From 8edfb700e3d2b3ed4820361f784801e6d2102a50 Mon Sep 17 00:00:00 2001
From: Rahmadi Trimananda <rtrimana@uci.edu>
Date: Fri, 13 Sep 2024 13:52:48 -0400
Subject: [PATCH] Update Free_for_Open_Source_Application_Security_Tools.md

Add xCOMPASS as a privacy engineering tool.
---
 pages/Free_for_Open_Source_Application_Security_Tools.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pages/Free_for_Open_Source_Application_Security_Tools.md b/pages/Free_for_Open_Source_Application_Security_Tools.md
index 340645f872..00762de649 100644
--- a/pages/Free_for_Open_Source_Application_Security_Tools.md
+++ b/pages/Free_for_Open_Source_Application_Security_Tools.md
@@ -341,6 +341,10 @@ Secrets detection is often confused with SAST because both scan through static s
       - The platform comes with a [freemium plan](https://www.arnica.io/pricing) for unlimited time and users count.The [pipelineless security approach](https://www.arnica.io/blog/ci-cd-pipeline-security-vs-ide-plugins-vs-pipelineless-security) is the value the company charges for, so the visibility remains always free.
       - Hardcoded [secrets validation](https://docs.arnica.io/arnica-documentation/hardcoded-secrets/secret-detection) and [custom regex](https://docs.arnica.io/arnica-documentation/hardcoded-secrets/secrets-policy-settings#custom-secrets) configuration are built in.
       - [Secrets mitigation](https://docs.arnica.io/arnica-documentation/hardcoded-secrets/realtime-secret-mitigation) is provided with a developer experience focus.
+   
+### Privacy Engineering Tools
+
+- [xCOMPASS](https://github.com/Comcast/xCompass/tree/main/xCOMPASS) - a simple tool that allows developers to determine their privacy engineering requirements early in the product development lifecycle. xCOMPASS has also been listed by [NIST in their Privacy Engineering Program Collaboration Space as one of four Risk Assessment Tools](https://www.nist.gov/itl/applied-cybersecurity/privacy-engineering/collaboration-space/privacy-risk-assessment/tools) and [CISA as one of the open-source tools that promote cybersecurity best practices](https://www.cisa.gov/resources-tools/services/xcompass).
 
 Please let us know if you are aware of any other high quality
 application security tools that are free for open source (or simply add