Probo

June 11, 2026 ยท View on GitHub

License Build Discord

Open-source GRC platform for engineers.

Probo is a self-hostable governance, risk, and compliance (GRC) platform built for engineering and security teams. It covers the full GRC lifecycle: risk identification, control tracking, vendor risk, data privacy, access reviews, audit programs, and document approval workflows. Every entity is accessible through a web console, a CLI, a Model Context Protocol (MCP) API, and a GraphQL API, so you can automate compliance work from code, scripts, or any LLM agent.

Why Probo?

  • AI-native by design. 270+ MCP tools expose every entity and operation. Any MCP-compatible LLM agent can read and write your GRC data, draft policies, run risk assessments, and generate evidence packs.
  • Full GRC coverage. Risk management, controls, vendor risk, data privacy (DPIA/TIA), access reviews, audit programs.
  • Multiple interfaces. Web console, prb CLI (44+ command groups), MCP API, GraphQL, and an n8n community node for no-code automation.
  • Open source and self-hostable. ISC licensed. Run it on your own infrastructure with Docker.
  • Audit-ready. Policy-based RBAC, immutable audit logs, electronic document sign-off workflows, and evidence chains.

Capabilities

DomainFeatures
Risk ManagementRisk register, inherent/residual scoring, treatment strategies (mitigate, accept, avoid, transfer), threat-based risk assessments
Controls & FrameworksControl library with maturity levels, custom framework import/export, Statement of Applicability (SoA)
Vendor / Third-Party RiskVendor inventory, automated website risk assessment, DPA/BAA tracking, subprocessor discovery
Data PrivacyDPIA, Transfer Impact Assessments, processing activity records, data inventory, rights requests (SAR/erasure)
Access ReviewsCampaign management, per-entry access decisions, integration with SaaS, cloud infra, and source code sources
Audit ProgramsAudit scoping, control mapping, finding tracking, report generation
Evidence & MeasuresEvidence collection (files and URLs), implementation state tracking, task assignment
Document ManagementVersioned documents, approval quorums, electronic signatures, PDF export, bulk operations
Compliance PagePublic compliance portal, NDA management, certification publishing, custom domain support
Cookie & ConsentCookie banner management, tracker detection, consent records

Interfaces

Web console

The primary interface for day-to-day GRC work. Runs at http://localhost:8080 in development.

CLI (prb)

A fully-featured command-line client for scripting, automation, and CI/CD integration. Covers all 44+ resource types available in the web console.

# Authenticate
prb auth login

# List open risks
prb risk list

# Create a measure and link evidence
prb measure create --name "MFA enforced on all production systems"
prb evidence create --measure <id> --file screenshot.png

# Manage vendor compliance
prb thirdpartymgmt vendor list
prb thirdpartymgmt risk-assessment create --vendor <id>

Run prb help for the full command reference.

MCP API

Probo exposes 270+ MCP tools covering every entity and operation in the platform. Any MCP-compatible LLM agent (Claude, Cursor, Continue, and others) can connect directly and interact with your compliance data.

The full MCP specification is at pkg/server/api/mcp/v1/specification.yaml.

n8n node

The @probo/n8n-nodes-probo community node brings Probo into n8n workflows for no-code automation of compliance tasks over the GraphQL API.

Quick Start

Prerequisites

ToolVersion
Go1.26+
Node.js22+
Dockerlatest
mkcertlatest

Steps

# 1. Clone with submodules
git clone --recurse-submodules https://github.com/getprobo/probo.git
cd probo

# 2. Install dependencies
go mod download
npm ci

# 3. Start infrastructure services (PostgreSQL, object storage, etc.)
make stack-up

# 4. Build
make build

# 5. Generate the local dev config
make dev-config

# 6. Run the server
bin/probod -cfg-file cfg/dev.yaml

The web console is available at http://localhost:8080.

See CONTRIBUTING.md for the full development environment walkthrough, including the frontend dev server and code generation steps.

Tech Stack

LayerTechnologies
BackendGo, PostgreSQL
APIGraphQL, MCP
FrontendReact, TypeScript, Relay, TailwindCSS
InfrastructureDocker, GitHub Actions
ObservabilityOpenTelemetry, Grafana, Prometheus, Loki, Tempo

Contributing

Contributions are welcome. Read CONTRIBUTING.md before opening a pull request. All commits require a Developer Certificate of Origin (DCO) sign-off (git commit -s). No CLA required.

To report a security vulnerability, email security@probo.com rather than opening a public issue. See SECURITY.md for the full disclosure policy.

Community

License

Probo is ISC licensed.