FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.

Marble - the real time decision engine for fraud and AML

🤖 Admyral enables continuous control monitoring for any custom control

Open source compliance automation for SOC 2, GDPR, ISO27001, NIST 800-53, and more

A web application to streamline the development of STIGs from SRGs

A modern, all-in-one Governance, Risk & Compliance (GRC) solution designed for privacy, security, and compliance teams. As an open-source alternative to Vanta and Drata, this platform empowers teams with full control, flexibility, and transparency—no vendor lock-in, just powerful compliance automation and risk management. ISO27k, GDPR, SOC2, NIST

The Auditree framework tool to run compliance control checks as unit tests.

225+ Claude Code skills & agent plugins for Claude Code, Codex, Gemini CLI, Cursor, and 8 more coding agents — 613 Python tools, 32 agents, 26 slash commands

A schema and set of tools for using SQL to query cloud infrastructure.

Pre-configured response & remediation playbooks for AWS Security Hub

Privacy as Code for DSAR Orchestration: Privacy Request automation to fulfill GDPR, CCPA, and LGPD data subject requests.

CI/CD plugins for image scanning, integrations with AWS ECR, Google Container Registry

OSS license watchdog. Monitors GitHub repos you depend on and alerts you when a license changes, explaining exactly what you can no longer do.

OSCAL tools for AI agents

Check whether a package is ready for submission to rOpenSci's peer-review system

Automate end-to-end AI governance with Microsoft Purview DSPM for AI and Defender for AI. Configure DLP, sensitivity labels, audit logging, and threat detection across M365 Copilot, Microsoft Foundry, Microsoft Fabric, and custom agentic solutions.

A collection of awesome framework, libraries, documents, learning tutorials, resources about SOC 2 tools and processes.

Guardon is an open-source browser extension designed to help developers and security teams catch Kubernetes security issues early in the development lifecycle—before configuration files are merged or deployed to production

CI/CD utils for gardener project

A case study for ACSAC 2022 utilizing OSCAL with a custom GitHub action to automate assessments.