● Open Source
OSCALFlow
Automated OSCAL compliance documentation for GitHub repositories.
A TypeScript tool that automatically generates OSCAL-compliant compliance documentation from your GitHub repositories. Connect your repo and OSCALFlow produces machine-readable security documentation β ready for FedRAMP and NIST workflows.
π GitHub Integration
Connect to any GitHub repository. OSCALFlow analyzes your codebase and infrastructure to generate compliance documentation automatically.
π OSCAL Output
Produces OSCAL JSON and YAML β the machine-readable format required by OMB mandates and FedRAMP automation workflows.
βοΈ CI/CD Ready
Run in your GitHub Actions pipeline. Documentation stays up to date as your code evolves β no manual updates required.
πΊοΈ Control Mapping
Automatically maps repository contents to NIST SP 800-53 controls. Understand your compliance posture as code changes.
π¦ TypeScript / Node.js
Written in TypeScript. Drop into any Node.js-capable environment. Open source and extensible.
π Open Source
Free, open source, and MIT licensed. Contribute, fork, extend, or deploy as part of your compliance automation pipeline.
See It in Action
Who Is This For?
ποΈ DevSecOps Teams
Automate the documentation side of DevSecOps. OSCAL output flows directly into compliance workflows without manual effort.
ποΈ Federal System Owners
OMB requires OSCAL. OSCALFlow generates it automatically from what you already have β your code.
πΌ ATO Package Preppers
Dramatically reduce the documentation effort for an Authorization to Operate. Baseline OSCAL artifacts ready in minutes.