Projects in Awesome Lists tagged with compliance-as-code
A curated list of projects in awesome lists tagged with compliance-as-code .
https://github.com/HummerRisk/HummerRisk
HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。
cloud-custodian cloud-native cloud-native-security compliance compliance-as-code cspm k8s-security kubernetes-security prowler sbom security trivy vulnerability
Last synced: 01 May 2025
https://github.com/hummerrisk/hummerrisk
HummerRisk 是云原生安全平台,包括混合云安全治理和云原生安全检测。
cloud-custodian cloud-native cloud-native-security compliance compliance-as-code cspm k8s-security kubernetes-security prowler sbom security trivy vulnerability
Last synced: 14 May 2025
https://github.com/admyral-technologies/admyral
🤖 Admyral enables continuous control monitoring for any custom control
ai-assistant automation compliance-as-code compliance-automation compliance-platform control copilot cybersecurity gpt grc llm nextjs open-source python security security-automation security-compliance soar typescript workflow
Last synced: 13 Dec 2025
https://github.com/awslabs/aws-config-engine-for-compliance-as-code
Manage AWS Config Rules at scale in AWS multi-account and/or multi-region environment; with fully configurable deployment (RuleSets) and analytics.
aws-config compliance-as-code multi-account
Last synced: 16 May 2025
https://github.com/ansible-lockdown/UBUNTU22-CIS
Ansible role for Ubuntu22 CIS Baseline
ansible ansible-role benchmark cis cis-benchmark cis-standards compliance-as-code compliance-automation security security-automation security-hardening security-tools ubuntu-server ubuntu22 ubuntu2204
Last synced: 10 Apr 2025
https://github.com/ansible-lockdown/Windows-2019-CIS
CIS Baseline Ansible Role for Windows 2019
ansible ansible-playbook ansible-role benchmark benchmark-framework cis cis-benchmark cis-compliant cis-standards compliance-as-code compliance-automation hardening security security-automation security-tools windows windows-2019 windows-server windows-server-2019
Last synced: 04 Sep 2025
https://github.com/ansible-lockdown/RHEL9-CIS
Ansible role for Red Hat 9 CIS Baseline
ansible ansible-playbook ansible-role benchmark benchmark-framework cis cis-benchmark compliance-as-code compliance-automation redhat9 rhel rhel9 security security-automation security-tools
Last synced: 08 Apr 2025
https://github.com/ansible-lockdown/rhel9-cis
Ansible role for Red Hat 9 CIS Baseline
ansible ansible-playbook ansible-role benchmark benchmark-framework cis cis-benchmark compliance-as-code compliance-automation redhat9 rhel rhel9 security security-automation security-tools
Last synced: 12 Apr 2025
https://github.com/aws-samples/aws-control-tower-controls-terraform
This repository describes how to use AWS Control Tower controls, HashiCorp Terraform, and infrastructure as code (IaC) to implement and administer preventive, detective, and proactive security controls. A control (also known as a guardrail) is a high-level rule that provides ongoing governance for your overall AWS Control Tower environment.
aws-control-tower aws-organizations cloud-native compliance compliance-as-code governance identity infrastructure infrastructure-as-code management security
Last synced: 24 Jun 2026
https://github.com/gjyoung1974/soc2-policy-templates
Template SOC2 Policy Authority - documentation pipeline
compliance compliance-as-code documentation-automation documentation-generator documentation-pipeline policy-as-code security security-automation soc2
Last synced: 30 Mar 2025
https://github.com/ansible-lockdown/rhel8-stig
Ansible role for Red Hat 8 STIG Baseline
ansible ansible-role ansible-roles benchmark benchmark-framework compliance-as-code compliance-automation disa-stig redhat8 remediation rhel rhel8 security security-hardening stig stig-compliant
Last synced: 04 Apr 2025
https://github.com/paulveillard/cybersecurity-soar
A collection of awesome framework, libraries, learning tutorials, videos, webcasts, technical resources and cool stuff about Security Orchestration, Automation and Response (SOAR).
compliance-as-code compliant cyber-threat-intelligence design-patterns hacking-tools incident-management incident-matrix incident-response ios-hacking orchestration orchestration-services os-hardening regulatory scalability scalable-applications security-hardening siem soar
Last synced: 30 Jan 2026
https://github.com/goldfiglabs/introspector
A schema and set of tools for using SQL to query cloud infrastructure.
aws aws-security cloud-infrastructure cloud-security cloudsecurity cmdb compliance-as-code compliance-automation cspm database-schema devsecops iam infosec infrastructure-as-deployed postgres secops security security-groups security-tools sql
Last synced: 10 May 2025
https://github.com/complianceascode/auditree-framework
The Auditree framework tool to run compliance control checks as unit tests.
compliance compliance-as-code compliance-automation continuous-compliance devops devsecops python
Last synced: 10 Apr 2025
https://github.com/deepfence/deepfence_runtime_api
Deepfence Runtime API & code samples
circle-ci cloud-native compliance-as-code containers deepfence firewall intrusion-prevention-system jenkins kubernetes microsegmentation microservices multicloud security-as-code security-automation security-scanner security-tools vulnerability-management
Last synced: 10 May 2025
https://github.com/ethyca/fidesops
Privacy as Code for DSAR Orchestration: Privacy Request automation to fulfill GDPR, CCPA, and LGPD data subject requests.
compliance compliance-as-code compliance-automation data-privacy gdpr gdpr-compliant privacy privacy-as-code
Last synced: 04 Apr 2025
https://github.com/GoogleCloudPlatform/gcp-hardening-toolkit
Deep GCP security hardening via automated triage and state-aware IaC. Built to power rapid, agile task-force engagements and remediate complex brownfield environments at scale.
compliance-as-code gcp gemini-cli-extension google-cloud-platform policy-as-code security-hardening terraform
Last synced: 24 Jun 2026
https://github.com/googlecloudplatform/gcp-hardening-toolkit
Deep GCP security hardening via automated triage and state-aware IaC. Built to power rapid, agile task-force engagements and remediate complex brownfield environments at scale.
compliance-as-code gcp gemini-cli-extension google-cloud-platform policy-as-code security-hardening terraform
Last synced: 29 Apr 2026
https://github.com/ready-to-release/eac
Audit-ready Continuous Delivery for regulated industries.
audit automation-framework cli compliance-as-code continuous-delivery devops-platform devsecops-pipeline documentation dora-devops gherkin regulated-industry-blueprints traceability
Last synced: 30 May 2026
https://github.com/zsolt-halo/aws-config-advanced-query
A collection of useful queries that can be used to verify compliance/security across your AWS assets
aws aws-athena aws-config aws-config-rules compliance-as-code rdk
Last synced: 24 Dec 2025
https://github.com/ansible-lockdown/AMAZON2-CIS
Ansible role for Amazon Linux 2 CIS Baseline
amazon-linux amazon-linux-2 ansible ansible-playbook ansible-role benchmark benchmark-framework cis cis-benchmark compliance-as-code compliance-automation security security-automation security-tools
Last synced: 16 Apr 2025
https://github.com/paulveillard/cybersecurity-soc-compliance
A collection of awesome framework, libraries, documents, learning tutorials, resources about SOC 2 tools and processes.
compliance-as-code compliance-automation compliance-service security-compliance soc2 soc2-classification-nonproduction soc2-classification-production soc2-evidence soc2-platform
Last synced: 07 Jan 2026
https://github.com/undergroundwires/ez-consent
🍪 Minimal & vanilla JS only cookie consent banner with no dependencies with Google consent mode support
compliance-as-code consent-mode cookie-banner cookie-consent cookie-consent-banner cookie-law gdpr google-tag-manager privacy
Last synced: 02 Mar 2026
https://github.com/complianceascode/auditree-arboretum
The Auditree common fetchers, checks and harvest reports library.
compliance compliance-as-code compliance-automation continuous-compliance devops devsecops python
Last synced: 15 Apr 2025
https://github.com/complianceascode/auditree-harvest
The Auditree data gathering and reporting tool.
compliance compliance-as-code compliance-automation continuous-compliance devops devsecops python
Last synced: 15 Apr 2025
https://github.com/complianceascode/auditree-plant
The Auditree tool for adding external evidence.
compliance compliance-as-code compliance-automation continuous-compliance devops devsecops python
Last synced: 15 Apr 2025
https://github.com/mitre/cosa
COSA (Compliance Orchestration Situational Awareness) is a multi-part system which allows teams to integrate compliance into a CI/CD pipeline, shift security left (in the DevSecOps process), and track/report progress towards compliance goals. It orchestrates a series of tests, each of which may be automated, manual, or inherited. As a result, it promotes incremental achievement rather than assuming that 100% automation is possible. Multiple control catalogs are supported. Note that COSA is not a scanner - instead, it uses existing scanners to perform that function, recording the results as attachments.
compliance-as-code compliance-automation continuous-integration cosa governance mitre mitre-corporation mitre-cosa risk-m risk-management
Last synced: 08 Mar 2026
https://github.com/aryaminus/controlkeel
Agent control plane for governed AI coding: validate changes, enforce policy gates, track findings, proofs, and evals based on your habits.
agents ai-agents ai-governance benchmark code-review compliance compliance-as-code devsecops elixir evals llm mcp model-context-protocol observability phoenix policy-as-code security skills tooling
Last synced: 13 Jun 2026
https://github.com/defenseunicorns/lula
A tool for managing compliance as code in your GitHub repositories. :unicorn:
Last synced: 04 Oct 2025
https://github.com/complianceascode/auditree-prune
The Auditree evidence removal tool.
compliance compliance-as-code compliance-automation continuous-compliance devops devsecops python
Last synced: 15 Apr 2025
https://github.com/paulveillard/cybersecurity-hipaa-compliance
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about HIPAA Compliance in Cybersecurity
compliance compliance-as-code compliance-assessment-tookit compliance-automation compliance-management health healthcare healthcare-application hipaa hipaa-chat hipaa-first hipaa-service hipaa-services regulatory
Last synced: 08 Oct 2025
https://github.com/mitre/compliance-mapper
(WIP) (ALPHA) Compliance Mapper is a web-based rest-api and application for information assurance control mapping
compliance compliance-as-code compliance-service inspec mitre-corporation mitre-inspec
Last synced: 21 Apr 2025
https://github.com/austinsonger/make-hipaa-compliance
Helping Operating Systems become HIPAA Compliant
compliance compliance-as-code hipaa nist
Last synced: 16 Sep 2025
https://github.com/wahidyankf/open-sharia-enterprise
Open-source Sharia-compliant enterprise platform. Building foundations in the open. Early Phase 0, pre-alpha. No timelines—building it right.
compliance-as-code devsecops enterprise erp fintech halal hugo indonesia indonesian islamic-finance monorepo nx open-source pre-alpha sharia-compliant typescript
Last synced: 17 Jan 2026
https://github.com/paulveillard/cybersecurity-compliance-as-code
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Compliance.
compliance compliance-as-code compliance-automation compliance-documents compliance-platform compliance-scripts
Last synced: 07 Jan 2026
https://github.com/grantbirki/auditor-action
The Auditor - A GitHub Action that audits changes made in a pull request, using a customizable configuration
actions auditor automation ci compliance-as-code git-diff review security
Last synced: 07 May 2025
https://github.com/scottlogic/finos-cloud-services-certification
A prototype implementation of the FINOS Cloud Services Certification tests
Last synced: 27 Jul 2025
https://github.com/KevinRabun/GDPRShiftLeftMCP
GDPR Shift-Left Compliance MCP Server — Azure-focused GDPR compliance automation.
compliance-as-code compliance-automation gdpr gdpr-compliance gdpr-compliant mcp mcp-server
Last synced: 07 Jun 2026
https://github.com/kenithphilip/fedpy
Read-only, evidence-grade automation for FedRAMP 20x & Rev5: a TypeScript collector that captures AWS/GCP/Kubernetes config evidence for all 63 KSIs (223 requirements), benchmarks against NIST 800-53 at Low/Moderate/High, and signs it (Ed25519 + OSCAL) — plus a local multi-user tracker over the FRMR catalog.
aws cloud-security compliance compliance-as-code continuous-monitoring evidence-collection fedramp fedramp-20x gcp grc ksi kubernetes nist-800-53 oscal security-automation typescript
Last synced: 28 Jun 2026
https://github.com/realjkg/adaptcloud
Initial MVP repository with GCP Hardened templates
cloud compliance-as-code compliance-automation compliance-dev hardening security
Last synced: 01 Jun 2026
https://github.com/optum/sourcehawk-scan-github-action
This action runs a sourcehawk scan on the repository source code
compliance-as-code compliance-automation github-actions github-actions-docker sourcehawk
Last synced: 24 Apr 2026
https://github.com/theopenlane/.github
global github organization repo with templates and settings
audit compliance compliance-as-code compliance-automation gdpr grc hipaa iso27001 nist800-53 open-source openlane opensource soc2 sox
Last synced: 19 Mar 2026
https://github.com/githubfoam/tdi-sandbox2
Compliance as Code, DevSecOps Pipeline,Test-Driven Infrastructure, CIS templates
ansible-role compliance-as-code rake test-driven-infrastructure
Last synced: 18 May 2026
https://github.com/githubfoam/compliance-as-code-pipeline
compliance as code
compliance-as-code compliance-automation debian hipaa pci-dss redhat scap-workbench stig suse
Last synced: 30 Apr 2026
https://github.com/githubfoam/freewheeler
data center as code, data center as compliance, molecule, tox
compliance-as-code molecule tox
Last synced: 27 Apr 2026
https://github.com/optum/sourcehawk
Sourcehawk is an extensible compliance as code tool which allows development teams to run compliance scans on their source code.
compliance compliance-as-code compliance-automation java maven sourcehawk
Last synced: 30 Jan 2026
https://github.com/githubfoam/cjis_sandbox
compliance as code audit CCE-XXXXX-X NIST-800-XX-XX-XX PCI-DSS-Req-X.X.X CJIS-X.X.X
audit cce cijs compliance-as-code nist pci-dss
Last synced: 28 Jan 2026
https://github.com/githubfoam/tdi-sandbox
Compliance as Code, DevSecOps Pipeline,Test-Driven Infrastructure
compliance-as-code devsecops pipeline test-driven-infrastructure test-kitchen
Last synced: 30 Mar 2025
https://github.com/grantbirki/auditor-action-core
The Auditor Action's Core Engine
actions auditor ci compliance-as-code security
Last synced: 18 Feb 2026
https://github.com/hautph/awesome-devsecops
🚀 Curated resources for shifting security left: SAST, DAST, SCA, Container Security, and Compliance as Code for modern DevOps teams.
awesome-list ci-cd cloud-security compliance-as-code dast devsecops infosec sast security
Last synced: 21 Feb 2026
https://github.com/prodcycle/actions
GitHub Action to scan PR changes for compliance violations via ProdCycle API
code-scanner code-scanning compliance compliance-as-a-service compliance-as-code github-actions hipaa hipaa-compliance hipaa-compliant soc2
Last synced: 29 Apr 2026