident-response
ids
intrusion-detection
pci-dss
compliance
security-hardening
loganalyzer
vulnerability-detection
ossec
openscap
wazuh
policy-monitoring
security-awareness
file-integrity-management
-
Updated
Aug 24, 2020 - C
kmcquade
commented
Jan 13, 2020
Hi, great project. I'd like to make a request. Right now, to exclude rules, you have to modify the code to "a comment containing tfsec:ignore:<RULE> to the offending line in your templates", per the README. It would be very useful if we could do this via CLI args as well, for assessment purposes.
Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
windows
auditing
certificates
chrome-browser
audit
windows-10
windows-server
compliance
nessus
group-policy
applocker
internet-explorer
windows-firewall
microsoft-office
windows-server-2016
adobe-reader
-
Updated
Sep 12, 2018 - HTML
jonjozwiak
commented
Jun 18, 2020
Check to confirm CloudTrail is configured for multi-region.
CloudFormation - IsMultiRegionTrail: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.html
Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats
security
ansible
cybersecurity
pci-dss
application-security
compliance
scap
hardening
security-hardening
xccdf
oval
cpe
information-security
cce
usgcb
ospp
stig
security-automation
security-tools
security-profile
-
Updated
Aug 24, 2020 - Python
Open
`make install`
stouset
commented
Jun 6, 2018
We should make it easier to install this plugin.
AyanSinhaMahapatra
commented
Oct 15, 2019
Description
Running the following command:
./scancode -clpieu --json-pp facet_summary.json samples --summary --facet dev=*.java --summary-by-facet
Generates the following Error
ERROR: failed to run post-scan plugin: summary-by-facet:
Traceback (most recent call last):
File "/home/ayansm/Desktop/GSoD/scancode-toolkit-versions/scancode-toolkit-3.1.1/src/scancode/cli.py", lin
a lightweight, security focused, BDD test framework against terraform.
-
Updated
Aug 24, 2020 - Python
alexmylonas
commented
May 13, 2020
Describe the ideal solution
We need a new endpoint that functions as getIntegrationById endpoint.
Describe your use cases
We currently fetching all integration via appsync (or more specifically a sub-category of integrations based on integrationType) and iterate until we find one that matches the integrationId passed.
How frequently would you use such feature
Although, we
NIST Certified SCAP 1.2 toolkit
-
Updated
Aug 24, 2020 - XSLT
The GDPR Checklist
-
Updated
Aug 18, 2020 - JavaScript
Compliance automation framework, focused on SOC2
-
Updated
Aug 14, 2020 - Go
Symmetric Encryption for Ruby Projects using OpenSSL
-
Updated
Aug 20, 2020 - Ruby
GMishx
commented
May 8, 2020
Description
With PR #1713, the class UIExportList can export copyrights as well. Since the REST API uses the call to get license list, an option to export copyright list can be
sschuberth
commented
May 10, 2020
The code at
can be simplified now that Stack 2.3.1 supports ls dependencies json.
Continuous Auditing & Configuration
auditing
devops
automation
configuration-management
compliance
continuous-configuration
continous-auditing
-
Updated
Aug 24, 2020 - Scala
A common framework enabling companies to work together to protect consumers' privacy and data rights.
open-source
privacy
data-driven
compliance
portability
gdpr
right-to-be-forgotten
data-processor
data-portability
data-subject-request
ccpa
california-privacy
-
Updated
Jul 30, 2020
Wazuh - Ruleset
security
elasticsearch
log-analysis
monitoring
incident-response
ids
intrusion-detection
pci-dss
compliance
security-hardening
loganalyzer
vulnerability-detection
ossec
openscap
wazuh
policy-monitoring
security-awareness
file-integrity-management
-
Updated
Aug 21, 2020 - Python
IgnacioRV
commented
Feb 7, 2020
Description
Currently add_failure takes the values required to create a failure, creates it then adds it to the Result object's failed_rules
On the other hand add_warning takes a Failure object directly.
Proposed solution
The methods should be updated so that they both have the same behavior (or maybe even just add an add_finding method which takes a type that can be either Failure o
List of DNS violations by implementations, software and/or systems
-
Updated
Jul 28, 2020
A small Ruby Gem to run RSpec and Serverspec, Infrataster and Capybara tests against Dockerfiles or Docker images easily.
testing
docker
devops
circleci
tdd
travis-ci
docker-compose
rspec
spec
capybara
serverspec
compliance
tdd-utilities
rspec-retry
-
Updated
Aug 30, 2017 - Ruby
Wazuh - Docker containers
docker
security
elasticsearch
log-analysis
monitoring
incident-response
ids
intrusion-detection
pci-dss
compliance
security-hardening
loganalyzer
vulnerability-detection
ossec
openscap
wazuh
policy-monitoring
security-awareness
file-integrity-management
-
Updated
Aug 24, 2020 - Shell
Wazuh - Kibana plugin
security
elasticsearch
kibana
log-analysis
monitoring
incident-response
ids
intrusion-detection
pci-dss
compliance
security-hardening
loganalyzer
vulnerability-detection
ossec
openscap
gdpr
wazuh
policy-monitoring
security-awareness
file-integrity-management
-
Updated
Aug 24, 2020 - JavaScript
Improve this page
Add a description, image, and links to the compliance topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the compliance topic, visit your repo's landing page and select "manage topics."
It would be nice if lynis would gather (and report in the portal/reports) information about user-accounts: