This document discusses how open source security scanning tools like OpenSCAP and GovReady can help make compliance with security standards like FISMA easier for developers. It provides tips on using these tools, including using control families to group checks, integrating scans into continuous integration processes, and leveraging shared security content. The document advocates engaging with these open source communities to help expand scanning capabilities to more operating systems and applications. Overall it promotes using automation and open standards to streamline security and reduce the challenges of compliance for developers.