Skip to content

mitre/saf-packaging

BranchesTags

Repository files navigation

saf-packaging

Centralized packaging for MITRE SAF security tools. Builds RPMs (and later DEBs/APKs) for air-gapped RHEL/EL environments.

Packages

Package Description Status
heimdall-server Security results viewer (NestJS + Vue) Available
vulcan STIG authoring tool (Rails + Vue) Planned
saf-cli SAF command-line interface Planned
saf-profile-* 101 InSpec security profiles Planned

Quick Start (COPR)

sudo dnf copr enable @mitre/saf
sudo dnf install heimdall-server
sudo heimdall-server-setup

Air-Gap Install

tar xzf saf-airgap-el9-x86_64-*.tar.gz -C /opt/saf-repo
sudo cp /opt/saf-repo/saf-local.repo /etc/yum.repos.d/
sudo rpm --import /opt/saf-repo/RPM-GPG-KEY-SAF-MITRE
sudo dnf install heimdall-server saf-cli saf-profiles-rhel

Supported Platforms

  • RHEL / Oracle Linux / Rocky / Alma 8 (x86_64, aarch64)
  • RHEL / Oracle Linux / Rocky / Alma 9 (x86_64, aarch64)

Repository Structure

heimdall-server/    RPM spec, systemd, SELinux, fapolicyd, firewalld, CLI
vulcan/             RPM spec, systemd, SELinux (planned)
saf-cli/            RPM spec for SAF CLI
profiles/           Template-based profile packaging (101 profiles)
scripts/            Shared build/sign/publish scripts
airgap/             Air-gap bundle builder
keys/               GPG signing key
.github/workflows/  CI/CD: build, sign, publish to COPR

Building Locally

cd heimdall-server
make srpm    # Build source RPM
make rpm     # Build binary RPM (requires rpmbuild deps)

License

Apache-2.0 — see LICENSE.

About

Centralized packaging repo for MITRE SAF tools — RPMs, DEBs, APKs for Heimdall, Vulcan, SAF CLI, and 101 InSpec profiles

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages