An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with compliance-as-code

A curated list of projects in awesome lists tagged with compliance-as-code .

https://github.com/HummerRisk/HummerRisk

HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。

cloud-custodian cloud-native cloud-native-security compliance compliance-as-code cspm k8s-security kubernetes-security prowler sbom security trivy vulnerability

Last synced: 01 May 2025

https://github.com/hummerrisk/hummerrisk

HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。

cloud-custodian cloud-native cloud-native-security compliance compliance-as-code cspm k8s-security kubernetes-security prowler sbom security trivy vulnerability

Last synced: 14 May 2025

https://github.com/awslabs/aws-config-engine-for-compliance-as-code

Manage AWS Config Rules at scale in AWS multi-account and/or multi-region environment; with fully configurable deployment (RuleSets) and analytics.

aws-config compliance-as-code multi-account

Last synced: 16 May 2025

https://github.com/aws-samples/aws-control-tower-controls-terraform

This repository describes how to use AWS Control Tower controls, HashiCorp Terraform, and infrastructure as code (IaC) to implement and administer preventive, detective, and proactive security controls. A control (also known as a guardrail) is a high-level rule that provides ongoing governance for your overall AWS Control Tower environment.

aws-control-tower aws-organizations cloud-native compliance compliance-as-code governance identity infrastructure infrastructure-as-code management security

Last synced: 24 Jun 2026

https://github.com/paulveillard/cybersecurity-soar

A collection of awesome framework, libraries, learning tutorials, videos, webcasts, technical resources and cool stuff about Security Orchestration, Automation and Response (SOAR).

compliance-as-code compliant cyber-threat-intelligence design-patterns hacking-tools incident-management incident-matrix incident-response ios-hacking orchestration orchestration-services os-hardening regulatory scalability scalable-applications security-hardening siem soar

Last synced: 30 Jan 2026

https://github.com/complianceascode/auditree-framework

The Auditree framework tool to run compliance control checks as unit tests.

compliance compliance-as-code compliance-automation continuous-compliance devops devsecops python

Last synced: 10 Apr 2025

https://github.com/ethyca/fidesops

Privacy as Code for DSAR Orchestration: Privacy Request automation to fulfill GDPR, CCPA, and LGPD data subject requests.

compliance compliance-as-code compliance-automation data-privacy gdpr gdpr-compliant privacy privacy-as-code

Last synced: 04 Apr 2025

https://github.com/GoogleCloudPlatform/gcp-hardening-toolkit

Deep GCP security hardening via automated triage and state-aware IaC. Built to power rapid, agile task-force engagements and remediate complex brownfield environments at scale.

compliance-as-code gcp gemini-cli-extension google-cloud-platform policy-as-code security-hardening terraform

Last synced: 24 Jun 2026

https://github.com/googlecloudplatform/gcp-hardening-toolkit

Deep GCP security hardening via automated triage and state-aware IaC. Built to power rapid, agile task-force engagements and remediate complex brownfield environments at scale.

compliance-as-code gcp gemini-cli-extension google-cloud-platform policy-as-code security-hardening terraform

Last synced: 29 Apr 2026

https://github.com/zsolt-halo/aws-config-advanced-query

A collection of useful queries that can be used to verify compliance/security across your AWS assets

aws aws-athena aws-config aws-config-rules compliance-as-code rdk

Last synced: 24 Dec 2025

https://github.com/paulveillard/cybersecurity-soc-compliance

A collection of awesome framework, libraries, documents, learning tutorials, resources about SOC 2 tools and processes.

compliance-as-code compliance-automation compliance-service security-compliance soc2 soc2-classification-nonproduction soc2-classification-production soc2-evidence soc2-platform

Last synced: 07 Jan 2026

https://github.com/undergroundwires/ez-consent

🍪 Minimal & vanilla JS only cookie consent banner with no dependencies with Google consent mode support

compliance-as-code consent-mode cookie-banner cookie-consent cookie-consent-banner cookie-law gdpr google-tag-manager privacy

Last synced: 02 Mar 2026

https://github.com/complianceascode/auditree-arboretum

The Auditree common fetchers, checks and harvest reports library.

compliance compliance-as-code compliance-automation continuous-compliance devops devsecops python

Last synced: 15 Apr 2025

https://github.com/mitre/cosa

COSA (Compliance Orchestration Situational Awareness) is a multi-part system which allows teams to integrate compliance into a CI/CD pipeline, shift security left (in the DevSecOps process), and track/report progress towards compliance goals. It orchestrates a series of tests, each of which may be automated, manual, or inherited. As a result, it promotes incremental achievement rather than assuming that 100% automation is possible. Multiple control catalogs are supported. Note that COSA is not a scanner - instead, it uses existing scanners to perform that function, recording the results as attachments.

compliance-as-code compliance-automation continuous-integration cosa governance mitre mitre-corporation mitre-cosa risk-m risk-management

Last synced: 08 Mar 2026

https://github.com/aryaminus/controlkeel

Agent control plane for governed AI coding: validate changes, enforce policy gates, track findings, proofs, and evals based on your habits.

agents ai-agents ai-governance benchmark code-review compliance compliance-as-code devsecops elixir evals llm mcp model-context-protocol observability phoenix policy-as-code security skills tooling

Last synced: 13 Jun 2026

https://github.com/defenseunicorns/lula

A tool for managing compliance as code in your GitHub repositories. :unicorn:

compliance compliance-as-code

Last synced: 04 Oct 2025

https://github.com/paulveillard/cybersecurity-hipaa-compliance

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about HIPAA Compliance in Cybersecurity

compliance compliance-as-code compliance-assessment-tookit compliance-automation compliance-management health healthcare healthcare-application hipaa hipaa-chat hipaa-first hipaa-service hipaa-services regulatory

Last synced: 08 Oct 2025

https://github.com/mitre/compliance-mapper

(WIP) (ALPHA) Compliance Mapper is a web-based rest-api and application for information assurance control mapping

compliance compliance-as-code compliance-service inspec mitre-corporation mitre-inspec

Last synced: 21 Apr 2025

https://github.com/austinsonger/make-hipaa-compliance

Helping Operating Systems become HIPAA Compliant

compliance compliance-as-code hipaa nist

Last synced: 16 Sep 2025

https://github.com/wahidyankf/open-sharia-enterprise

Open-source Sharia-compliant enterprise platform. Building foundations in the open. Early Phase 0, pre-alpha. No timelines—building it right.

compliance-as-code devsecops enterprise erp fintech halal hugo indonesia indonesian islamic-finance monorepo nx open-source pre-alpha sharia-compliant typescript

Last synced: 17 Jan 2026

https://github.com/paulveillard/cybersecurity-compliance-as-code

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Compliance.

compliance compliance-as-code compliance-automation compliance-documents compliance-platform compliance-scripts

Last synced: 07 Jan 2026

https://github.com/grantbirki/auditor-action

The Auditor - A GitHub Action that audits changes made in a pull request, using a customizable configuration

actions auditor automation ci compliance-as-code git-diff review security

Last synced: 07 May 2025

https://github.com/scottlogic/finos-cloud-services-certification

A prototype implementation of the FINOS Cloud Services Certification tests

compliance-as-code finos

Last synced: 27 Jul 2025

https://github.com/KevinRabun/GDPRShiftLeftMCP

GDPR Shift-Left Compliance MCP Server — Azure-focused GDPR compliance automation.

compliance-as-code compliance-automation gdpr gdpr-compliance gdpr-compliant mcp mcp-server

Last synced: 07 Jun 2026

https://github.com/kenithphilip/fedpy

Read-only, evidence-grade automation for FedRAMP 20x & Rev5: a TypeScript collector that captures AWS/GCP/Kubernetes config evidence for all 63 KSIs (223 requirements), benchmarks against NIST 800-53 at Low/Moderate/High, and signs it (Ed25519 + OSCAL) — plus a local multi-user tracker over the FRMR catalog.

aws cloud-security compliance compliance-as-code continuous-monitoring evidence-collection fedramp fedramp-20x gcp grc ksi kubernetes nist-800-53 oscal security-automation typescript

Last synced: 28 Jun 2026

https://github.com/realjkg/adaptcloud

Initial MVP repository with GCP Hardened templates

cloud compliance-as-code compliance-automation compliance-dev hardening security

Last synced: 01 Jun 2026

https://github.com/optum/sourcehawk-scan-github-action

This action runs a sourcehawk scan on the repository source code

compliance-as-code compliance-automation github-actions github-actions-docker sourcehawk

Last synced: 24 Apr 2026

https://github.com/githubfoam/tdi-sandbox2

Compliance as Code, DevSecOps Pipeline,Test-Driven Infrastructure, CIS templates

ansible-role compliance-as-code rake test-driven-infrastructure

Last synced: 18 May 2026

https://github.com/githubfoam/freewheeler

data center as code, data center as compliance, molecule, tox

compliance-as-code molecule tox

Last synced: 27 Apr 2026

https://github.com/optum/sourcehawk

Sourcehawk is an extensible compliance as code tool which allows development teams to run compliance scans on their source code.

compliance compliance-as-code compliance-automation java maven sourcehawk

Last synced: 30 Jan 2026

https://github.com/githubfoam/cjis_sandbox

compliance as code audit CCE-XXXXX-X NIST-800-XX-XX-XX PCI-DSS-Req-X.X.X CJIS-X.X.X

audit cce cijs compliance-as-code nist pci-dss

Last synced: 28 Jan 2026

https://github.com/githubfoam/tdi-sandbox

Compliance as Code, DevSecOps Pipeline,Test-Driven Infrastructure

compliance-as-code devsecops pipeline test-driven-infrastructure test-kitchen

Last synced: 30 Mar 2025

https://github.com/grantbirki/auditor-action-core

The Auditor Action's Core Engine

actions auditor ci compliance-as-code security

Last synced: 18 Feb 2026

https://github.com/hautph/awesome-devsecops

🚀 Curated resources for shifting security left: SAST, DAST, SCA, Container Security, and Compliance as Code for modern DevOps teams.

awesome-list ci-cd cloud-security compliance-as-code dast devsecops infosec sast security

Last synced: 21 Feb 2026

https://github.com/prodcycle/actions

GitHub Action to scan PR changes for compliance violations via ProdCycle API

code-scanner code-scanning compliance compliance-as-a-service compliance-as-code github-actions hipaa hipaa-compliance hipaa-compliant soc2

Last synced: 29 Apr 2026