Releases: MarkAC007/scf-controls-platform-oss
Release list
v0.6.0
🚀 Announcing the SCF Controls Platform — now open source
We're thrilled to release the SCF Controls Platform to the world as open source. It's a
self-hosted Governance, Risk & Compliance (GRC) platform built around the
Secure Controls Framework (SCF) — and you can now run the
whole thing on your own infrastructure, for free.
👉 Learn more: scfcontrolsplatform.com
What it is
A practical home for managing your security and compliance programme:
- Scope controls against 350+ frameworks (ISO 27001, SOC 2, NIST, PCI DSS, NIS2, and more)
- Track control maturity and ownership across your organisation
- Run evidence-collection workflows and keep an audit-ready trail
- Assess inherent and residual risk with a clear, reviewable methodology
It ships as a Docker Compose stack with bundled PostgreSQL, Redis, and MinIO object storage —
no cloud account required. Stand it up locally or on a single VM and you're running.
Bring your own SCF catalogue
The SCF control content is licensed CC BY-ND 4.0,
so we don't redistribute it — instead, the platform ships a catalogue importer: download the
free SCF Excel workbook, point the importer at it, and you're seeded. You stay in control of your
own data, end to end.
The platform itself is licensed GNU AGPL-3.0 — genuinely open, and open to contributions.
Get started in minutes
git clone https://github.com/MarkAC007/scf-controls-platform-oss.git
cd scf-controls-platform-oss
cp .env.example .env # set DB_PASSWORD, API_KEY, OSS_SINGLE_TENANT=1
docker compose --profile init run --rm catalog-importer # bring your own SCF .xlsx
docker compose up -d
docker compose exec backend python -m cli.admin setupThen open http://localhost:5173. Full instructions are in the
README.
Get involved
This is an early release (v0.6.0) — real, usable, and growing. We'd love your help:
- 🐛 Found a bug? Open an issue.
- 💡 Have an idea or a question? Start a
discussion. - 🤝 Want to contribute? Read
CONTRIBUTING.md
and SECURITY.md.
Thanks for taking a look — and welcome aboard. 🎉
Not affiliated with or endorsed by the Secure Controls Framework. SCF content © the Secure
Controls Framework, licensed CC BY-ND 4.0.