A curated list of awesome resources, tools, and projects related to Gemara - the GRC Engineering Model for Automated Risk Assessment
- Project Resources
- Tools
- Libraries & SDKs
- Documentation & Learning
- Examples & Implementations
- Contributing
General resources from Gemara project under OpenSSF.
- Gemara Website - Official Gemara documentation and resources
- The Model - Foundational layer model describing the seven categorical layers of GRC activities (Guidance, Controls, Policy, Evaluation, Enforcement, and Audit)
- GitHub Repository - Official Gemara source code repository
Tools that implement or use Gemara for GRC automation.
- gemara-mcp - MCP server for creating, iterating on, and validating Gemara artifacts with AI-assisted workflows
- ComplyTime - Engineering-first, API-driven framework designed to automate and unify compliance across the modern, cloud-native landscape; includes complyctl and complytime-policies
- Privateer - Plugin harness for Layer 5 compatible evaluations
- OSPS Baseline GitHub Action - Open Source Project Security Baseline Scanner for GitHub Repositories (built using Privateer)
Language-specific libraries and SDKs for working with Gemara.
- go-gemara - Go SDK for parsing, reading, writing, and manipulating Gemara documents
Documentation, guides, and learning resources for understanding and using Gemara.
- Gemara Model Documentation - Comprehensive guide to the Gemara model layers
- Schema Reference - Complete CUE schema documentation and validation guides
- Quick Start Guide - Getting started with Gemara based on your needs (building tools, validating documents, or understanding GRC structure)
Real-world implementations and examples using Gemara in production environments.
- Open Source Project Security Baseline - Layer 2 security baseline for open source projects
- FINOS Common Cloud Controls - Layer 2 controls for cloud environments
Your contributions are always welcome! Please take a look at the contribution guidelines first.