osquery is great and, while it does not tick precisely the same checkboxes as Jamf or Fleetsmith, it'll almost certainly suffice for evidence generation for compliance (osquery is in fact much better at producing "evidence" than most MDM tools are).
Just a shameless plug we've written thousands of queries to automate many compliance checks against major frameworks such as: NCSC-CE, CIS, SOC and ISO. https://www.zercurity.com/product/compliance/ It'll even collate all the evidence for you and help your employees improve their own cyber security posture based on your corporate policies.