Top 23 Python Compliance Projects

Compliance

• Add a project

1. prowler

   1 30 13,949 9.9 Python

   Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

   

   Project mention: CIS AWS v3.0 in 60 Seconds: Automate Compliance with Terraform | dev.to | 2026-03-27

   And you're probably guessing that I'm not the first person to have the idea - we need to automate this. AWS Security Hub maps 37 controls. Prowler all of them. However, none of them answer the question of how to fix them (at least not by copy-pasting).

2. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

3. checkov

   2 72 8,763 9.4 Python

   Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

   

   Project mention: [PT-BR] Guia de Módulo OpenTofu AWS EC2: Requisitos, Testes e Estratégia BDD | dev.to | 2026-04-24

4. cloud-custodian

   3 33 5,996 9.3 Python

   Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

   

   Project mention: Show HN: Infrabase: Natural language rules engine to manage your cloud account | news.ycombinator.com | 2025-06-13

   [2] Cloud Custodian: https://github.com/cloud-custodian/cloud-custodian

5. ciso-assistant-community

   4 7 4,103 9.9 Python

   CISO Assistant is a one-stop-shop GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, BIA, Privacy, and Reporting. It supports 150+ global frameworks with automatic control mapping, including ISO 27001, NIST CSF, SOC 2, CIS, PCI DSS, NIS2, DORA, GDPR, HIPAA, CMMC, and more.

   

   Project mention: CISO Assistant, the open-source GRC platform introduces CRQ | news.ycombinator.com | 2025-09-15

6. agent-governance-toolkit

   5 10 3,912 9.6 Python

   AI Agent Governance Toolkit — Policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering for autonomous AI agents. Covers 10/10 OWASP Agentic Top 10.

   

   Project mention: AI Agent Governance Follows the Execution Path | Focused Labs | dev.to | 2026-06-09

   There is a key distinction here between prompt-level safety and the safety of the application code. Even stochastic systems can be designed to request safe actions. When we write application code that invokes tools, we can, as a rule, intercept the tool call on the wire before it actually executes, i.e. implement deterministic safety as opposed to stochastic safety of the prompt. The Agent Governance Toolkit README quick-start does just this, and governs tool calls by wrapping them in a function, for example govern(my_tool, policy="policy.yaml"), which logs information about the call, makes the decision, and returns GovernanceDenied when policy blocks the action.

7. cli

   6 9 1,455 6.8 Python

   a lightweight, security focused, BDD test framework against terraform. (by terraform-compliance)

   

   Project mention: [PT-BR] Guia de Módulo OpenTofu AWS EC2: Requisitos, Testes e Estratégia BDD | dev.to | 2026-04-24

8. dep-scan

   7 4 1,242 7.5 Python

   OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

   

   Project mention: Slopsquatting: AI Hallucinations as Supply Chain Attacks | dev.to | 2026-03-04

   Add a CI gate. Integrate Software Composition Analysis into your pipeline. Tools like OWASP dep-scan flag unknown or newly published packages before they reach production. Generate and sign Software Bills of Materials (SBOMs) for every build so each dependency is auditable. If a package does not appear in your organization's approved registry, the build should fail.

9. ElectricEye

   8 1 1,041 3.0 Python

   ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

   

10. tern

    9 2 1,017 3.2 Python

    Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more. (by tern-tools)

    

11. privado

    10 21 643 7.2 Python

    Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.

    

12. binaryanalysis-ng

    11 1 528 8.8 Python

    Binary Analysis Next Generation (BANG)

    

13. iambic

    12 11 300 6.7 Python

    IAMbic is Version-Control for IAM. It centralizes and simplifies cloud access and permissions. It maintains an eventually consistent, human-readable, bi-directional representation of IAM in Git.

    

14. compliance-trestle

    13 1 257 9.2 Python

    An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.

    

15. aws-allowlister

    14 3 224 0.0 Python

    Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.

    

16. Internet.nl

    15 7 221 8.6 Python

    Internet standards compliance test suite

    

    Project mention: Async DNS | news.ycombinator.com | 2025-12-12

    It falls into the category that most people think they understand DNS, the same as JavaScript, or e.g. elections, but the devil is in the detail. And I can tell you, at least for DNS (and Dutch Elections), it's kind of tricky, see fun cases like https://github.com/internetstandards/Internet.nl/issues/1370 and I thought the same before I had my current job which involves quite some tricky DNS stuff (and regarding this we also sometimes encounter bugs in unbound https://github.com/internetstandards/Internet.nl/issues/1803 )

17. Information-Security-Tasks

    16 1 180 4.9 Python

    This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

    

18. validity

    17 1 176 7.0 Python

    NetBox plugin to validate network devices (by amyasnikov)

    

19. asqav-sdk

    18 12 168 9.7 Python

    Python SDK for AI agent governance - audit trails, policy enforcement, quantum-safe signatures. Works with LangChain, CrewAI, MCP.

    

    Project mention: Asqav now ships on npm. TypeScript agent governance is live | dev.to | 2026-04-27

    import { init, Agent } from "@asqav/sdk"; init({ apiKey: process.env.ASQAV_API_KEY }); const agent = await Agent.create({ name: "support-bot" }); await agent.startSession(); const sig = await agent.sign({ actionType: "stripe.refund", context: { amount: 1500, reason: "customer dispute" } }); console.log(sig.verificationUrl); // https://asqav.com/verify/sig_abc123 await agent.endSession({ status: "completed" });

20. compliance-checker

    19 0 131 8.9 Python

    Python tool to check your datasets against compliance standards

    

21. cloud-audit

    20 3 57 8.2 Python

    Fast, opinionated AWS security scanner. Curated checks. Zero noise. Copy-paste fixes.

    

    Project mention: Show HN: Cloud-audit – AWS scanner that chains findings into attack paths | news.ycombinator.com | 2026-04-01

22. tlsassistant

    21 2 51 0.6 Python

    An open-source modular framework capable of identifying a wide range of TLS vulnerabilities and assessing compliance with multiple guidelines. Its actionable report can assist the user in correctly and easily fixing their configurations.

    

23. secureml

    22 1 25 7.3 Python

    Easy-to-use utilities to build privacy-preserving AI.

    

24. rag-firewall

    23 1 22 7.6 Python

    Client-side retrieval firewall for RAG systems — blocks prompt injection and secret leaks, re-ranks stale or untrusted content, and keeps all data inside your environment.

    

    Project mention: Show HN: RAG Firewall – retrieval-time guardrails for LangChain/LlamaIndex | news.ycombinator.com | 2025-08-29

Python Compliance related posts

• AI Agent Governance Follows the Execution Path | Focused Labs

  1 project | dev.to | 9 Jun 2026

• Microsoft ACS SDK: Agent Control Sandbox PoC

  2 projects | dev.to | 3 Jun 2026

• Show HN: AERF, signed control events for AI agent actions

  3 projects | news.ycombinator.com | 2 Jun 2026

• Agent Governance Toolkit

  1 project | news.ycombinator.com | 27 May 2026

• AI Agent Governance Toolkit

  1 project | news.ycombinator.com | 26 May 2026

• Aspect-Oriented Programming for AI Agents: Hookflows as an Event Bus

  2 projects | dev.to | 20 May 2026

• I Built a Runtime Governance Tool for AI Agents — Here's Why Your Agents Need It

  3 projects | dev.to | 7 May 2026
• A note from our sponsor - SaaSHub
  www.saashub.com | 9 Jun 2026

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!