Open Source Tools

Open Source GRC

GRC platforms earn their keep by collapsing the duplicate work of overlapping audits - one control mapped once and reused across SOC 2, ISO 27001, and internal policy - so the value is in the cross-framework mapping, not any single checklist. The open source options here let you maintain that control library, evidence, and framework mappings on your own infrastructure, keeping audit evidence and the relationships between controls in a system you can extend as new frameworks land.

7 grc100% OSI-approved licensesUpdated June 2026
Showing 1-7 of 7
CISO Assistant logo

CISO Assistant

GRC
4.1k

Open source GRC platform for risk, compliance, audit, privacy, and reporting

OtherPythonSelf-host
Comp AI logo

Comp AI

Compliance
1.6k

Open-source compliance platform for SOC 2, ISO 27001, HIPAA, and GDPR with AI agents and 580+ integrations

AGPL-3.0TypeScriptSelf-host
Probo logo

Probo

GRC
1.2k

Self-hostable GRC platform for engineers with web, CLI, MCP, and GraphQL access

MITGoSelf-host
Deming logo

Deming

Compliance
381

Open source ISMS tool for planning, monitoring, and reporting on ISO 27001 security measures

GPL-3.0PHPSelf-host
Openlane logo

Openlane

Compliance
261

Open-source compliance automation for SOC 2, ISO 27001, NIST 800-53, GDPR, and more

Apache-2.0GoSelf-host
GovReady-Q logo

GovReady-Q

GRC
214

Open source GRC platform for self-service security assessments and compliance documentation

OtherPythonSelf-host
OpenRMF logo

OpenRMF

Risk Management Tools
160

Web-based tool for DoD STIG checklists, SCAP and Nessus scans, and NIST RMF reporting

GPL-3.0FreeMarkerSelf-host

Related categories

Inventory Management Software13ERP Software13POS Software3Compliance16Asset Management Software6