Welcome to OpenSecOps: Our Journey to Open Source

[PeterBengtson]

We're excited to announce that OpenSecOps is now fully available as an open source project! This marks a significant milestone in our journey to provide enterprise-grade security automation to the AWS community.

Here's the announcement on our blog: https://www.opensecops.org/blog/our-full-transition-to-open-source

Why We've Gone Open Source

Following the liquidation of Delegat AB in November 2024, we made the strategic decision to release OpenSecOps under the Mozilla Public License 2.0. This transition ensures:

• Continuity for existing customers: Guaranteed access to source code and future improvements
• Community-driven evolution: Security practitioners can now contribute to enhancing the platform
• Broader accessibility: Organizations of all sizes can implement AWS security best practices
• Transparency and trust: Security tools should be open to inspection and verification

What is OpenSecOps?

OpenSecOps consists of two main product families:

Foundation

A cloud infrastructure foundation that implements AWS best practices with features like:

• AWS Control Tower integration
• Centralized logging and archival
• Text-based AWS configuration management
• SSO with multi-factor authentication
• Least-privilege IAM roles
• Just-In-Time elevated access

SOAR (Security Orchestration, Automation, and Response)

A security automation platform with a fully serverless architecture featuring:

• AWS Security Hub integration
• Automated incident response with predefined playbooks
• Automated remediation of common security flaws
• Forensic analysis capabilities
• Ticketing system integration
• AI-powered security reporting

Our Security-First Approach

This is not a typical open source project seeking rapid community growth at any cost. OpenSecOps is a security-critical system used by enterprises in regulated industries, including FinTech. Our governance model reflects this reality:

• All contributions undergo thorough security review
• Changes are cautiously reviewed to protect existing deployments
• We maintain stringent verification requirements
• Security and stability take precedence over feature velocity

Getting Started

1. Check out our link for deployment instructions
2. Review the Technical Design Specifications for architectural insights
3. Read the Standard Operating Procedures for day-to-day management
4. Join the community Discord/Slack for real-time discussions

Join Our Community

We welcome your questions, feedback, and contributions! This Discussions forum is the perfect place to:

• Ask questions about implementation and configuration
• Share your experiences and success stories
• Suggest improvements or new features
• Connect with other security practitioners

We're thrilled to begin this open source journey and look forward to building a vibrant security community together.

The OpenSecOps Team