GlobaLeaks
GlobaLeaks is a free and open-source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform
Vitality
Quick links
Description
GlobaLeaks is a free and open-source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform. Thanks to GlobaLeaks even non-technical people are be able to setup their own anonymous whistleblowing project. Designed to be user-friendly the software is customizable up to own needs and protects the whistleblower's privacy and submissions. GlobaLeaks targets many use cases and therefore it has been designed as a framework. Designed with flexibility in mind and translated in more than 70 languages GlobaLeaks is nowadays adopted worldwide by more than 30000 projects. The vast range of adopters includes independent media, activists, public agencies, corporations and more. The software is recognized by the Digital Public Good Alliance as a Digital Public Good.
Features
- PNRR
- PNRR/Beneficiari/Altri enti
- PNRR/Beneficiari/ASL
- PNRR/Beneficiari/Comuni
- PNRR/Beneficiari/Istituti di ricerca e AFAM
- PNRR/Beneficiari/PA Centrali
- PNRR/Beneficiari/Province
- PNRR/Beneficiari/Scuole
- PNRR/Beneficiari/Università
- PNRR/Misura/1.1
- PNRR/Misura/1.4.1
- PNRR/Misura/1.6
- Multi-user system with customizable user roles (whistleblower, recipient, administrator)
- Entirely manageable from a web administration interface
- Support for more than 70 languages with Right-to-Left (RTL)
- Receive reports from whistleblower through structured multi-step questionnaire
- Let whistleblowers decide if and when to confidentially declare their identity
- Exchange multimedia files with whistleblower
- Secure management of files' access and visualization
- Chat with whistleblower to discuss the report
- Unique 16-digit receipt for the whistleblower to log back in anonymously
- Simple recipient interface for receiving and analyzing reports
- Support for the categorization of the reports with labels
- Support for the user search of reports
- Support for assigning and creating case management statuses
- Customizable look and feel (logo, colour, styles, font, text)
- Define multiple reporting channels/contexts (e.g. per-topic, per-department)
- Create and manage multiple whistleblowing site (e.g for subsidiaries or third party clients)
- Advanced questionnaire builder
- Whistleblowing system statistics
- Designed in adherence to ISO 37002:2021, EU Directive 2019/1937 standards and recommendations for whistleblowing compliance
- Bidirectional anonymous communication (comments/messages)
- Customizable case management workflow (statuses/sub-statuses)
- Whistleblower identity conditional reporting workflow
- Manage conflict of interest in the reporting workflow
- Custodian functionality to authorize access to whistleblower identity
- GDPR privacy by design and by default
- GDPR configurable data retention policies
- GDPR compliant subscriber module for new users of SaaS services
- No logs of IP addresses
- Audit log
- Integratable with existing enterprise case management platform
- Free Software OSI Approved AGPL 3.0 License
- Designed in adherence to ISO 27001:2022, General Data Protection Regulation (EU) 2016/679, CSA STAR, OWASP standards and recommendations for privacy and security compliance
- Full data encryption of data and metadata exchanged via the platform
- Digital anonymity support with Tor integration
- Built-in HTTPS support with TLS 1.3 standard (SSLabs A+ rating)
- Automatic free digital certificate enrollment (Let’s Encrypt)
- Multiple penetration tests with full public reports
- Two-Factor authentication (2FA) support compliant to standard TOTP RFC 6238
- Integrated network sandboxing with iptables
- Integrated application sandboxing with AppArmor
- Complete protection against automated submissions (spam prevention)
- Subject to continuous peer-review and periodic security audits
- PGP support for encrypted email notifications and encrypted file downloads
- Does not leave traces on browser cache
- Multi-site support enabling to run multiple virtual site on the same setup
- Responsive user interfaces built with Boostrap CSS framework
- Designed in adherence to ISO/IEC 40500:2012, Directive (EU) 2019/882, Directive (EU) 2016/2102, W3C WCAG 2.2 WAI-ARIA 2.2 standards and recommendations for accessibility compliance
- Automated Software Quality Measurement and Continuous Integration Testing
- Long-Term Support plan (LTS)
- Built with lightweight framework technologies (Angular and Python Twisted)
- Integrated SQLite database
- Automatic setup of Tor Onion Services Version 3
- Support for self-service signup for whistleblowing SaaS service setup
- Support for Linux operating system (Debian/Ubuntu)
- Deb Packaging with repository for update/upgrades
- Full self-contained application
- Easy integration of the platform with existing websites and intranets
- REST API
- IPv6 Ready