Delve
AI-native compliance automation with agent-based evidence collection
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Security compliance platform tracking progress across multiple frameworks
Self-hosted compliance management platform supporting SOC2, ISO27001, NIST, HIPAA, and six other security frameworks with multi-tenancy, SSO, and auditor collaboration.
Gapps is a self-hosted security compliance platform designed for organizations tracking their progress against industry-standard security frameworks. It consolidates compliance management for SOC2, NIST CSF, NIST-800-53, CMMC, HIPAA, ASVS, ISO27001, CSC CIS18, PCI DSS, and SSF into a unified dashboard.
The platform provides control tracking, project oversight, and risk register functionality. Multi-tenancy support enables managed service providers and enterprises to segment compliance programs by business unit or client. OIDC-based single sign-on streamlines authentication, while auditor collaboration features facilitate evidence sharing and review workflows. File storage integrates with S3 and Google Cloud Storage for artifact management.
Gapps runs via Docker Compose with PostgreSQL as the backing database. Organizations can load custom frameworks by defining controls and subcontrols in JSON format, enabling adaptation to proprietary or emerging compliance requirements. The platform supports both containerized production deployments and local development configurations with Flask.
When teams consider Gapps, these hosted platforms usually appear on the same shortlist.
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
MSP Multi-Client SOC2 Management
Service provider tracks SOC2 Type II progress for 15 clients in isolated tenants with auditor-shared evidence repositories
Healthcare HIPAA + NIST Dual Compliance
Hospital system maps overlapping controls across HIPAA and NIST 800-53 frameworks to reduce duplicate audit effort
Government Contractor CMMC Preparation
Defense subcontractor uses control dashboard to demonstrate CMMC Level 2 readiness during pre-assessment
Custom Framework for Industry Regulation
Financial institution loads proprietary regulatory framework via JSON to track state-specific compliance requirements
Unset SQLALCHEMY_DATABASE_URI and POSTGRES_HOST environment variables when running within Docker, or configure them to point to your external PostgreSQL instance with proper host, user, password, and database values.
Yes. Create a JSON file defining controls and subcontrols, save it to app/files/base_controls/ (or your FRAMEWORK_FOLDER path), then create a new tenant or use the 'Reload Frameworks' button on an existing tenant.
Edit the image version in docker-compose.yml (four instances), run docker-compose up -d, then perform database migration using the documented docker exec commands to update schema changes.
Set the RESET_DB environment variable to 'yes' before starting Gapps. Warning: this deletes all existing data in the database.
Yes. Start the PostgreSQL container separately, expose its ports, set POSTGRES_HOST to localhost, configure database environment variables, and run 'export FLASK_CONFIG=development;bash run.sh' to start the application.
Project at a glance
StableLast synced 4 days ago
