GRC Store

The GRC Engineering Store

A registry of machine-readable governance, risk, and compliance artifacts — control catalogs, guidance, policies, mappings, and the evidence logs produced when you measure against them. Every artifact is content-addressed, versioned, and pullable with grcli or any OCI client.

Find an artifact

Filter catalogs by kind, organization, or keyword. Inspect any version and copy the pull command.

Search →

Explore organizations

See who is publishing — vendor frameworks, open-source projects, and individual authors.

View organizations →

Meet grcli

The command-line interface to the registry. Pull, list, and (with an account) publish artifacts from CI.

Read the docs →

Built on Gemara

Gemara is an open, layered schema for expressing GRC as data instead of prose — controls, guidance, threats, and the mappings between them, all in one shape every tool can read. This store is a public home for artifacts that follow it.

Learn about the Gemara model →