Unicis Platform Community Edition - an open core, enterprise-ready trust management platform for startups and SMEs.
Please star ⭐ the repo if you want us to continue developing and improving the Unicis Platform! 😀
- General Data Protection Regulation - GDPR
- Minimum Viable Secure Product - MVSP
- ISO 27001:2013 & ISO 27001:2022
- NIST Cybersecurity Framework 2.0
- Directive (EU) 2022/2555 NIS 2
- CIS Critical Security Controls Version 8.1
- Criteria Catalogue C5:2020
- SOC2 Type II - System and Organization Controls
- OWASP Application Security Verification Standard (ASVS) v5
- Payment Card Industry Data Security Standard (PCI DSS v4.0.1)
- ISO/IEC 42001:2023 — AI Management System
- EU Cyber Resilience Act (CRA)
- EU Digital Operational Resilience Act (DORA)
- Cloud Controls Matrix and CAIQ v4 (CSA CCM v4)
- Trusted Information Security Assessment Exchange (TISAX)
- EU AI Act
- Health Insurance Portability and Accountability Act (HIPAA)
- Custom ...
- SaaS-Starter-Kit
- Next.js
- Tailwind CSS v4 and daisyUI v5
- Shadcn
- Postgres
- React
- Prisma
- TypeScript
- SAML Jackson (Provides SAML SSO, Directory Sync)
- Svix (Provides Webhook Orchestration)
- Retraced (Provides Audit Logs Service)
- Endpoints collection (Provided by Osquery)
- Resend (Email delivery)
- graphile-worker (Background job queue for notification delivery)
- OpenAPI 3.0 / Swagger UI (REST API documentation at
/api-docs) - Bearer (Code security scanning tool (SAST))
We are working on one-click deployment solution with popular platforms. For advance users please use the below section.
Please follow these simple steps to get a local copy up and running.
Tip
The fastest and easiest way to get started with Unicis Platform is through the free trial of cloud instance available here.
- Node.js (Version: >=20.x)
- PostgreSQL
- NPM
- Docker compose
Note
To enable web push notifications, set the NEXT_PUBLIC_VAPID_PUBLIC_KEY and VAPID_PRIVATE_KEY environment variables in your .env file. Generate a key pair with npx web-push generate-vapid-keys.
- Fork the repository
- Clone the repository by using this command:
git clone https://github.com/<your_github_username>/unicis-platform-ce.gitcd unicis-platform-cenpm installDuplicate .env.example to .env.
cp .env.example .envTo make the process of installing dependencies easier, we offer a docker-compose.yml with a Postgres container.
docker-compose up -dnpx prisma db pushIn a development environment:
npm run devPrisma Studio is a visual editor for the data in your database.
npx prisma studioWe are using Playwright to execute E2E tests. Add all tests inside the /tests folder.
Update playwright.config.ts to change the playwright configuration.
npm run playwright:updatenpm run test:e2eNote: HTML test report is generated inside the report folder. Currently supported browsers for test execution chromium and firefox
We use syft tool for generating SBOM
syft dir:unicis-platform -o spdx-json > sbom-spdx.json
syft dir:unicis-platform -o cyclonedx-xml > sbom-cyclonedx.xml- Record of Processing Activities
- Transfer Impact Assessment
- Privacy Impact Assessment
- Cybersecurity Controls — including export/import of Statement of Applicability (SoA) in HTML, PDF, and Excel
- Cybersecurity Risk Management
- Interactive Awareness Program
- REST API — OpenAPI 3.0 spec with Swagger UI at
/api-docs - Notifications — In-app, email, and web push
- Right to Erasure Request Form
- Processor Questionnaire Checklist
- Asset Inventory Management
- Vendor Assessment Checklist
- Benchmark Report - Trust Center as a public compliance page
- Vendor Report
- Incident Management
- Document Management / Policy Lifecycle
- Create account
- Sign in with Email and Password
- Sign in with Magic Link
- Sign in with SAML SSO
- Sign in with Google [Setting up Google OAuth]
- Sign in with GitHub [Creating a Github OAuth App]
- Directory Sync (SCIM)
- Update account
- Create team
- Invite users to the team
- Manage team members
- Update team settings
- Webhooks & Events (task.created, task.commented, task.updated, task.deleted, task.due_date, file.uploaded)
- Notifications — in-app bell, email, and web push; per-user channel preferences
- Internationalization (see supporting languages below)
- Audit logs
- Roles and Permissions
- Dark mode
- Custom AI chatbot
- Standards and Frameworks mapping
- Mapping Matrix
- Export / import Statement of Applicability (SoA) — HTML, PDF, Excel
- REST API — OpenAPI 3.0 spec, Swagger UI at
/api-docs - API Key Bearer Token authentication
- Custom Framework Support (JSON/YAML DSL)
- Jira Integration (bidirectional)
- MCP Server Exposure
- AI Questionnaire Automation
- Continuous Control Monitoring
- Executive Dashboards & Reporting
- EN: English
- FR: French
- ES: Spanish
- DE: German
Note
Help with translating it to other languages via our Weblate translation platform.
Thanks for taking the time to contribute! Contributions make the open-source community a fantastic place to learn, inspire, and create. Any contributions you make are greatly appreciated.
Please try to create bug reports that are:
- Reproducible. Include steps to reproduce the problem.
- Specific. Include as much detail as possible: which version, what environment, etc.
- Unique. Do not duplicate existing opened issues.
- Scoped to a Single Bug. One bug per report.
Let's develop an open-source competitor to Drata, Vanta, Auditboard, Strike Graph, and Secureframe, and more. Help us build a future GRC by supporting us.
- Discord (For live discussion with the Open-Source Community and Unicis team)
- X / LinkedIn / Mastodon (Follow us)
- Vimeo (Watch community events and tutorials)
- GitHub Issues (Contributions, report issues, and product ideas)
On this page you will find everything you may need to know in order to install, configure, maintain and customize an Unicis Platform. Use the links below to navigate.
Made with contrib.rocks.