{"id":46032587,"url":"https://github.com/frousselet/open-grc","last_synced_at":"2026-03-10T00:07:22.541Z","repository":{"id":341290214,"uuid":"1168307919","full_name":"frousselet/open-grc","owner":"frousselet","description":"GRC tool","archived":false,"fork":false,"pushed_at":"2026-03-06T22:44:14.000Z","size":1336,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-07T01:41:35.627Z","etag":null,"topics":["ebios-rm","grc","hds","isms","iso27001","iso27005","risk","risk-management","security"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/frousselet.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-27T08:35:47.000Z","updated_at":"2026-03-06T22:25:29.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/frousselet/open-grc","commit_stats":null,"previous_names":["frousselet/open-grc"],"tags_count":37,"template":false,"template_full_name":null,"purl":"pkg:github/frousselet/open-grc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frousselet%2Fopen-grc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frousselet%2Fopen-grc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frousselet%2Fopen-grc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frousselet%2Fopen-grc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/frousselet","download_url":"https://codeload.github.com/frousselet/open-grc/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/frousselet%2Fopen-grc/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30317724,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-09T20:05:46.299Z","status":"ssl_error","status_checked_at":"2026-03-09T19:57:04.425Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ebios-rm","grc","hds","isms","iso27001","iso27005","risk","risk-management","security"],"created_at":"2026-03-01T04:12:57.280Z","updated_at":"2026-03-10T00:07:22.534Z","avatar_url":"https://github.com/frousselet.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Open GRC\n\nOpen-source Governance, Risk and Compliance (GRC) platform built with Django.\n\n## Features\n\n### Governance (Context \u0026 Organisation)\n\n- **Scopes** — hierarchical organisational perimeters with versioning and approval workflow\n- **Sites** — physical and logical locations (offices, datacenters, cloud regions) with hierarchy\n- **Issues** — internal/external strategic issues (PESTLE categories) with impact and trend tracking\n- **Stakeholders** — interested parties with expectations, influence/interest levels and RACI support\n- **Objectives** — security and business objectives with KPI tracking (target/current values, progress %)\n- **SWOT Analysis** — structured strengths/weaknesses/opportunities/threats with impact levels\n- **Roles \u0026 Responsibilities** — RACI matrix, mandatory role enforcement, responsibility assignments\n- **Activities** — hierarchical business processes (core, support, management) with criticality levels\n\n### Asset Management\n\n- **Essential Assets** — business processes and information assets with DIC valuation (Confidentiality, Integrity, Availability on a 5-level scale)\n- **Support Assets** — IT infrastructure (hardware, software, network, services, sites, people) with lifecycle tracking (EOL, warranty)\n- **Dependencies** — essential-to-support asset mapping with criticality, SPOF detection and redundancy tracking\n- **Asset Groups** — logical grouping of support assets\n- **DIC Inheritance** — support assets automatically inherit max DIC levels from linked essential assets\n- **Valuations** — historical DIC evaluation tracking per essential asset\n\n### Risk Management\n\n- **Risk Assessments** — ISO 27005 and EBIOS RM methodologies\n- **Risk Criteria** — configurable likelihood/impact scales with dynamic risk matrix generation\n- **Risks** — three-level tracking (initial, current, residual) with treatment decisions (accept, mitigate, transfer, avoid)\n- **Threat Catalog** — reusable threats by type (deliberate, accidental, environmental) and origin\n- **Vulnerability Catalog** — reusable vulnerabilities with severity, CVE references and remediation guidance\n- **ISO 27005 Analysis** — atomic threat x vulnerability risk scenarios with combined likelihood/impact calculation\n- **Treatment Plans** — structured remediation with ordered actions, progress tracking and cost estimates\n- **Risk Acceptance** — formal acceptance records with expiry dates, conditions and review tracking\n- **Risk Matrices** — visual heatmaps (current vs residual)\n\n### Compliance\n\n- **Frameworks** — regulatory and standard frameworks (ISO 27001, GDPR, NIS2, etc.) with type, category and jurisdiction\n- **Sections** — hierarchical framework structure\n- **Requirements** — per-framework requirements with compliance status, evidence and gap tracking\n- **Assessments** — compliance evaluations with per-requirement results and automatic compliance level calculation\n- **Action Plans** — gap remediation plans with priority, progress and cost tracking\n- **Inter-Framework Mappings** — requirement-to-requirement mappings across frameworks (equivalent, partial, includes, related)\n- **Framework Import** — Excel-based bulk import of frameworks and requirements\n\n### Users \u0026 Access Control\n\n- **Custom User Model** — email-based authentication with UUID primary keys\n- **Role-Based Access Control** — granular permissions (90+) using `module.feature.action` codenames\n- **6 System Groups** — Super Admin, Admin, RSSI/DPO, Auditor, Contributor, Reader\n- **Scope-Based Tenancy** — groups can be restricted to specific organisational scopes\n- **Account Security** — failed login lockout (5 attempts / 15 min), password complexity enforcement\n- **Dual Authentication** — session-based (web UI) + JWT with token rotation (API)\n- **Access Logs** — full audit trail of authentication events (login, logout, lockout, password change)\n\n### Cross-Cutting Capabilities\n\n- **Approval Workflows** — two-step approval (submit / approve) on all domain models with dedicated permissions\n- **Audit Trail** — full change history on every model via django-simple-history\n- **Versioning** — automatic version increment on all domain objects\n- **Contextual Help** — inline help banners with multilingual content (FR/EN)\n- **Excel Export** — export assets, risks, compliance data to Excel\n- **Dark Mode** — automatic theme switching based on OS preference\n- **Responsive UI** — collapsible sidebar, mobile-friendly layout\n- **REST API** — full CRUD + filtering, search, pagination and export on all resources\n- **HTMX Integration** — dynamic partial updates without full page reloads\n\n## Tech Stack\n\n| Component | Technology |\n|-----------|-----------|\n| Backend | Django 5.2 LTS |\n| Database | PostgreSQL 16 |\n| REST API | Django REST Framework |\n| Authentication | djangorestframework-simplejwt |\n| Audit Trail | django-simple-history |\n| Filtering | django-filter |\n| Frontend | Bootstrap 5.3 + HTMX |\n| Export | openpyxl |\n| Server | Gunicorn |\n| Container | Docker \u0026 Docker Compose |\n\n## Getting Started\n\n### Prerequisites\n\n- [Docker](https://docs.docker.com/get-docker/)\n- [Docker Compose](https://docs.docker.com/compose/install/)\n\n### Quick Start\n\n1. Copy the environment file:\n\n```bash\ncp .env.example .env\n```\n\n2. Start the services:\n\n```bash\ndocker compose up --build\n```\n\n3. Apply migrations (in another terminal):\n\n```bash\ndocker compose exec web python manage.py migrate\n```\n\n4. Create a superuser:\n\n```bash\ndocker compose exec web python manage.py createsuperuser\n```\n\nThe application is available at [http://localhost:8000](http://localhost:8000).\nThe admin interface is at [http://localhost:8000/admin/](http://localhost:8000/admin/).\n\n### Using the Docker Hub Image\n\nYou can run Open GRC directly from the published image without cloning the repository.\n\nCreate a `docker-compose.yml` file:\n\n```yaml\nservices:\n  web:\n    image: frousselet/open-grc:latest\n    ports:\n      - \"8000:8000\"\n    environment:\n      SECRET_KEY: change-me-to-a-random-secret-key\n      DEBUG: \"False\"\n      ALLOWED_HOSTS: localhost,127.0.0.1\n      POSTGRES_DB: open_grc\n      POSTGRES_USER: postgres\n      POSTGRES_PASSWORD: postgres\n      POSTGRES_HOST: db\n      POSTGRES_PORT: \"5432\"\n    depends_on:\n      db:\n        condition: service_healthy\n\n  db:\n    image: postgres:16\n    volumes:\n      - postgres_data:/var/lib/postgresql/data\n    environment:\n      POSTGRES_DB: open_grc\n      POSTGRES_USER: postgres\n      POSTGRES_PASSWORD: postgres\n    healthcheck:\n      test: [\"CMD-SHELL\", \"pg_isready -U postgres\"]\n      interval: 5s\n      timeout: 5s\n      retries: 5\n\nvolumes:\n  postgres_data:\n```\n\nThen start the stack:\n\n```bash\ndocker compose up -d\ndocker compose exec web python manage.py migrate\ndocker compose exec web python manage.py createsuperuser\n```\n\n## Licence\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffrousselet%2Fopen-grc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffrousselet%2Fopen-grc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffrousselet%2Fopen-grc/lists"}