Public Repository

Last pushed: 9 days ago
Short Description
Demonstration version of the open source GovReady-Q GRC compliance app platform
Full Description

About GovReady-Q

GovReady-Q Compliance Server is a tool to help teams build and operate compliant IT systems.

GovReady-Q helps system integrators and small businesses programmatically generate and maintain their System Security Plan (SSP) and other compliance artifacts. GovReady-Q guides your team step-by-step through FISMA’s NIST Risk Management Framework Authorization and Accreditation (A&A) with easy-to-use "compliance apps" that interact with you and each other to generate policies, plans, and evidence to impress your auditors.

When using GovReady-Q, your team selects "apps" from a compliance store. Apps represents system components, organization processes and team roles. Our open source Expert System uses the apps to interactively teach security and ask simple questions about your software and system. As your team collaboratively answers questions, the Expert System analyzes compliance and maintains human and machine-readable versions of your SSP and compliance artifacts.

GovReady-Q works with and compliments existing cyber security GRC software with user-friendly assessments, inline security training and tutorials you can customize to take your system teams step-by-step through implementing security controls and preparing control descriptions and evidence.

GovReady-Q is open source and available on GitHub at GovReady-Q incorporates the emerging OpenControl data standard for re-usable compliance content.

Join our mailing list and stay informed of developments.

Target Audience

GovReady-Q was made by developers for developers who value security, but never want to hear again better technology "can't be used because its not compliant."

Our target audience is forward thinking system integrators, security and compliance teams who need faster, modern cyber security assessments and compliance aligned with their Agile practices and DevOps culture and automation. They are tired of writing SSP's by hand and need a more scale-able, self-service approach to compliance. They want to contribute to and benefit from a supply chain of shared, re-usable, Don't Repeat Yourself compliance content.

The compliance apps and Expert System are under heavy, active development. GovReady Q should only be used at this time by those capable and comfortable of working with pre-release software.


Start the container in the background:

CONTAINER=$(docker container run --detach -p 8000:8000 govready/govready-q)

Create a Django database superuser and set up your first organization:

docker container exec -it $CONTAINER ./

Visit your organization in your web browser at:


To pause and restart the container without destroying its data:

docker container stop $CONTAINER
docker container start $CONTAINER

To destroy the container and all user data entered into Q:

docker container rm -f $CONTAINER

For latest features, you can also access nightly build on Docker:

CONTAINER=$(docker container run --detach -p 8000:8000 govready/govready-q-nightly)

If you are using the Docker image to develop your own compliance apps, then
you will need to bind-mount a directory on your (host) system as a directory
within the container so that the container can see your app YAML files. To
do so, start the container with this command instead:

CONTAINER=$(docker container run --detach -p 8000:8000 --mount \

type=bind,src=/absolute/path/to/apps,dst=/mnt/apps govready/govready-q)

Notes on Demonstration Version

  • The Q database is only persisted within the container. The database will persist between docker container stop/docker container start commands, but when the container is removed from Docker (i.e. using docker container rm) the Q data will be destroyed.
  • The store has just a few early-version compliance apps. The newest versions of the apps are loaded from their public repositories each time Govready-Q is restarted.
  • The Q instance cannot send email until it is configured to use a transactional mail provider like Mailgun.
  • This image is not meant to be used for a public website because it uses Django's debug server to serve the site with DEBUG = True.
Docker Pull Command

Comments (0)