MITRE SAF™

Security Automation Tools

The MITRE Security Automation Framework™ provides a comprehensive suite of open-source tools to support every phase of the security automation lifecycle. From planning and authoring security requirements to validating controls and visualizing results, SAF tools enable teams to build, test, and maintain secure systems efficiently.

Available Tools

Complete Security Automation Toolkit

Heimdall

Security data visualization and analysis platform. View compliance dashboards, compare results, and generate reports.

View Details → Try Demo → GitHub →

SAF CLI

Command-line tool for security automation. Convert security tool outputs to HDF, generate InSpec profiles, and more.

View Details → Documentation → GitHub →

Vulcan

Security guidance authoring tool. Create and edit security requirements documents that serve as the foundation for automation.

View Details → Try Demo → GitHub →

eMASSer

eMASS integration tool. Automate interactions with Enterprise Mission Assurance Support Service to keep compliance packages up to date.

View Details → GitHub →

Security Automation Content

Browse security validation profiles and hardening content for various platforms and compliance frameworks.

Browse Content →

Getting Started

Choose Your Starting Point

Jump in at any phase of the security automation lifecycle based on your current needs and maturity level.

New to Security Automation?

Start by validating your systems with existing InSpec profiles, then visualize the results in Heimdall.

Browse Security Profiles → Learn About Heimdall →

Already Running Security Scans?

Use SAF CLI to convert your existing security tool outputs (Nessus, SonarQube, etc.) into a common format.

Learn About SAF CLI → Normalization Guide →

Creating Custom Requirements?

Use Vulcan to author security guidance documents, then generate InSpec profiles from your requirements.

Learn About Vulcan → Planning Guide →