Normalize

SAF Framework

Security tools speak different languages. Nessus outputs XML, SonarQube produces JSON, SCAP tools generate XCCDF results - each with different schemas and structures. The Normalize phase of the MITRE SAF converts security scan results from dozens of different tools into a common format, enabling unified analysis, comparison, and visualization across your entire security toolchain.

View SAF CLI View Framework

The Problem

Security Tool Data Fragmentation

Proper secure software development has many facets. Organizations need to cover all the bases - vulnerability scanning, static and dynamic code analysis (SAST/DAST), configuration management and validation, Software Bill of Materials (SBOM) generation, penetration testing, and more. While today's vibrant cybersecurity tooling landscape gives solutions to each of these problems, each tool tends to produce results in its own proprietary format. Without normalization, security teams waste countless hours manually correlating data, building custom integrations, and maintaining fragile parsing scripts that break with every tool update.

The Solution

Heimdall Data Format (HDF)

MITRE SAF uses the Heimdall Data Format (HDF) as the common language for security data. HDF is a standardized JSON schema that represents security findings in a consistent structure, regardless of the source tool. The SAF CLI provides converters that transform outputs from popular security tools into HDF, enabling unified analysis and visualization.

Unified Schema

HDF provides a consistent structure for representing security controls, test results, severity levels, and remediation guidance. Whether the source is InSpec, Nessus, or SonarQube, the normalized output follows the same schema.

Bi-directional Conversion

SAF CLI converts security tool outputs into HDF for analysis, and can also export HDF data back into formats like CSV, XLSX, or tool-specific formats for integration with existing workflows and reporting systems.

Comprehensive Coverage

SAF CLI supports conversion from 20+ security tools including vulnerability scanners (Nessus, Tenable.io), code analyzers (SonarQube, Fortify), cloud security (AWS Config, Prowler), compliance tools (SCAP, Chef InSpec), and more.

Compare results

Analyze security findings across different tools and timeframes. Track how your security posture changes over time and identify trends in vulnerabilities discovered by different scanning tools.

Aggregate findings

Consolidate security data from multiple sources into a unified security dashboard. View all vulnerabilities, compliance issues, and security findings in one place regardless of which tool discovered them.

Track remediation

Monitor security issue resolution consistently across all tools. Measure progress on fixing vulnerabilities and demonstrate that security issues are being addressed in a timely manner.

Demonstrate compliance

Prove compliance using evidence from multiple security testing sources. Show auditors and stakeholders comprehensive security validation results from your entire toolchain in a unified format.

Community Driven

Have a data format you want HDF to support that you don't see on the list? Contact us about it, or take a look at our training class for converter development and contribute your own converter to the open-source project on GitHub!

Supported Tools

Convert From Any Security Tool

SAF CLI provides converters for a wide range of security tools across different categories. Each converter transforms the tool's native output format into HDF, enabling unified analysis in Heimdall.