FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.

Marble - the real time decision engine for fraud and AML

🤖 Admyral enables continuous control monitoring for any custom control

Open source compliance automation for SOC 2, GDPR, ISO27001, NIST 800-53, and more

338 AI skills across 16 domains. PM is the deepest (66 skills — discovery, execution, strategy frameworks, GTM, Jira/Linear/Notion). Plus engineering, marketing, C-level (CAIO/CDO/CCO/GC/VPE), compliance + audit-prep, new research/ domain, vertical advisors. 74 expert agents, 784+ stdlib Python tools. 11 AI assistants.

🔥A modern, all-in-one Governance, Risk & Compliance (GRC) solution designed for privacy, security, and compliance teams. As an open-source alternative to Vanta and Drata, this platform empowers teams with full control, flexibility, and transparency—no vendor lock-in, just powerful compliance automation and risk management. ISO27k, GDPR, SOC2, NIST

A web application to streamline the development of STIGs from SRGs

The Auditree framework tool to run compliance control checks as unit tests.

A schema and set of tools for using SQL to query cloud infrastructure.

Pre-configured response & remediation playbooks for AWS Security Hub

Automate end-to-end AI governance with Microsoft Purview DSPM for AI and Defender for AI. Configure DLP, sensitivity labels, audit logging, and threat detection across M365 Copilot, Microsoft Foundry, Microsoft Fabric, and custom agentic solutions.

Privacy as Code for DSAR Orchestration: Privacy Request automation to fulfill GDPR, CCPA, and LGPD data subject requests.

OSCAL tools for AI agents

CI/CD plugins for image scanning, integrations with AWS ECR, Google Container Registry

OSS license watchdog. Monitors GitHub repos you depend on and alerts you when a license changes, explaining exactly what you can no longer do.

Guardon is an open-source browser extension designed to help developers and security teams catch Kubernetes security issues early in the development lifecycle—before configuration files are merged or deployed to production

A collection of awesome framework, libraries, documents, learning tutorials, resources about SOC 2 tools and processes.

Check whether a package is ready for submission to rOpenSci's peer-review system

CI/CD utils for gardener project

A case study for ACSAC 2022 utilizing OSCAL with a custom GitHub action to automate assessments.