Best Self-hosted Vulnerability Management, Compliance & Audit tools in 2026

4 self-hosted open source alternatives in this category

See also:

Certificates, PKI & TLS AutomationIdentity & Access Management (IAM)Network Security (VPN, Firewall, WAF)Secrets, Passwords & VaultsSSO & Federated Identity (OIDC/SAML)Threat Detection, SIEM & Incident Response

4 services found

Bytebase

Bytebase

Database DevSecOps platform for schema change and access governance

13.8k
915
Last commit: 15h ago

Open-source database DevSecOps tool for managing schema migrations, SQL review, audit logging, access control, and data masking across multiple databases.

Alternative to:
Datical (Liquibase Enterprise)
Datical (Liquibase Enterprise)+5
ClamAV

ClamAV

Open-source antivirus engine for gateway and file scanning

6.3k
835
Last commit: 5d ago

ClamAV is an open-source antivirus toolkit providing a multi-threaded daemon, command-line scanners, and automatic signature updates for mail gateways and file scanning.

Alternative to:
McAfee
McAfee+8
Cupdate

Cupdate

Zero-config service that detects and lists outdated container images

302
6
Last commit: 11h ago

Cupdate auto-detects container images in Kubernetes, Docker or Podman, finds newer versions and exposes results via a UI, API and RSS feed with vulnerability metadata.

Alternative to:
JFrog Xray
JFrog Xray+10
Secrover

Secrover

Open-source tool to generate professional HTML security audit reports

242
4
Last commit: 8d ago

Secrover generates human-readable HTML security audit reports for repositories and domains. Scans dependencies, code, and domains; supports scheduling and remote exports.

Alternative to:
Snyk
Snyk+15