GovReady-Q

GovReady-Q is an open source GRC platform for self-service security assessments and compliance documentation. It targets the bottleneck where applications take months to authorize even though they deploy and redeploy in minutes.

The platform automates assessments and document generation using reusable compliance content built on the NIST OSCAL and OpenControl data standards. Workflows are designed to be self-service so teams can run their own compliance steps rather than depend on manual review.

GovReady-Q is built in Python and licensed under Apache 2.0. It runs as a self-hosted compliance server, and a hosted version is offered by GovReady, making it a fit for DevSecOps teams that authorize applications on a continuous basis.