Open Source Tools

Open Source Compliance

Compliance work lives or dies on evidence - not whether a control exists, but whether you can produce proof it operated, on demand, when an auditor asks. The open source tools here track controls, risks, and the evidence behind them inside systems you host and can export from cleanly, so your audit-ready record stays under your control and never gets stranded in a platform you have to keep paying to read.

16 compliance100% OSI-approved licensesUpdated June 2026

Showing 1-9 of 16

Trivy

All-in-one security scanner for containers, code, and Kubernetes

Apache-2.0GoSelf-host

ZITADEL

Open-source identity infrastructure for SSO, MFA, passkeys, OIDC, SAML, and SCIM

AGPL-3.0GoSelf-host

Prowler

Open-source cloud security platform for automated checks, compliance frameworks, and multi-cloud assessments

Apache-2.0PythonSelf-host

Checkov

Static analysis that catches misconfigurations in infrastructure as code

Apache-2.0PythonSelf-host

CloudQuery

Cloud asset inventory and data pipeline tool for syncing cloud config, security, and FinOps data

MPL-2.0GoSelf-host

CISO Assistant

Open source GRC platform for risk, compliance, audit, privacy, and reporting

OtherPythonSelf-host

ComplianceAsCode

Security policy content in SCAP, Ansible, Bash, and CEL for compliance automation

OtherShellSelf-host

konstruktoid Hardening

Ubuntu Server hardening scripts for systemd systems with UFW, auditd, and kernel module controls

Apache-2.0ShellSelf-host

Comp AI

Open-source compliance platform for SOC 2, ISO 27001, HIPAA, and GDPR with AI agents and 580+ integrations

AGPL-3.0TypeScriptSelf-host

Related categories

Inventory Management Software13 ERP Software13 POS Software3 Asset Management Software6 Supply Chain Management10