Welcome to OpenSecOps! This platform provides enterprise-grade security automation for AWS environments through two main products: Foundation and SOAR. Some components have been open-source for a long time and can be used stand-alone.
All products have passed stringent AWS Foundational Technical Reviews and are battle-tested and in active use in the industry.
Cloud infrastructure foundation implementing AWS best practices with features including:
- AWS Control Tower integration
- Centralized logging and archival
- Text-based AWS configuration management
- Single Sign-On (SSO) with multi-factor authentication
- Just-In-Time (JIT) elevated access management
Security automation platform with serverless architecture including:
- AWS Security Hub integration
- Automated incident response with predefined playbooks
- Forensic analysis capabilities
- Ticketing system integration (Jira, ServiceNow)
- AI-powered security reporting
To install OpenSecOps, clone the Installer repository and follow the instructions in its README.
Comprehensive documentation is available in the Documentation repository, including:
- Installation Manual - Complete deployment guide
- Technical Design Specification - Architecture details
- Standard Operating Procedures - Day-to-day management
- Installation Manual - Step-by-step deployment
- Technical Design Specification - Architecture and design
- Standard Operating Procedures - Operational tasks
- Component-specific SOPs:
OpenSecOps is open source under MPL-2.0. The contribution model is a cathedral, not a bazaar: a small core team curates the codebase, and external pull requests are not accepted on any repository. The Trust page explains why; CONTRIBUTING.md covers the operational details.
What is welcomed:
- Bug reports for non-security defects — public, accepted, and acknowledged. Use the bug report template on the affected component repository.
- Vulnerability reports — via the GitHub Security Advisory flow ("Report a vulnerability") on the affected repository. Fallback channel:
security@opensecops.org. Reporters receive named credit per the coordinated-disclosure timeline in each component'sSECURITY.md. - Forking under MPL-2.0 — permitted by the licence; no coordination needed.
Reference documents (all in the OpenSecOps-Org/.github special repository):
- CONTRIBUTING.md — full policy and rationale.
- CODE_OF_CONDUCT.md — community standards.
- SECURITY.md — vulnerability disclosure policy.
Visit our website at https://opensecops.org for product information and stakeholder-focused material. The Trust page is the entry point to the supply-chain posture, governance model, and verification artefacts attached to every release.
The OpenSecOps newsletter provides updates on our open-source AWS security and operations platform. Subscribe to receive announcements about new features, security best practices, implementation tips, and community contributions. We'll share insights about both our Foundation (AWS infrastructure best practices) and SOAR (security automation) components, along with practical guidance for deploying and managing secure cloud environments. This low-volume newsletter helps you stay informed about this project that reduces AWS setup from person-years to just days.
