Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 17 Go Compliance Projects
-
immudb
immudb - immutable database based on zero trust, SQL/Key-Value/Document model, tamperproof, data change history
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
-
copacetic
🧵 CLI tool for directly patching container images using reports from vulnerability scanners
-
xeol
A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
-
chainloop
Chainloop is an Open Source Metadata Vault for your Software Supply Chain metadata, SBOMs, VEX, SARIF files, QA reports, and more.
-
guardian
Guardian is universal data access management tool with automated access workflows and security controls across data stores, analytical systems, and cloud products. (by raystack)
-
conceal
A command line utility that provides a secure method to get your secrets from your existing password manager. :lock:
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
How can we handle this? Are there any mechanisms to prevent or at least to some extent safeguard this kind of issues without falling back to a manual workflow? There is. One huge advantage of sticking to (de-facto) standards like Terraform is that first we are probably not the first ones to come up with this question and second there is a huge ecosystem around Terraform that might help us with such challenges. And for this specific scenario the solution is the Open Policy Agent. Let us take a closer look how the solution could look like.
Project mention: Ask HN: What is your experience of tamper proof systems? | news.ycombinator.com | 2024-01-05
Project mention: A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons | dev.to | 2024-04-16tfsec Owner/Maintainer: Aqua Security (acquired in 2021) Age: First released on GitHub on March 5th, 2019 License: MIT License tfsec project is no longer actively maintained in favor of the Trivy tool. But because many people still use it and it's quite famous, I added tfsec to this comparison. However, I recommend against using it for new projects.
If you want to validate your resources against the schema of the resources (mind you also crds) you can use kubeconform.
Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26
There are even some free open source policy generator tools like this one: https://github.com/strongdm/comply
Project mention: copacetic: 🧵 CLI tool for directly patching container images using reports from vulnerability scanners | /r/blueteamsec | 2023-11-25
Project mention: Choosing the “old stuff” as plugin SDK for Go in 2023 | news.ycombinator.com | 2023-07-06
You need to do some manual labor as it is not supported by AWS. I hope I peaked your interest to check out the aws-security-posture project.
Go Compliance related posts
- Rego for beginners: Introduction to Rego
- Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python
- Everything You Need to Know About the Difference Between OPA's Rego and AWS Cedar
- Evolving Authorization for Our Advertising Platform
- SOC2: Drata, Scrut, Vanta
-
OPA (Open Policy Agent) VS selefra - a user suggested alternative
2 projects | 20 Mar 2023
- Simple, Self-Hosted Centralized Logging
-
A note from our sponsor - InfluxDB
www.influxdata.com | 19 Apr 2024
Index
What are some of the best open-source Compliance projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | OPA (Open Policy Agent) | 9,104 |
2 | immudb | 8,481 |
3 | tfsec | 6,529 |
4 | kubeconform | 1,912 |
5 | bearer | 1,720 |
6 | Databunker | 1,203 |
7 | comply | 1,191 |
8 | Open-Source-Security-Guide | 846 |
9 | copacetic | 770 |
10 | xeol | 315 |
11 | opa-envoy-plugin | 304 |
12 | chainloop | 296 |
13 | reposaur | 280 |
14 | cnspec | 233 |
15 | guardian | 134 |
16 | conceal | 59 |
17 | aws-security-posture | 2 |