Skip to content

Releases: MarkAC007/scf-controls-platform-oss

Release list

v0.6.0

Choose a tag to compare

@github-actions github-actions released this 22 Jun 21:44
fb48783

🚀 Announcing the SCF Controls Platform — now open source

We're thrilled to release the SCF Controls Platform to the world as open source. It's a
self-hosted Governance, Risk & Compliance (GRC) platform built around the
Secure Controls Framework (SCF) — and you can now run the
whole thing on your own infrastructure, for free.

👉 Learn more: scfcontrolsplatform.com

What it is

A practical home for managing your security and compliance programme:

  • Scope controls against 350+ frameworks (ISO 27001, SOC 2, NIST, PCI DSS, NIS2, and more)
  • Track control maturity and ownership across your organisation
  • Run evidence-collection workflows and keep an audit-ready trail
  • Assess inherent and residual risk with a clear, reviewable methodology

It ships as a Docker Compose stack with bundled PostgreSQL, Redis, and MinIO object storage —
no cloud account required. Stand it up locally or on a single VM and you're running.

Bring your own SCF catalogue

The SCF control content is licensed CC BY-ND 4.0,
so we don't redistribute it — instead, the platform ships a catalogue importer: download the
free SCF Excel workbook, point the importer at it, and you're seeded. You stay in control of your
own data, end to end.

The platform itself is licensed GNU AGPL-3.0 — genuinely open, and open to contributions.

Get started in minutes

git clone https://github.com/MarkAC007/scf-controls-platform-oss.git
cd scf-controls-platform-oss
cp .env.example .env            # set DB_PASSWORD, API_KEY, OSS_SINGLE_TENANT=1
docker compose --profile init run --rm catalog-importer   # bring your own SCF .xlsx
docker compose up -d
docker compose exec backend python -m cli.admin setup

Then open http://localhost:5173. Full instructions are in the
README.

Get involved

This is an early release (v0.6.0) — real, usable, and growing. We'd love your help:

Thanks for taking a look — and welcome aboard. 🎉


Not affiliated with or endorsed by the Secure Controls Framework. SCF content © the Secure
Controls Framework, licensed CC BY-ND 4.0.