#
compliance
Here are 279 public repositories matching this topic...
An open source, general-purpose policy engine.
-
Updated
Sep 12, 2020 - Go
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
security
intrusion-detection
pci-dss
compliance
hids
fim
loganalyzer
ossec
policy-monitoring
nist800-53
file-integrity-management
-
Updated
Sep 11, 2020 - C
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
-
Updated
Sep 11, 2020 - Python
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains all CIS controls listed here https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf and more than 100 additional checks that help on GDPR, HIPAA and other security requirements.
aws
security
cis
security-audit
cloud
aws-cli
assessment
forensics
compliance
hardening
security-hardening
hipaa
cloudtrail
gdpr
security-tools
cis-benchmark
aws-auditing
prowler
well-architected
-
Updated
Sep 7, 2020 - Shell
mjmenger
commented
Aug 31, 2020
Describe the problem
when executing an inspec profile from a remote repository with a default branch not named master the following error is returned.
inspec exec https://github.com/org/profile.git
Profile git dependency failed - unable to resolve ma
Wazuh - The Open Source Security Platform
security
elasticsearch
log-analysis
monitoring
incident-response
ids
intrusion-detection
pci-dss
compliance
security-hardening
loganalyzer
vulnerability-detection
ossec
openscap
wazuh
policy-monitoring
security-awareness
file-integrity-management
-
Updated
Sep 12, 2020 - C
kmcquade
commented
Jan 13, 2020
Hi, great project. I'd like to make a request. Right now, to exclude rules, you have to modify the code to "a comment containing tfsec:ignore:<RULE> to the offending line in your templates", per the README. It would be very useful if we could do this via CLI args as well, for assessment purposes.
immudb is a lightweight, high-speed immutable database for systems and applications
go
golang
immutable
database
key-value
verification
pci-dss
compliance
merkle-tree
immutable-database
gdpr
sensitive-data
regulations
tamperproof
-
Updated
Sep 12, 2020 - Go
Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
windows
auditing
certificates
chrome-browser
audit
windows-10
windows-server
compliance
nessus
group-policy
applocker
internet-explorer
windows-firewall
microsoft-office
windows-server-2016
adobe-reader
-
Updated
Sep 12, 2018 - HTML
jonjozwiak
commented
Jun 18, 2020
Check to confirm CloudTrail is configured for multi-region.
CloudFormation - IsMultiRegionTrail: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.html
Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats
security
ansible
cybersecurity
pci-dss
application-security
compliance
scap
hardening
security-hardening
xccdf
oval
cpe
information-security
cce
usgcb
ospp
stig
security-automation
security-tools
security-profile
-
Updated
Sep 11, 2020 - Python
Open
`make install`
stouset
commented
Jun 6, 2018
We should make it easier to install this plugin.
pombredanne
commented
Sep 5, 2020
There are about ~240 URLs and licenses listed at https://directory.fsf.org/wiki?title=Category:License
We should:
- ensure that we can detect all of them
- ensure that we can detect their URL
We should also add as an "other_urls" ech URL to the corresponding license YAML
a lightweight, security focused, BDD test framework against terraform.
-
Updated
Sep 9, 2020 - Python
alexmylonas
commented
May 13, 2020
Describe the ideal solution
We need a new endpoint that functions as getIntegrationById endpoint.
Describe your use cases
We currently fetching all integration via appsync (or more specifically a sub-category of integrations based on integrationType) and iterate until we find one that matches the integrationId passed.
How frequently would you use such feature
Although, we
NIST Certified SCAP 1.2 toolkit
-
Updated
Sep 11, 2020 - XSLT
The GDPR Checklist
-
Updated
Sep 7, 2020 - JavaScript
Compliance automation framework, focused on SOC2
-
Updated
Aug 14, 2020 - Go
Symmetric Encryption for Ruby Projects using OpenSSL
-
Updated
Aug 20, 2020 - Ruby
GMishx
commented
May 8, 2020
Description
With PR #1713, the class UIExportList can export copyrights as well. Since the REST API uses the call to get license list, an option to export copyright list can be
sschuberth
commented
May 10, 2020
The code at
can be simplified now that Stack 2.3.1 supports ls dependencies json.
Continuous Auditing & Configuration
auditing
devops
automation
configuration-management
compliance
continuous-configuration
continous-auditing
-
Updated
Sep 11, 2020 - Scala
A common framework enabling companies to work together to protect consumers' privacy and data rights.
open-source
privacy
data-driven
compliance
portability
gdpr
right-to-be-forgotten
data-processor
data-portability
data-subject-request
ccpa
california-privacy
-
Updated
Jul 30, 2020
Wazuh - Ruleset
security
elasticsearch
log-analysis
monitoring
incident-response
ids
intrusion-detection
pci-dss
compliance
security-hardening
loganalyzer
vulnerability-detection
ossec
openscap
wazuh
policy-monitoring
security-awareness
file-integrity-management
-
Updated
Sep 7, 2020 - Python
IgnacioRV
commented
Feb 7, 2020
Description
Currently add_failure takes the values required to create a failure, creates it then adds it to the Result object's failed_rules
On the other hand add_warning takes a Failure object directly.
Proposed solution
The methods should be updated so that they both have the same behavior (or maybe even just add an add_finding method which takes a type that can be either Failure o
List of DNS violations by implementations, software and/or systems
-
Updated
Jul 28, 2020
A small Ruby Gem to run RSpec and Serverspec, Infrataster and Capybara tests against Dockerfiles or Docker images easily.
testing
docker
devops
circleci
tdd
travis-ci
docker-compose
rspec
spec
capybara
serverspec
compliance
tdd-utilities
rspec-retry
-
Updated
Aug 30, 2017 - Ruby
Wazuh - Docker containers
docker
security
elasticsearch
log-analysis
monitoring
incident-response
ids
intrusion-detection
pci-dss
compliance
security-hardening
loganalyzer
vulnerability-detection
ossec
openscap
wazuh
policy-monitoring
security-awareness
file-integrity-management
-
Updated
Sep 10, 2020 - Shell
Improve this page
Add a description, image, and links to the compliance topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the compliance topic, visit your repo's landing page and select "manage topics."
It would be nice if lynis would gather (and report in the portal/reports) information about user-accounts: