Integrate MITRE SAF CLI with Vulnetix. Use @mitre/saf to convert output from InSpec, DISA STIGs, Nessus, and SARIF into Heimdall Data Format, or convert HDF to SARIF for Vulnetix upload.
CLI toolSARIFJSONCSV
Install & scan
$ npm install -g @mitre/saf # or use without install: npx @mitre/saf --help $ # SARIF to HDF (for Heimdall visualisation) npx @mitre/saf convert sarif2hdf -i findings.sarif -o findings.hdf.json # HDF to SARIF (for Vulnetix upload) npx @mitre/saf convert hdf2sarif -i results.hdf.json -o results.sarif
Run MITRE SAF in CI
Scan on every push and upload the results to Vulnetix:
- name: Install MITRE SAF CLI
run: npm install -g @mitre/saf
- name: Convert InSpec results to SARIF
run: |
inspec exec ./my-profile --reporter json:inspec-output.json
saf convert inspec2hdf -i inspec-output.json -o inspec.hdf.json
saf convert hdf2sarif -i inspec.hdf.json -o inspec.sarif
- name: Upload to Vulnetix
run: vulnetix upload --file inspec.sarif
Centralise MITRE SAF results in Vulnetix
Upload MITRE SAF SARIF, JSON, CSV output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.