saf-cli ☆

« Back to VersTracker

Description:
CLI for the MITRE Security Automation Framework (SAF)

Type: Formula | Latest Version: 1.5.3@0 | Tracked Since: Dec 11, 2025

Links: Homepage | @MITREcorp | formulae.brew.sh

Category: Security

Tags: security compliance devsecops mitre cli

Install: brew install saf-cli

About:
The SAF CLI is the official command-line interface for MITRE's Security Automation Framework. It streamlines security compliance workflows by automating the execution of security checks and the generation of compliance artifacts like STIG and CIS benchmarks. This tool enables DevOps and security teams to integrate continuous compliance validation directly into their CI/CD pipelines.

Key Features:

Automates security compliance checks against CIS benchmarks and DISA STIGs
Generates compliance artifacts such as XCCDF, ARF, and HTML reports
Integrates seamlessly into CI/CD pipelines for DevSecOps workflows
Supports testing of container images and cloud infrastructure

Use Cases:

Validating container images against security benchmarks before deployment
Generating audit-ready compliance reports for system authorizations
Enforcing infrastructure-as-code security policies in CI/CD

Alternatives:

InSpec – InSpec is a broader cross-platform testing framework, while SAF CLI is specialized for MITRE frameworks and specific compliance benchmarks.
kube-bench – kube-bench is Kubernetes-specific, whereas SAF CLI offers a wider range of compliance checks for various systems and containers.

Version History

Detected	Version	Change	Commit
Dec 24, 2025 9:55pm	1.5.3	VERSION_BUMP	1376fd7c
Dec 23, 2025 5:22am	1.5.2	VERSION_BUMP	bc604eac
Dec 11, 2025 1:36pm		VERSION_BUMP	577e3757
Oct 2, 2025 2:40am		VERSION_BUMP	c97192f6
Sep 16, 2025 12:48am		VERSION_BUMP	95dcd0bc
Dec 31, 2024 8:07pm		VERSION_BUMP	adbafe74
Oct 28, 2024 9:50pm		VERSION_BUMP	ab9444f3
Sep 17, 2024 2:46am		VERSION_BUMP	bae5987b
Sep 14, 2024 4:09pm		VERSION_BUMP	cc311e35