SaaSHub helps you find the best software and product alternatives Learn more →
Top 18 Python Compliance Projects
-
prowler
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.
11. Prowler
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Prior to deploying kubernetes manifest files to EKS Cluster, supplementary steps need to be added to prevent security and misconfiguration issue by using both *Checkov *and Trivy . Also, we will use seperate ArgoCD account from admin user that we’ve used in the previous lab. This will follow ArgoCD RBAC rule to secure ArgoCD and EKS cluster ultimately.
-
cloud-custodian
Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Project mention: Cutting down AWS cost by $150k per year simply by shutting things off | news.ycombinator.com | 2024-01-22> The best optimization is simply shutting things off
This is the way.
A similar idea has been bouncing around in my mind for a while now. An ideal, turnkey system would do the following:
- Execute via Lambda (serverless).
- Support automated startup and shutdown of various AWS resources on a schedule influenced by specially formatted tags.
- Enable resources to be brought back up out of schedule when demand dictates.
- Operate as a TCP/HTTP proxy that can delay clients so that a given service can be started when it is dormant or, even better, the service isn't serverless but you want it to be. This can't work for everything, but perhaps enough things such that the need to run always on services is reduced.
Cloud Custodian [1] can purportedly do some of this, but I've been reluctant to learn yet another YAML-based DSL to use it.
So this is my "make things designed to be always-on serverless instead" project and the work AWS has done to make Java apps function on Lambda keeps me thinking about the potential to take things that 1) have a relatively long startup time and 2) are designed to be long running service loops, and find a way to force them into the serverless execution model.
[1] https://cloudcustodian.io/
-
cli
a lightweight, security focused, BDD test framework against terraform. (by terraform-compliance)
-
ciso-assistant-community
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, 800-171, CyFun, CJIS, AirCyber, NCSC, ECC, SCF and so much more
Project mention: CISO Assistant, Open-source solution with and30 cybersecurity frameworks | news.ycombinator.com | 2024-04-29 -
dep-scan
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
-
tern
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more. (by tern-tools)
4. Tern
-
ElectricEye
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks
-
betterscan
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
-
privado
Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.
-
-
iambic
IAMbic is Version-Control for IAM. It centralizes and simplifies cloud access and permissions. It maintains an eventually consistent, human-readable, bi-directional representation of IAM in Git.
-
aws-allowlister
Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.
-
Project mention: Internet.nl – test tool for modern internet standards | news.ycombinator.com | 2024-06-05
-
compliance-trestle
An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.
-
-
cfn-guard-test
This tool allows you to easily run your cfn-guard tests against your cfn-guard rules.
-
Python Compliance discussion
Python Compliance related posts
-
CISO Assistant, Open-source solution with and30 cybersecurity frameworks
-
Free open-source solution for cybersecurity posture management (GRC)
-
When have you screwed up, bad?
-
Open-Source tools for monitoring ML/AI usage- Recommendations?
-
Open source IAM-as-code through IAMbic
-
Open source IAM-as-code
-
Are there any open source tools to centrally manage IAM policies?
-
A note from our sponsor - SaaSHub
www.saashub.com | 5 Dec 2024
Index
What are some of the best open-source Compliance projects in Python? This list will help you:
Project | Stars | |
---|---|---|
1 | prowler | 10,910 |
2 | checkov | 7,173 |
3 | cloud-custodian | 5,479 |
4 | cli | 1,363 |
5 | ciso-assistant-community | 1,186 |
6 | dep-scan | 1,030 |
7 | tern | 968 |
8 | ElectricEye | 962 |
9 | betterscan | 822 |
10 | privado | 507 |
11 | binaryanalysis-ng | 480 |
12 | iambic | 285 |
13 | aws-allowlister | 224 |
14 | Internet.nl | 179 |
15 | compliance-trestle | 168 |
16 | validity | 142 |
17 | cfn-guard-test | 6 |
18 | report2junit | 4 |