Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Security automation content in SCAP, Bash, Ansible, and other formats

Wazuh - Docker containers

S.U.P.E.R.M.A.N. optimizes the macOS software update experience.

Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec

Wazuh - Tools for packages creation

Automation Troubleshooting Framework to validate and report configuration, software installed, etc with bash, python, and your language of choice.

Manage, monitor and improve your cyber security posture.

Packer templates to create hardened Ubuntu server images.

A secure, automated script to install and configure OpenVAS (Greenbone Community Edition) from source on Debian 12. Features GPG verification, self-signed SSL, and systemd integration.

Designed for developers and compliance teams, the soc2 CLI tool utilizes the Go programming language and Cobra framework to offer an automated solution for evaluating SOC2 compliance. By assessing key areas such as Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Official OSSEC docker container

Wazuh - Release for Bosh.io

Tools related to Server Farmer compliance with GDPR, PCI DSS, HIPAA and/or other regulations.

CISO360.AI

GItHub Action for cfn-guard and aws-guard-rules-registry

dockerized-cloudsplot, CloudSploit is a security and configuration scanner that can detect hundreds of threats in your AWS account. Don't let a single misstep compromise your entire infrastructure.

Creates a CSV file of `git log` data, useful for audit reports and other "chain of custody" type reports

Security best practices assessment, auditing, hardening and forensics readiness tool for Hadoop clusters

Docker Build for GRC Tool - Eramba is a tool that helps with compliance, risk management, control testing, exception management, etc.