OPEN-SOURCE COMPLIANCE AUTOMATION

Compliance Automation for Federal Linux Infrastructure

Hanalyx builds Kensa and OpenWatch — open-source tools that scan, remediate, and continuously monitor Linux compliance across STIG, CIS, NIST 800-53, and more.

GET KENSA →DEPLOY OPENWATCH →

app.openwatch.dev

TRUSTED BY

SDVOSB

Certified

Minority-Owned

Small Business

Top Secret

Clearances

12+ Years

Federal Experience

PRODUCT

01 KENSA

Scan, remediate, rollback

508 rules across 7 frameworks. 23 typed remediation mechanisms with automatic rollback on failure.

• Agentless SSH scanning
• Multi-framework single scan
• JSON/YAML/HTML/CSV/PDF exports

LEARN MORE →

kensa scan

$ kensa scan --host 10.0.1.50 --framework stig
[INFO] Running STIG compliance scan (508 rules)...
Summary: 482/508 rules passing (94.8% compliant)

02 OPENWATCH

See everything, continuously

Continuous compliance monitoring with temporal posture queries. Not just what is passing now, but what was passing last Tuesday.

• Drift detection and alerting
• Governance and exception management
• Audit-ready evidence exports

LEARN MORE →

openwatch status

$ openwatch status --environment production
[INFO] 47 hosts monitored | 3 drift events (last 24h)
[INFO] Overall compliance: 96.2% | Next audit: 14 days

See It Work

kensa scan output

$ kensa scan --host 10.0.1.50 --framework stig
[INFO] Connecting to 10.0.1.50 via SSH...
[INFO] Running STIG compliance scan (508 rules)...

PASS  V-38476  SSH Protocol Version 2 enforced
PASS  V-38607  SSH root login disabled
FAIL  V-38524  Password minimum length < 14 characters
PASS  V-38484  Audit log rotation configured
PASS  V-38580  Firewall enabled and active
FAIL  V-38497  AIDE integrity checking not installed

Summary: 482/508 rules passing (94.8% compliant)
   26 findings | 18 auto-remediable | 8 manual review

508

Rules

Mechanisms

Frameworks

95%

STIG Compliance

ENTERPRISE