Open Source Tools

Open Source Risk Management Tools

Operational risk management is mostly the discipline of keeping a register honest - every risk scored, owned, and reviewed on a cadence - and the tooling matters far less than whether anyone updates it, which is why this stays a thin open source space. The options here give you a self-hosted register for logging risks, assessments, mitigations, and controls with the scoring rules visible and adjustable, so your risk methodology is something you define rather than inherit from a vendor's fixed matrix.

4 risk management tools100% OSI-approved licensesUpdated June 2026
Showing 1-4 of 4
CISO Assistant logo

CISO Assistant

GRC
4.1k

Open source GRC platform for risk, compliance, audit, privacy, and reporting

OtherPythonSelf-host
Probo logo

Probo

GRC
1.2k

Self-hostable GRC platform for engineers with web, CLI, MCP, and GraphQL access

MITGoSelf-host
OpenRMF logo

OpenRMF

Risk Management Tools
160

Web-based tool for DoD STIG checklists, SCAP and Nessus scans, and NIST RMF reporting

GPL-3.0FreeMarkerSelf-host
ISRA Security Risk Assessment Tool logo

ISRA Security Risk Assessment Tool

Risk Management Tools
36

Electron desktop app for ISO 27005 security risk assessments of engineering projects

BSD-4-ClauseJavaScript

Related categories

Inventory Management Software13ERP Software13POS Software3Compliance16Asset Management Software6