Compliance

A next-generation file integrity monitoring and change detection system

A powerful tool that enables organizations to discover, manage, and secure privileged access, helping to reduce the risks associated with privileged accounts and activities.

VIDOC is an AI-powered security tool that automates code review, detects and fixes vulnerabilities, and monitors external security, ensuring the integrity of both human-written and AI-generated code in software development pipelines.

A GaaS platform that simplifies and streamlines compliance processes for MSPs, ensuring their policies are properly aligned, authorized, adopted, and assessed.

Retraced is an audit logging solution that provides compliant, searchable audit trails for applications with client libraries for Go and JavaScript.

InfoRisk Today is a key resource for news and insights on information risk management and cybersecurity education.

Allstar is a GitHub App that continuously monitors repositories and organizations for security policy violations, creating alerts when best practices are not followed.

Access Undenied on AWS analyzes CloudTrail AccessDenied events to explain access denial reasons and provide least-privilege remediation suggestions.

A log management solution that optimizes SIEM performance, provides rapid search and troubleshooting, and meets compliance requirements.

A repository of officially managed detection rules for the Falco runtime security monitoring system that identifies threats, abnormal behaviors, and compliance violations through syscall and container event analysis.

Prowler is an open source multi-cloud security assessment tool that performs audits, compliance checks, and security evaluations across AWS, Azure, GCP, and Kubernetes environments.

An automated security response system for Google Cloud that processes Security Command Center findings and executes predefined remediation actions like disk snapshots, IAM revocation, and notifications.

A configurable data destruction toolkit that securely erases sensitive virtual data, temporary files, and swap memory using customizable overwrite methods.

An open-source policy-as-code platform that analyzes multi-cloud and SaaS environments using SQL and YAML policies with GPT integration for security, cost, and architecture assessments.

Bastille-Linux is a system hardening program that proactively configures the system for increased security and educates users about security settings.

Betterscan is an orchestration toolchain that coordinates multiple security tools to scan source code and infrastructure as code for security vulnerabilities, compliance risks, secrets, and misconfigurations.

Watchmen is a framework that centralizes AWS Config rule lambda functions into a single account for streamlined compliance management and automation.

Cloud Custodian is a YAML-based rules engine that manages and enforces security, compliance, and cost optimization policies across AWS, Azure, and GCP cloud environments in real-time.

A container compliance and vulnerability assessment tool that uses OpenSCAP to scan Docker images and running containers for security vulnerabilities and compliance violations.

CustomProcessor is a policy management tool that enables users to create and manage custom policies for IETF policy frameworks through a user-friendly interface.

An open-source script that performs automated security assessments of Docker containers and hosts against CIS Docker Benchmark standards.

A technology-focused blog discussing innovations in painting and the importance of expert painters.

App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.

PacBot is a cloud security platform that provides continuous compliance monitoring, automated policy enforcement, and security reporting through policy-as-code implementation and multi-source data integration.