ComplianceAsCode/content provides automated security policy content and compliance checks in multiple formats to help organizations enforce and audit security baselines across various platforms.
Security automation content in SCAP, Bash, Ansible, and other formats
This tool is used by security teams and system administrators to automate compliance auditing and remediation across Linux distributions and software products. It enables organizations to assess risk and enforce security policies consistently using SCAP, Ansible, and Bash formats. It is ideal for governance, risk, and compliance (GRC) workflows requiring scalable and maintainable security content.
While Bash scripts are provided for remediation, using Ansible or SCAP data streams is recommended for more robust and maintainable automation. Users should select the format that best fits their deployment environment. The project emphasizes avoiding redundancy by leveraging a unified YAML rule format and templating system. Regularly update from the repository or releases to incorporate the latest security content and profiles.
Clone the repository from GitHub: git clone https://github.com/ComplianceAsCode/content.git
Navigate to the cloned directory: cd content
Refer to the online documentation for build and usage instructions: https://complianceascode.readthedocs.io/
Download release ZIP archives from the GitHub releases page for prebuilt content
Use Ansible Galaxy to install Ansible playbooks if preferredRun Ansible playbooks in check mode
Evaluate system compliance without making changes
Run Ansible playbooks in run mode
Apply security fixes to bring systems into compliance
Execute Bash fix scripts
Apply compliance fixes directly on systems when other automation is not available