heimdall2 vs saf

heimdall2

Heimdall Enterprise Server 2 lets you view, store, and compare automated security control scan results. (by mitre)

The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines (by mitre)

mitre-corporation mitre-saf Compliance Security security-automation Devsecops JSON security-automation-framework mitre

Source Code

saf-cli.mitre.org

Suggest alternative

Edit details

SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App

With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

surveyjs.io

featured

InfluxDB - Power Real-Time Data Analytics at Scale

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

www.influxdata.com

featured

heimdall2		saf
	Project
4	Mentions	2
195	Stars	127
2.1%	Growth	3.1%
9.9	Activity	9.8
6 days ago	Latest Commit	6 days ago
TypeScript	Language	TypeScript
GNU General Public License v3.0 or later	License	GNU General Public License v3.0 or later

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

heimdall2

Posts with mentions or reviews of heimdall2. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-01-15.

CSPM opensource suggestions
9 projects | /r/cloudsecurity | 15 Jan 2023
CIS Benchmark deployment approach
4 projects | /r/cybersecurity | 2 Oct 2022

Take a look at https://github.com/mitre/heimdall2 and https://github.com/mitre/saf. Data from scans and other tools can be converted to the Heimdall2 format using SAF, and SAF can use Inspec profiles to harden (https://saf.mitre.org/#/harden) and validate (https://saf.mitre.org/#/validate).
Tooling for Purple Teaming
5 projects | /r/purpleteamsec | 14 Jun 2022
Checking compliance of controls? Job help
3 projects | /r/cybersecurity | 17 Sep 2021

saf

Posts with mentions or reviews of saf. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-01-15.

CSPM opensource suggestions
9 projects | /r/cloudsecurity | 15 Jan 2023

SAF https://github.com/mitre/saf
CIS Benchmark deployment approach
4 projects | /r/cybersecurity | 2 Oct 2022

Take a look at https://github.com/mitre/heimdall2 and https://github.com/mitre/saf. Data from scans and other tools can be converted to the Heimdall2 format using SAF, and SAF can use Inspec profiles to harden (https://saf.mitre.org/#/harden) and validate (https://saf.mitre.org/#/validate).

What are some alternatives?

When comparing heimdall2 and saf you can also consider the following projects:

OSCAL - Open Security Controls Assessment Language (OSCAL)

magpie - A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat landscape such as cloud ransomware and supply chain attacks.

inspec - InSpec: Auditing and Testing Framework

windows_hardening - HardeningKitty and Windows Hardening settings and configurations

macos_security - macOS Security Compliance Project

ZAP - The ZAP core project

attack-stix-data - STIX data representing MITRE ATT&CK

cloudquery - The open source high performance ELT framework powered by Apache Arrow

VECTR - VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios

cloudsploit - Cloud Security Posture Management (CSPM)

prowler - Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more