Repositories list

• repo-template

  Public template
  Apache License 2.0

  •0•0•0•2•Updated Jan 24, 2025Jan 24, 2025

• Cloudits

  Public template
  Cloudit automates compliance with evidence collection. Cloudit streamlines vulnerability tracking, audit workflows, and compliance reporting by gathering artifacts, comparing findings, and generating actionable plans—keeping your organization audit-ready at all times.

  awssecurityjira+ 17azuregcpauditpci-dsscomplianceelasticgrc+ 10

  Python

  •

  Apache License 2.0

  •0•0•14•0•Updated Jan 24, 2025Jan 24, 2025

• TenableTrawler

  Public template
  TenableTrawler (Cloud OR FedCloud) is a Python project that pulls scan results via the Tenable API, laying them into organized, POAM-ready outputs. It supports various scans and exports in formats like CSV, JSON, and YAML.

  vulnerabilitynessusvulnerability-scanners+ 10fedramptenablevulnerability-scanningnessus-scannernessus-parseriso-27001poam+ 3

  Python

  •

  Apache License 2.0

  •0•0•2•0•Updated Jan 23, 2025Jan 23, 2025

• TheToolkit

  Public template
  Toolkit is a organized project of all of other projects into one if a organization needs to use them all.

  Apache License 2.0

  •0•0•0•0•Updated Jan 22, 2025Jan 22, 2025

• InspectorGadget

  Public template
  Pulls scan results using the AWS Inspector API, combines various AWS Inspector scan results, and formats them scan results into an organized output that is POAM-ready.

  awspci-dssfedramp+ 3vulnerability-scanningiso-27001soc-2

  Python

  •

  Apache License 2.0

  •0•0•0•0•Updated Jan 22, 2025Jan 22, 2025

• RampScout

  Public template
  Creates a Inventory Excel Spreadsheet Using FedRAMP Template for AWS, Azure, GCP

  awsnistazure+ 6gcpfedrampasset-managementtx-rampstaterampcloud-assets

  Python

  •

  Apache License 2.0

  •0•1•4•0•Updated Jan 22, 2025Jan 22, 2025

• .github

  Public
  0•0•0•0•Updated Jan 15, 2025Jan 15, 2025

• terraform-aws-inspector

  Public
  Terraform module to provision AWS Inspector

  HCL

  •

  Apache License 2.0

  •15•0•0•0•Updated Jan 1, 2025Jan 1, 2025

• POAM-Pilot

  Public archive
  The POAM Pilot is a application designed to streamline the tracking, management, and reporting of security vulnerabilities and compliance requirements.

  nistfedramppoam+ 2tx-rampstateramp

  Python

  •

  Other

  •1•2•0•0•Updated Dec 23, 2024Dec 23, 2024

• github-action-atmos-component-updater

  Public
  GitHub Action that can be used as workflow for automatic update via Pull Requests infrastructure repository according to versions to components sources

  Python

  •

  Apache License 2.0

  •2•0•0•0•Updated Dec 23, 2024Dec 23, 2024

• AutoPilot-Audit

  Public archive
  This repository automates the collection and management of evidence from various tools and sources, committing the data for transparency and traceability. It's designed to gather evidence that tools like Vanta and others aren't built to collect.

  auditgrcfedramp+ 7evidencesoc2federalpoamevidence-collectiontx-rampstateramp

  Python

  •0•1•43•0•Updated Dec 19, 2024Dec 19, 2024

• AutoPilot-POAMatrix

  Public archive
  Focuses on automating the management of Plans of Action and Milestones (POAM) using GitHub Actions and various external integrations.

  sspfedramppoam+ 2tx-rampstateramp

  Python

  •0•2•0•0•Updated Dec 19, 2024Dec 19, 2024

• Informational

  Public
  securitypci-dsscompliance+ 5fedrampsoc2iso-27001soc-2stateramp

  0•0•41•0•Updated Oct 3, 2024Oct 3, 2024

• RampControl

  Public archive
  RampControl manages and tracks security compliance per FedRAMP requirements. It allows users to add new system security plans, manage POA&M entries, and export data in OSCAL format.

  compliancegrcfedramp+ 3nist800-53poamgovernance-risk-compliance

  Python

  •1•1•4•0•Updated Jul 23, 2024Jul 23, 2024

• InspectorBuddy

  Public archive
  [NOT PRODUCTION READY] This GitHub Action allows you to scan EC2 instances for software vulnerabilities using Amazon Inspector from your GitHub Actions workflows. Both agent-based and agentless scans are supported. Additionally, this action can create Jira tickets for each new individual vulnerability detected.

  Python

  •0•1•0•0•Updated Jun 11, 2024Jun 11, 2024

• POAMBuddy

  Public archive
  [Not Production Ready] This repository automates the extraction vulnerability and flaw data from vulnerability sources and then generate a Plan of Actions and Milestones (POAM), addressing identified security issues effectively.

  nistfedramppoam

  JavaScript

  •0•2•0•0•Updated Jun 11, 2024Jun 11, 2024

• proof-of-concept-cloud-evidence-collection

  Public
  Point of Concept: To help to automate the collection of evidence for SOC 2 Audits and etc.

  fedrampiso27001soc2

  Shell

  •4•9•0•0•Updated May 13, 2024May 13, 2024

• DataDemise

  Public
  DataDemise is an application for certifying and verifying the destruction of data stored across various cloud providers. It ensures secure and verifiable destruction of data, providing certificates as proof of destruction.

  data-sciencedata-structuresinformation-security+ 7data-cleaningcyber-securitydata-verificationdata-destructiondata-sanitizationproof-of-destructiondestruction-of-data

  Go

  •0•0•1•1•Updated Apr 19, 2024Apr 19, 2024