SAF CLI
Support utility for security automation
The MITRE SAF© Command Line Interface (SAF CLI) is a collection of automation support functions bundled into a single handy tool.
Like all tools in the Framework, the SAF CLI can be used by a developer on a laptop for ad-hoc security data management, or it can be integrated into a full CI/CD pipeline to serve as a connector between segments of the pipeline.
The SAF CLI is distributed on DockerHub as a container image for easy integration with your workflow, or can be pulled from NPM.
Convert between security data formats
Easily normalize reports from multiple scanning tools into OHDF, or convert OHDF to your desired data format.
Summarize your test results
Point SAF CLI to an OHDF file and have it print summary data on control statuses.
Check against thresholds
Validate your security data against a fine-grain threshold of compliance that you define for your environment. Useful for defining a go/no-go decision point in a CI/CD pipeline -- ensure that your pipeline will continue to execute if and only if your automated compliance testing passes!
Update InSpec profiles
SAF CLI's Delta feature updates the metadata of an InSpec profile against new versions of the baseline guidance the profile implements, and helps identify which controls need their test logic updated by a human being.
Create attestations
SAF CLI allows you to write an attestation about the state of a manual control, and add it into your automated scanning results data. Add manual data to your automated workflows!
Interface with eMASS
SAF CLI has functions for working with the eMASS API to update control statuses, provide reports to the eMASS server, query eMASS for data, and more. This allows you to interact with eMASS automatically within your pipelines.
