Openlane

Openlane is an open-source compliance automation platform for running security and governance programs against frameworks like SOC 2, ISO 27001, NIST 800-53, and GDPR. It replaces the spreadsheets teams use to prepare for audits with structured programs that carry pre-built templates, controls, and risks.

The platform automates task assignment with configurable workflows, reminders, and escalation, and handles evidence upload and approval, policy editing, and questionnaires for staff, auditors, and vendors. It adds automated domain scanning, vulnerability management with GitHub, AWS Security Hub, and GCP Security Command Center, RBAC, multiple auth methods, and organization-wide SSO.

Built in Go around an entity framework and a GraphQL API, Openlane offers a hosted cloud console alongside a self-hosted path: the core server and an open-source UI run locally or in Kubernetes from GitHub registry images. A Homebrew-installable CLI drives the API. It is licensed under Apache-2.0.