GSA open source policy guidance repository with official policy found at

[WIP] development of Inspec tests using the Heimdall Data Format (HDF) specification to create baseline and inheritable Security Controls and Documentation for reuse by TTS Systems

Execute ELF files without dropping them on disk

AWS STS token decoder

Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.

Open source vulnerability DB and triage service.

A repo to conduct vulnerability enrichment.

OSCAL Compass community-wide collaboration space

A workflow automation tool for `compliance-trestle`

The Auditree tool for adding external evidence.

Security automation content in SCAP, Bash, Ansible, and other formats

A repository to hold OSCAL content for demonstrations

Assessment results proof of concept

All major services between AWS, Azure, and GCP are mapped with links pointing to product home pages.

The Compliance Validator

A simple open source command line tool to support common operations over OSCAL content.

An RSpec formatter that allows you to write security focused tests for OSCAL catalogs and produce Assessment Plans and Assessment Results.

KAME repositories for the record

PostgreSQL Database Security Assessment Tool

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

App that simplifies building decision trees to model adverse scenarios

This repository is used to push data to marketplace.fedramp.gov.

Simple and flexible tool for managing secrets

A scaffold/generator to standardize 18F project setup

cloud.gov-related diagrams

Terraform module to create AWS VPC resources 🇺🇦

A curated list of awesome documentation tools