About

Why We Build

If you've ever run a compliance assessment for a small IT team or an MSP, you know the drill. You're copying scan output into spreadsheets, cross-referencing controls across three different frameworks, and manually tracking evidence in shared drives. Enterprise GRC platforms exist, but they cost more than most small shops can justify, and they're built for organizations with dedicated compliance teams, not for the sysadmin who's also the security person.

Galvnyz builds open-source tools that automate the tedious parts of this work: security assessments, framework mapping, and evidence collection. The goal isn't to replace human judgment. It's to eliminate the hours of mechanical effort so you can focus on the parts that actually require expertise.

We think tools like these should be free to try, transparent in how they work, and built by people who actually do this work day to day. No black boxes, no vendor lock-in, no surprise pricing tiers.

Built by Practitioners

Galvnyz started from real frustration. Years of running security assessments manually, pulling data from dozens of sources, mapping findings to NIST and CIS controls by hand, reformatting the same results for different audiences. At some point it became clear that the tooling gap wasn't going to fix itself. The big vendors weren't solving this for small teams, so we started building.

The tools we ship come from the field, not a product roadmap. Every feature exists because someone needed it while doing actual compliance work. That's the filter: if it doesn't save real time on a real assessment, it doesn't get built.

What's Ahead

We're expanding the tool suite with more frameworks, deeper automation, and better reporting. The open-source core stays free. Always.

What gets built next is shaped by the people using these tools. If you have ideas, feedback, or problems you want solved, the best place to start is GitHub Discussions. If you want to help fund development directly, GitHub Sponsors is the way to do it.