FAQ
1. What is opencomply?
Security and compliance shouldn't be a barrier to progress. The entire approach should be reimagined: adaptable to your unique technology stack and requirements, automated to eliminate busywork, accessible to all teams (even non-security and non-technical teams), and agile enough to keep pace with evolving technology.
That’s why opencomply.io was created.
OpenComply.io offers a community edition (with open source code) and a commercial edition.
2. How is opencomply different from Steampipe or CloudQuery?
OpenComply, Steampipe, and CloudQuery all help make resource data accessible and queryable. However, OpenComply builds on top of these capabilities by adding several layers beyond simple querying:
Built-In UI & API OpenComply provides a user-friendly interface and a robust API—enabling teams to collaborate without relying solely on command-line queries.
Stateful Data & History Rather than running point-in-time queries, OpenComply stores data in a “stateful” manner, allowing you to reference, compare, and audit historical snapshots across different environments over time.
Governance & Scope Define governance boundaries, scope resources, and set up fine-grained controls that align security and compliance with real-world organizational structures and processes.
Policy as Query or Code (Steampipe + Rego) OpenComply leverages Steampipe’s plugin ecosystem and SQL-based querying for fast insights. Additionally, you can use Rego for policy definitions—something CloudQuery doesn’t support.
Extensible Write your own compliance frameworks, controls, policies. or Write your own Integrations.
3. What are the key differences between the Community and paid versions?
The Community edition of OpenComply is a valuable open-source foundation. Paid versions (Professional and Enterprise) offer additional features and support for organizations with greater needs. Here's a breakdown:
Feature Comparison
Dashboards
No dashboards
Create custom dashboards
Data Controls
No data controls
Limit access to CloudQL
Custom Roles
No custom roles
Define custom roles
Actions
No actions
Trigger actions and respond to events
Data Migrations
Manual data migration
Seamless upgrades
Audit History
Limited audit history
Comprehensive audit trails
Hosting
Self-hosted
Flexible options, including SaaS and managed cloud hosting
Licensing
BSL v1.1
Commercial license
Plugins
Open-source and create your own
Community features plus any 5 premium connectors, dashboards, and automation workflows
Connectors
All connectors included
Export to Sheets
Additional Notes:
Community Licensing: The Community edition is licensed under the Business Source License (BSL) v1.1, allowing for copying, modification, and non-commercial redistribution. Commercial use is permitted under certain conditions.
Plugins: OpenComply offers a range of plugins, both open-source and premium. The Community edition includes open-source plugins and the ability to create custom plugins. The Professional and Enterprise editions include all open-source plugins and five premium connectors, dashboards, and automation workflows.
For more information:
Contact: You can contact OpenComply for further information or to discuss your specific needs.
4. What is the tech stack?
OpenComply is written in Go and front-end is written TypeScript. opencomply runs on Kubernetes and uses tools like KEDA for scaling. This ensures a robust backend and a user-friendly interface.
Languages: Go (backend), TypeScript (frontend/webui)
Database: PostgreSQL (primary), OpenSearch (for evidence and audit trails)
Orchestration and Scaling: Kubernetes, KEDA (Kubernetes Event-driven Autoscaling)
Tools: Git (for metadata storage), NATS (Message bus), HashiCorp Vault (for secure credential storage)
Source Code: OpenComply is open source; source code for community edition is available on GitHub: https://github.com/opengovern/opencomply
5. Are Steampipe plugins compatible with OpenComply?
No, Steampipe plugins aren't directly compatible with OpenComply, but they can be easily ported. OpenComply uses a vault to securely store credentials, manage scheduling, and leverage Kubernetes with KEDA to run discovery on integrations.
6. Is OpenComply a CSPM?
OpenComply can replace CSPM (Cloud Security Posture Management) solutions. It surpasses traditional CSPMs by:
Replacing major CSPM tools: Including Cloud Governance, Datadog CSPM, Trend Micro Conformity, and Palo Alto Prisma.
Extending to PaaS: Connecting to various platforms for wider coverage.
Enhancing functionality: Offering more comprehensive features.
OpenComply delivers all the core functions of a CSPM with greater flexibility and a broader range of integrations.
7. Does OpenComply depend on cloud-native security services like AWS Config or Azure Security Center?
No. OpenComply can replace services such as Azure Cloud Security and AWS Config, as well as the core functionality of CSPM solutions like Datadog. Because OpenComply supports multiple tools, you can connect data from different sources to achieve more comprehensive security and compliance coverage.
8. Where is data stored?
To avoid the metadata sprawl common with many enterprise tools, OpenComply uses a distributed approach:
Product-specific metadata: Stored in Git.
Configuration and settings: Stored in SQL.
Product configuration: Stored in PostgreSQL.
Evidence and audit details: Stored in OpenSearch (an AWS-backed fork of Elasticsearch).
The Community edition's default installation creates databases in Kubernetes. It can also use cloud vendor databases such as RDS, Azure Postgres, DigitalOcean, Linode, or others.
For Commercial editions that opt for the SaaS offering, we manage the data, encrypting each customer's data with unique encryption keys. Commercial customers can also opt to have the product hosted on their cloud accounts.
Last updated