Source for the website providing online SPDX tools

eMASSer is a command-line interface (CLI) that aims to automate routine business use-cases and provide utility surrounding the Enterprise Mission Assurance Support Service (eMASS) by leveraging its…

🚨ATTENTION🚨 The Security Stack Mappings have migrated to the Center’s Mappings Explorer project. See README below. This repository is kept here as an archive.

Joint OMB and CISA homepage for a government-wide effort to move the U.S. government towards zero trust cybersecurity principles.

An attempt at creating a unifying Threat Model Definition Language using a declarative syntax with cuelang

Python library for reading/writing compliance as code

Automate the creation of a System Security Plan (SSP)

Publish a machine readable version of the ARS standards to facilitate compliance as code efforts.

A curated list of OPA related tools, frameworks and articles

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

This project is about creating and publishing threat model examples.

A collaborative platform for reproducible research (web interface and CLI).

Serverless Workshop

Rapid ATO website content focused on demystifying security & compliance at CMS.

MIGRATED: A Typescript Library for working with InSpec data

A list of public penetration test reports published by several consulting firms and academic security groups.

Extensible Validation Reporting Language

A collection of design patterns/idioms in Python

Add Google Cloud Platform support to Terraform

Sample templates for AWS Proton

Bugcrowd’s baseline priority ratings for common security vulnerabilities

LuLu is the free open-source macOS firewall

SolarWinds Orion Account Audit / Password Dumping Utility

This repo contains all the injections mentioned in my talk and enumerators.

Learn to create a desktop app with Python and Qt