Open-source GRC toolkit from the GRC Engineering Club. Claude Code plugins for evidence collection, SCF crosswalks, multi-framework gap reports, OSCAL workflows.

Self-hosted Information Security Management System — ISO 27001, NIS2, GDPR/DSGVO, BSI IT-Grundschutz

The most comprehensive open-source mapping of OWASP GenAI risks to industry frameworks — 37 files, 16 frameworks, 3 source lists: LLM Top 10, Agentic Top 10, DSGAI 2026. OT/ICS, EU AI Act, NIST, ISO 27001, ISO 42001, CIS, SAMM, ENISA, NHI, AIVSS.

Adds an AI-powered ChatGPT copilot to verinice.veo

AI-native OSS PM tool in CLI. Purpose-built for regulated software — auto-generates RTM, SCA, OSCAL, HMAC-signed audit packages from plain files in your repo. SOC 2 / ISO 27001 / NYDFS / GDPR ready. Free.

Simulador Gamificado de Segurança da Informação

Automated compliance auditing for Google Workspace using Claude's MCP. Performs 19 security checks covering access control, authentication, and system protection. Maps findings to CMMC, NIST 800-171, NIST CSF, ISO 27001, HIPAA, and FTC Safeguards frameworks. Built for MSPs and Workspace Admins to streamline security assessments.

Web-based diagnostic and self-assessment tool for evaluating ISO/IEC 27001 compliance and ISMS readiness.

A self-hosted control plane for orchestrating and governing AI agent fleets. Built on pure Node.js with zero external dependencies. Features tamper-evident audit logging, role-based access control with MFA, behavioral drift detection, real-time event streaming, and exportable compliance evidence mapped to SOC 2, ISO 27001, and NIST CSF.

78 Cedar policies and 369 rules governing AI coding agents. Every rule traces to a real incident, published CVE, or compliance framework requirement (SOC 2, NIST, ISO 27001, EU AI Act, OWASP).

GRC Risk & Compliance Dashboard | Risk Heatmap, Control Tracking, and Compliance Monitoring (ISO 27001, GDPR, NIST)

Profit Rise Consulting Operations SOP system — 58 installable Agent Skills (Hermes Agent / Openclaw / Vercel skills CLI). Hong Kong consulting firm playbook covering client lifecycle, finance, HR, IT/security, plus dashboard and coding PRDs.

Build and manage a self-hosted information security management system that operates without cloud dependencies and supports compliance efforts.

Checking an API's status

Open-source cloud misconfiguration detection with ML risk scoring, compliance automation, and Terraform remediation. Built with FastAPI + React.

📊 Explore software quality standards with an interactive app featuring SPICE evaluation tools, security management maps, and downloadable resources.

Custodia — a CISO's working fork-and-extension of GRCEngClub/claude-grc-engineering. Stitches statutory baseline (DPDPA / GDPR / SOC 2 / NIST / FedRAMP / PCI / HITRUST) + sectoral overlay (RBI / SEBI / IRDAI / TRAI / CERT-In) + engineering reality into one Claude Code workbook. By Devam Shah.

🔍 GitHub Advanced Security Audit Automation Template - Enterprise-grade compliance automation with OWASP, NIST, and ISO 27001 mapping. Perfect for Pluralsight GHAS course Module 4: Security Audit & Compliance Reporting.

MODULO DE ANALISIS, IDENTIFICIACIÓN Y SELECCION DE NORMAS DE CALIDAD EN SOFTWARE