MITRE SAF™

Appearance

SAF Apps

saf-cli SAF CLI

SAF CLI is MITRE SAF's(tm) command-line tool for security automation. Convert security tool outputs to HDF, summarize test results, validate against thresholds, update InSpec profiles, create attestations, and interface with eMASS - all from your terminal or CI/CD pipeline.
View on GitHub Documentation GitHub Action Homebrew AWS Lambda Docker Hub npmNormalize Icon Normalize
Data Normalization

Convert between security data formats

Easily normalize reports from multiple scanning tools into OHDF, or convert OHDF to your desired data format.
Convert between security data formats
Result Summary

Summarize your test results

Point SAF CLI to an OHDF file and have it print summary data on control statuses.
Summarize your test results
Threshold Validation

Check against thresholds

Validate your security data against a fine-grain threshold of compliance that you define for your environment. Useful for defining a go/no-go decision point in a CI/CD pipeline -- ensure that your pipeline will continue to execute if and only if your automated compliance testing passes!
Check against thresholds
Profile Management

Update InSpec profiles

SAF CLI's Delta feature updates the metadata of an InSpec profile against new versions of the baseline guidance the profile implements, and helps identify which controls need their test logic updated by a human being.
Update InSpec profiles
Attestation Management

Create attestations

SAF CLI allows you to write an attestation about the state of a manual control, and add it into your automated scanning results data. Add manual data to your automated workflows!
Create attestations
eMASS Integration

Interface with eMASS

SAF CLI has functions for working with the eMASS API to update control statuses, provide reports to the eMASS server, query eMASS for data, and more. This allows you to interact with eMASS automatically within your pipelines.
Interface with eMASS
Get Started

Deployment Options

Choose the deployment option that works best for your workflow.

GitHub Action

Use the SAF CLI GitHub Action to run security validation, conversion, and threshold checks directly in your GitHub Actions CI/CD pipelines. Drop it into any workflow YAML file.

GitHub Marketplace → View Source →

Homebrew

Install SAF CLI using Homebrew for easy command-line access on macOS and Linux. Tap the MITRE SAF Homebrew repository and install with a single command.

Homebrew Tap →

AWS Lambda

Deploy InSpec validation as a serverless AWS Lambda function. Trigger security scans on demand or on a schedule without managing infrastructure. Results can be pushed to S3 or Heimdall.

View Source →

Container Deployment

Run SAF CLI as a containerized application using Docker. Pull the Docker image directly from DockerHub for container orchestration or use in containerized CI/CD pipelines.

DockerHub → View Source →

NPM Package

Install SAF CLI as a global NPM package for easy command-line access. Use npm or yarn to install and run SAF commands directly from your terminal. Perfect for local development and CI/CD integration.

NPM Package → View Source →

From Source

Build and run SAF CLI from source code for development or custom builds. Clone the repository, install dependencies, and run locally or contribute to the project.

View Source → Documentation →
Resources

Learn More About SAF CLI

Source Code

View the complete source code, contribute features, or report issues on GitHub.

Documentation

Command reference, usage guides, and integration examples.

Privacy PolicyManage Cookies

MITRE Security Automation Framework (MITRE SAF) is a trademark of The MITRE Corporation. Released under the Apache 2.0 License.

Copyright © 2026 The MITRE Corporation