Copy disabled (too large)
Download .txt
Showing preview only (109,632K chars total). Download the full file to get everything.
Repository: mitre/saf
Branch: main
Commit: 0797eb553cec
Files: 635
Total size: 418.7 MB
Directory structure:
gitextract_8tjlmnxx/
├── .deepsource.toml
├── .editorconfig
├── .env-example
├── .github/
│ ├── dependabot.yml
│ ├── mergify.yml
│ ├── release-drafter.yml
│ └── workflows/
│ ├── anchore-syft.yml
│ ├── auto-approve-and-merge.yml
│ ├── build-macos.yml
│ ├── build-rpm.yml
│ ├── build-windows-linux.yml
│ ├── bump-brew.yml
│ ├── draft-release.yml
│ ├── e2e-ci.yml
│ ├── linter.yml
│ ├── push-to-docker-main.yml
│ ├── push-to-docker.yml
│ ├── push-to-npm-gpr.yml
│ └── test-docker-image.yml
├── .gitignore
├── .nvmrc
├── .vscode/
│ ├── launch.json
│ └── settings.json
├── CNAME
├── Dockerfile
├── LICENSE.md
├── README.md
├── VERSION
├── _config.yml
├── bin/
│ ├── run
│ └── run.cmd
├── docs/
│ ├── contributors-guide.md
│ └── emasser/
│ └── index.md
├── eslint.config.js
├── oclif-theme.json
├── pack-hdf-converters.bat
├── pack-hdf-converters.sh
├── pack-heimdall-lite.bat
├── pack-heimdall-lite.sh
├── pack-inspec-objects.bat
├── pack-inspec-objects.sh
├── pack-inspecjs.bat
├── pack-inspecjs.sh
├── package.json
├── release-prep.ps1
├── release-prep.sh
├── saf-cli.code-workspace
├── saf.spec
├── src/
│ ├── commands/
│ │ ├── attest/
│ │ │ ├── apply.ts
│ │ │ └── create.ts
│ │ ├── convert/
│ │ │ ├── anchoregrype2hdf.ts
│ │ │ ├── asff2hdf.ts
│ │ │ ├── aws_config2hdf.ts
│ │ │ ├── burpsuite2hdf.ts
│ │ │ ├── checkov2hdf.ts
│ │ │ ├── ckl2hdf.ts
│ │ │ ├── ckl2poam.ts
│ │ │ ├── conveyor2hdf.ts
│ │ │ ├── cyclonedx_sbom2hdf.ts
│ │ │ ├── dbprotect2hdf.ts
│ │ │ ├── dependency_track2hdf.ts
│ │ │ ├── fortify2hdf.ts
│ │ │ ├── gosec2hdf.ts
│ │ │ ├── hdf2asff.ts
│ │ │ ├── hdf2caat.ts
│ │ │ ├── hdf2ckl.ts
│ │ │ ├── hdf2condensed.ts
│ │ │ ├── hdf2csv.ts
│ │ │ ├── hdf2html.ts
│ │ │ ├── hdf2splunk.ts
│ │ │ ├── hdf2xccdf.ts
│ │ │ ├── index.ts
│ │ │ ├── ionchannel2hdf.ts
│ │ │ ├── jfrog_xray2hdf.ts
│ │ │ ├── msft_secure2hdf.ts
│ │ │ ├── nessus2hdf.ts
│ │ │ ├── netsparker2hdf.ts
│ │ │ ├── neuvector2hdf.ts
│ │ │ ├── nikto2hdf.ts
│ │ │ ├── prisma2hdf.ts
│ │ │ ├── prowler2hdf.ts
│ │ │ ├── sarif2hdf.ts
│ │ │ ├── scoutsuite2hdf.ts
│ │ │ ├── snyk2hdf.ts
│ │ │ ├── sonarqube2hdf.ts
│ │ │ ├── splunk2hdf.ts
│ │ │ ├── trivy2hdf.ts
│ │ │ ├── trufflehog2hdf.ts
│ │ │ ├── twistlock2hdf.ts
│ │ │ ├── veracode2hdf.ts
│ │ │ ├── xccdf_results2hdf.ts
│ │ │ └── zap2hdf.ts
│ │ ├── emasser/
│ │ │ ├── configure.ts
│ │ │ ├── delete/
│ │ │ │ ├── artifacts.ts
│ │ │ │ ├── cloud_resources.ts
│ │ │ │ ├── container_scans.ts
│ │ │ │ ├── hardware_baseline.ts
│ │ │ │ ├── milestones.ts
│ │ │ │ ├── poams.ts
│ │ │ │ └── software_baseline.ts
│ │ │ ├── get/
│ │ │ │ ├── artifacts.ts
│ │ │ │ ├── cac.ts
│ │ │ │ ├── cmmc.ts
│ │ │ │ ├── controls.ts
│ │ │ │ ├── dashboards.ts
│ │ │ │ ├── hardware.ts
│ │ │ │ ├── milestones.ts
│ │ │ │ ├── pac.ts
│ │ │ │ ├── poams.ts
│ │ │ │ ├── roles.ts
│ │ │ │ ├── software.ts
│ │ │ │ ├── system.ts
│ │ │ │ ├── systems.ts
│ │ │ │ ├── test_connection.ts
│ │ │ │ ├── test_results.ts
│ │ │ │ ├── workflow_definitions.ts
│ │ │ │ └── workflow_instances.ts
│ │ │ ├── hello.ts
│ │ │ ├── post/
│ │ │ │ ├── artifacts.ts
│ │ │ │ ├── cac.ts
│ │ │ │ ├── cloud_resources.ts
│ │ │ │ ├── container_scans.ts
│ │ │ │ ├── device_scans.ts
│ │ │ │ ├── hardware_baseline.ts
│ │ │ │ ├── milestones.ts
│ │ │ │ ├── pac.ts
│ │ │ │ ├── poams.ts
│ │ │ │ ├── register.ts
│ │ │ │ ├── software_baseline.ts
│ │ │ │ ├── static_code_scans.ts
│ │ │ │ └── test_results.ts
│ │ │ ├── put/
│ │ │ │ ├── artifacts.ts
│ │ │ │ ├── controls.ts
│ │ │ │ ├── hardware_baseline.ts
│ │ │ │ ├── milestones.ts
│ │ │ │ ├── poams.ts
│ │ │ │ └── software_baseline.ts
│ │ │ └── version.ts
│ │ ├── generate/
│ │ │ ├── ckl_metadata.ts
│ │ │ ├── delta.ts
│ │ │ ├── inspec_metadata.ts
│ │ │ ├── inspec_profile.ts
│ │ │ ├── spreadsheet2inspec_stub.ts
│ │ │ ├── threshold.ts
│ │ │ └── update_controls4delta.ts
│ │ ├── harden/
│ │ │ └── harden.ts
│ │ ├── scan/
│ │ │ └── scan.ts
│ │ ├── supplement/
│ │ │ ├── passthrough/
│ │ │ │ ├── read.ts
│ │ │ │ └── write.ts
│ │ │ └── target/
│ │ │ ├── read.ts
│ │ │ └── write.ts
│ │ ├── validate/
│ │ │ └── threshold.ts
│ │ └── view/
│ │ ├── heimdall.ts
│ │ └── summary.ts
│ ├── index.ts
│ ├── resources/
│ │ ├── cis2nist.json
│ │ └── files.json
│ ├── types/
│ │ ├── accurate-search/
│ │ │ └── index.d.ts
│ │ ├── csv.d.ts
│ │ ├── emass_client/
│ │ │ └── index.d.ts
│ │ ├── fuse/
│ │ │ └── index.d.ts
│ │ ├── inspec.d.ts
│ │ ├── splunk-sdk-no-env/
│ │ │ └── index.d.ts
│ │ ├── stig.d.ts
│ │ ├── threshold.d.ts
│ │ └── xlsx_populate.d.ts
│ └── utils/
│ ├── ckl2poam.ts
│ ├── csv.ts
│ ├── delta_matching.ts
│ ├── emasser/
│ │ ├── api_config.ts
│ │ ├── api_connection.ts
│ │ ├── generate_config.ts
│ │ ├── init_connection.ts
│ │ ├── output_error.ts
│ │ ├── output_formatter.ts
│ │ └── utilities.ts
│ ├── global.ts
│ ├── logging.ts
│ ├── oclif/
│ │ ├── base_command.ts
│ │ ├── help/
│ │ │ └── help.ts
│ │ └── hooks/
│ │ └── command_not_found.ts
│ ├── ohdf/
│ │ ├── calculations.ts
│ │ ├── data_loader.ts
│ │ ├── output_generator.ts
│ │ └── types.ts
│ ├── threshold.ts
│ └── xccdf2inspec.ts
├── test/
│ ├── commands/
│ │ ├── attest/
│ │ │ └── apply.test.ts
│ │ ├── convert/
│ │ │ ├── anchoregrype2hdf.test.ts
│ │ │ ├── burpsuite2hdf.test.ts
│ │ │ ├── checkov2hdf.test.ts
│ │ │ ├── ckl2hdf.test.ts
│ │ │ ├── ckl2poam.test.ts
│ │ │ ├── cyclonedx_sbom2hdf.test.ts
│ │ │ ├── dbprotect2hdf.spec.ts
│ │ │ ├── dependency_track2hdf.test.ts
│ │ │ ├── fortify2hdf.test.ts
│ │ │ ├── gosec2hdf.test.ts
│ │ │ ├── hdf2caat.test.ts
│ │ │ ├── hdf2ckl.test.ts
│ │ │ ├── hdf2csv.test.ts
│ │ │ ├── hdf2html.test.ts
│ │ │ ├── jfrog_xray2hdf.test.ts
│ │ │ ├── msft_secure2hdf.test.ts
│ │ │ ├── netsparker2hdf.test.ts
│ │ │ ├── neuvector2hdf.test.ts
│ │ │ ├── nikto2hdf.test.ts
│ │ │ ├── prisma2hdf.test.ts
│ │ │ ├── sarif2hdf.test.ts
│ │ │ ├── scoutsuite2hdf.test.ts
│ │ │ ├── trufflehog2hdf.test.ts
│ │ │ ├── twistlock2hdf.test.ts
│ │ │ ├── veracode2hdf.test.ts
│ │ │ ├── xccdf_results2hdf.test.ts
│ │ │ └── zap2hdf.test.ts
│ │ ├── emasser/
│ │ │ ├── delete.test.ts
│ │ │ ├── get.test.ts
│ │ │ ├── mock.server.ts
│ │ │ ├── post.test.ts
│ │ │ └── put.test.ts
│ │ ├── generate/
│ │ │ ├── delta.test.ts
│ │ │ ├── inspec_profile.test.ts
│ │ │ ├── spreadsheet2inspec_stub.test.ts
│ │ │ ├── threshold.test.ts
│ │ │ └── update_controls4delta.test.ts
│ │ ├── supplement/
│ │ │ ├── passthrough.test.ts
│ │ │ └── target.test.ts
│ │ ├── utils.ts
│ │ ├── validate/
│ │ │ └── threshold.test.ts
│ │ └── view/
│ │ ├── heimdall_view_cli.test.ts
│ │ └── summary.test.ts
│ ├── sample_data/
│ │ ├── HDF/
│ │ │ ├── input/
│ │ │ │ ├── RHEL7_overrides_hdf.json
│ │ │ │ ├── minimal-hdf.json
│ │ │ │ ├── minimal_hdf.json
│ │ │ │ ├── red_hat_good.json
│ │ │ │ ├── rhel-8_hardened.json
│ │ │ │ ├── triple_overlay_profile_example.json
│ │ │ │ ├── triple_overlay_profile_sample.json
│ │ │ │ └── vSphere8_report.json
│ │ │ └── output/
│ │ │ ├── caat/
│ │ │ │ └── caat.xlsx
│ │ │ ├── csv/
│ │ │ │ ├── red_hat_good_parsed_CSV.json
│ │ │ │ └── triple_overlay_parsed_CSV.json
│ │ │ └── summary/
│ │ │ ├── rhel-8_hardened_output.json
│ │ │ ├── rhel-8_hardened_output.md
│ │ │ └── rhel-8_hardened_output.yml
│ │ ├── anchoregrype/
│ │ │ ├── amazon-grype-hdf.json
│ │ │ ├── amazon-grype-withraw.json
│ │ │ ├── anchore-grype-hdf.json
│ │ │ ├── anchore-grype-withraw.json
│ │ │ ├── sample_input_report/
│ │ │ │ ├── amazon.json
│ │ │ │ ├── anchore_grype.json
│ │ │ │ └── tensorflow.json
│ │ │ ├── tensorflow-grype-hdf.json
│ │ │ └── tensorflow-grype-withraw.json
│ │ ├── asff/
│ │ │ ├── asff-aws_foundational_security_best_practices_v1.0.0-hdf.json
│ │ │ ├── asff-cis_aws-foundations_benchmark_v1.2.0-hdf.json
│ │ │ ├── asff-hdf.json
│ │ │ ├── example-3-layer-overlay_hdf.json
│ │ │ ├── prowler-hdf.json
│ │ │ ├── rhel7_V-71931-hdf.json
│ │ │ ├── sample_input_report/
│ │ │ │ ├── asff_sample.json
│ │ │ │ ├── example-3-layer-overlay_asff.json
│ │ │ │ └── rhel7_V-71931_asff.json
│ │ │ └── trivy-image_golang-1.12-alpine-hdf.json
│ │ ├── attestations/
│ │ │ ├── attestations_jsonFormat.json
│ │ │ ├── attestations_xlsxFormat.xlsx
│ │ │ ├── attestations_yamlFormat.yaml
│ │ │ ├── rhel8_sample_oneOfEachControlStatus.json
│ │ │ ├── rhel8_sample_oneOfEachControlStatus_output.json
│ │ │ ├── triple_overlay_attested.json
│ │ │ ├── triple_overlay_example-attestations.json
│ │ │ └── triple_overlay_example-attestations.yml
│ │ ├── aws/
│ │ │ └── aws_config_hdf.json
│ │ ├── burpsuite/
│ │ │ ├── burpsuite-hdf-withraw.json
│ │ │ ├── burpsuite-hdf.json
│ │ │ └── sample_input_report/
│ │ │ └── zero.webappsecurity.com.min
│ │ ├── checklist/
│ │ │ ├── checklist-RHEL8V1R3-hdf-with-raw.json
│ │ │ ├── checklist-RHEL8V1R3-hdf.json
│ │ │ ├── converted-rhel7_overrides.ckl
│ │ │ ├── metadata.json
│ │ │ ├── red_hat_good.ckl
│ │ │ ├── red_hat_good_metadata.ckl
│ │ │ ├── sample_input_report/
│ │ │ │ ├── ckl_with_invalid_metadata.ckl
│ │ │ │ ├── converted-RHEL8V1R3.ckl
│ │ │ │ ├── invalid_metadata.json
│ │ │ │ ├── small_ckl_overrides.ckl
│ │ │ │ └── three_stig_checklist.ckl
│ │ │ ├── small_overrides_hdf.json
│ │ │ ├── three_stig_checklist-hdf.json
│ │ │ └── vSphere8_report.ckl
│ │ ├── checkov/
│ │ │ ├── checkov-hdf-withraw.json
│ │ │ ├── checkov-hdf.json
│ │ │ ├── checkov_sample-hdf.json
│ │ │ ├── checkov_synthetic-hdf.json
│ │ │ ├── checkov_with_skips-hdf.json
│ │ │ └── sample_input_report/
│ │ │ ├── checkov_json.json
│ │ │ ├── checkov_sample.json
│ │ │ ├── checkov_synthetic.json
│ │ │ └── checkov_with_skips.json
│ │ ├── conveyor/
│ │ │ ├── conveyor-clamav-hdf.json
│ │ │ ├── conveyor-codequality-hdf.json
│ │ │ ├── conveyor-hdf.json
│ │ │ ├── conveyor-moldy-hdf.json
│ │ │ ├── conveyor-stigma-hdf.json
│ │ │ └── sample_input_report/
│ │ │ ├── large-results.json
│ │ │ └── sample-results.json
│ │ ├── csv/
│ │ │ └── input/
│ │ │ ├── Ubuntu.csv
│ │ │ └── stig.csv
│ │ ├── cyclonedx_sbom/
│ │ │ ├── sample_input_report/
│ │ │ │ ├── dropwizard-no-vulns.json
│ │ │ │ ├── dropwizard-vex.json
│ │ │ │ ├── dropwizard-vulns.json
│ │ │ │ ├── generated-saf-sbom.json
│ │ │ │ ├── spdx-to-cyclonedx.json
│ │ │ │ ├── syft-scan-alpine-container.json
│ │ │ │ └── vex.json
│ │ │ ├── sbom-converted-spdx-hdf-withraw.json
│ │ │ ├── sbom-converted-spdx-hdf.json
│ │ │ ├── sbom-dropwizard-no-vulns-hdf-withraw.json
│ │ │ ├── sbom-dropwizard-no-vulns-hdf.json
│ │ │ ├── sbom-dropwizard-vex-hdf-withraw.json
│ │ │ ├── sbom-dropwizard-vex-hdf.json
│ │ │ ├── sbom-dropwizard-vulns-hdf-withraw.json
│ │ │ ├── sbom-dropwizard-vulns-hdf.json
│ │ │ ├── sbom-saf-hdf-withraw.json
│ │ │ ├── sbom-saf-hdf.json
│ │ │ ├── sbom-syft-alpine-container-hdf-withraw.json
│ │ │ ├── sbom-syft-alpine-container-hdf.json
│ │ │ ├── sbom-vex-hdf-withraw.json
│ │ │ └── sbom-vex-hdf.json
│ │ ├── dbprotect/
│ │ │ ├── dbprotect-check-hdf-withraw.json
│ │ │ ├── dbprotect-check-hdf.json
│ │ │ ├── dbprotect-findings-hdf-withraw.json
│ │ │ ├── dbprotect-findings-hdf.json
│ │ │ └── sample_input_report/
│ │ │ ├── DbProtect-Check-Results-Details-XML-Sample.xml
│ │ │ └── DbProtect-Findings-Detail-XML-Sample.xml
│ │ ├── delta-matching/
│ │ │ ├── al2023-target-mini-profile.json
│ │ │ └── rhel9-base-mini-profile.json
│ │ ├── dependency_track/
│ │ │ ├── hdf-default-withraw.json
│ │ │ ├── hdf-default.json
│ │ │ ├── hdf-info-vulnerability.json
│ │ │ ├── hdf-no-vulnerabilities.json
│ │ │ ├── hdf-optional-attributes.json
│ │ │ ├── hdf-with-attributions.json
│ │ │ └── sample_input_report/
│ │ │ ├── fpf-default.json
│ │ │ ├── fpf-info-vulnerability.json
│ │ │ ├── fpf-no-vulnerabilities.json
│ │ │ ├── fpf-optional-attributes.json
│ │ │ └── fpf-with-attributions.json
│ │ ├── fortify/
│ │ │ ├── fortify-hdf-withraw.json
│ │ │ ├── fortify-hdf.json
│ │ │ └── sample_input_report/
│ │ │ └── fortify_webgoat_results.fvdl
│ │ ├── gosec/
│ │ │ ├── go-ethereum-all-unsuppressed-gosec-hdf-withraw.json
│ │ │ ├── go-ethereum-all-unsuppressed-gosec-hdf.json
│ │ │ ├── go-ethereum-external-unsuppressed-gosec-hdf-withraw.json
│ │ │ ├── go-ethereum-external-unsuppressed-gosec-hdf.json
│ │ │ ├── grype-gosec-hdf-withraw.json
│ │ │ ├── grype-gosec-hdf.json
│ │ │ └── sample_input_report/
│ │ │ ├── Go_Ethereum_gosec_results_all_suppressed.json
│ │ │ ├── Go_Ethereum_gosec_results_external_suppressed.json
│ │ │ └── Grype_gosec_results.json
│ │ ├── html/
│ │ │ ├── combined_output.html
│ │ │ ├── red_hat_good.html
│ │ │ ├── sonarqube-hdf.html
│ │ │ └── triple_overlay_profile_example.html
│ │ ├── inspec/
│ │ │ └── json/
│ │ │ ├── Ubuntu-18.04-Profile.json
│ │ │ ├── profile_and_controls/
│ │ │ │ ├── Windows_Server_2019_v1r3_mini-profile.json
│ │ │ │ └── windows_server_2019_v1r3_mini_controls/
│ │ │ │ ├── V-93205.rb
│ │ │ │ ├── V-93207.rb
│ │ │ │ ├── V-93369.rb
│ │ │ │ ├── V-93461.rb
│ │ │ │ └── V-93473.rb
│ │ │ └── rhel-7-v3r7-mini-sample-profile.json
│ │ ├── jfrog_xray/
│ │ │ ├── jfrog-hdf-withraw.json
│ │ │ ├── jfrog-hdf.json
│ │ │ └── sample_input_report/
│ │ │ └── jfrog_xray_sample.json
│ │ ├── msft_secure/
│ │ │ ├── sample_input_report/
│ │ │ │ ├── combined.json
│ │ │ │ ├── profiles.json
│ │ │ │ └── secureScore.json
│ │ │ ├── secure_score-hdf-withraws.json
│ │ │ └── secure_score-hdfs.json
│ │ ├── nessus/
│ │ │ ├── nessus-hdf-10.0.0.1-withraw.json
│ │ │ ├── nessus-hdf-10.0.0.1.json
│ │ │ ├── nessus-hdf-10.0.0.2-withraw.json
│ │ │ ├── nessus-hdf-10.0.0.2.json
│ │ │ ├── nessus-hdf-10.0.0.3-withraw.json
│ │ │ ├── nessus-hdf-10.0.0.3.json
│ │ │ └── sample_input_report/
│ │ │ └── sample.nessus
│ │ ├── netsparker/
│ │ │ ├── netsparker-hdf-withraw.json
│ │ │ ├── netsparker-hdf.json
│ │ │ └── sample_input_report/
│ │ │ └── sample-netsparker-invicti.xml
│ │ ├── neuvector/
│ │ │ ├── neuvector-hdf-mitre-caldera.json
│ │ │ ├── neuvector-hdf-mitre-heimdall.json
│ │ │ ├── neuvector-hdf-mitre-heimdall2.json
│ │ │ ├── neuvector-hdf-mitre-vulcan.json
│ │ │ ├── neuvector-hdf-withraw-mitre-caldera.json
│ │ │ ├── neuvector-hdf-withraw-mitre-heimdall.json
│ │ │ ├── neuvector-hdf-withraw-mitre-heimdall2.json
│ │ │ ├── neuvector-hdf-withraw-mitre-vulcan.json
│ │ │ └── sample_input_report/
│ │ │ ├── neuvector-mitre-caldera.json
│ │ │ ├── neuvector-mitre-heimdall.json
│ │ │ ├── neuvector-mitre-heimdall2.json
│ │ │ └── neuvector-mitre-vulcan.json
│ │ ├── nikto/
│ │ │ ├── nikto-hdf-withraw.json
│ │ │ ├── nikto-hdf.json
│ │ │ └── sample_input_report/
│ │ │ └── zero.webappsecurity.json
│ │ ├── passthrough/
│ │ │ ├── minimal-hdf-passthrough-nonobject.json
│ │ │ ├── minimal-hdf-passthrough-object.json
│ │ │ └── passthrough-object.json
│ │ ├── poam/
│ │ │ └── converted-RHEL8V1R3.ckl-2026-03-03-0034.xlsm
│ │ ├── prisma/
│ │ │ ├── localhost.json
│ │ │ ├── my-fake-host-1.somewhere.cloud.json
│ │ │ ├── my-fake-host-10.somewhere.cloud.json
│ │ │ ├── my-fake-host-11.somewhere.cloud.json
│ │ │ ├── my-fake-host-12.somewhere.cloud.json
│ │ │ ├── my-fake-host-13.somewhere.cloud.json
│ │ │ ├── my-fake-host-14.somewhere.cloud.json
│ │ │ ├── my-fake-host-15.somewhere.cloud.json
│ │ │ ├── my-fake-host-2.somewhere.cloud.json
│ │ │ ├── my-fake-host-3.somewhere.cloud.json
│ │ │ ├── my-fake-host-4.somewhere.cloud.json
│ │ │ ├── my-fake-host-5.somewhere.cloud.json
│ │ │ ├── my-fake-host-6.somewhere.cloud.json
│ │ │ ├── my-fake-host-7.somewhere.cloud.json
│ │ │ ├── my-fake-host-8.somewhere.cloud.json
│ │ │ ├── my-fake-host-9.somewhere.cloud.json
│ │ │ └── sample_input_report/
│ │ │ └── prismacloud_sample.csv
│ │ ├── prowler/
│ │ │ ├── prowler-hdf.json
│ │ │ └── sample_input_report/
│ │ │ ├── prowler-sample.asff-json
│ │ │ └── prowler_sample.json
│ │ ├── sarif/
│ │ │ ├── sample_input_report/
│ │ │ │ └── sarif_input.sarif
│ │ │ ├── sarif-hdf-withraw.json
│ │ │ └── sarif-hdf.json
│ │ ├── scoutsuite/
│ │ │ ├── sample_input_report/
│ │ │ │ └── scoutsuite_sample.js
│ │ │ ├── scoutsuite-hdf-withraw.json
│ │ │ └── scoutsuite-hdf.json
│ │ ├── snyk/
│ │ │ ├── nodejs-goof-local-hdf.json
│ │ │ ├── nodejs-goof-remote-hdf.json
│ │ │ └── sample_input_report/
│ │ │ ├── nodejs-goof-local.json
│ │ │ └── nodejs-goof-remote.json
│ │ ├── sonarqube/
│ │ │ ├── sonarqube-branch-hdf.json
│ │ │ ├── sonarqube-hdf.json
│ │ │ └── sonarqube-pull-request-hdf.json
│ │ ├── target/
│ │ │ ├── minimal-hdf-target-nonobject.json
│ │ │ ├── minimal-hdf-target-object.json
│ │ │ └── target-object.json
│ │ ├── thresholds/
│ │ │ ├── red_hat_good.counts.good.yml
│ │ │ ├── rhel-8_hardened.counts.bad.noimpactHigh.yml
│ │ │ ├── rhel-8_hardened.counts.good.exact.yml
│ │ │ ├── triple_overlay_profile_example.json.counts.bad.compliance.yml
│ │ │ ├── triple_overlay_profile_example.json.counts.bad.total.yml
│ │ │ ├── triple_overlay_profile_example.json.counts.good.yml
│ │ │ └── triple_overlay_profile_example.json.counts.totalMinMax.yml
│ │ ├── trivy/
│ │ │ ├── sample_input_report/
│ │ │ │ └── trivy-image_golang-1.12-alpine_sample.json
│ │ │ └── trivy-image_golang-1.12-alpine-hdf.json
│ │ ├── trufflehog/
│ │ │ ├── sample_input_report/
│ │ │ │ ├── trufflehog.json
│ │ │ │ ├── trufflehog_docker_example.json
│ │ │ │ ├── trufflehog_dup.ndjson
│ │ │ │ ├── trufflehog_report_example.json
│ │ │ │ └── trufflehog_saf_example.json
│ │ │ ├── trufflehog-docker-hdf-withraw.json
│ │ │ ├── trufflehog-docker-hdf.json
│ │ │ ├── trufflehog-hdf-withraw.json
│ │ │ ├── trufflehog-hdf.json
│ │ │ ├── trufflehog-ndjson-dup-hdf.json
│ │ │ ├── trufflehog-report-example-hdf-withraw.json
│ │ │ ├── trufflehog-report-example-hdf.json
│ │ │ ├── trufflehog-saf-hdf-withraw.json
│ │ │ └── trufflehog-saf-hdf.json
│ │ ├── twistlock/
│ │ │ ├── sample_input_report/
│ │ │ │ ├── twistlock-twistcli-coderepo-scan-sample.json
│ │ │ │ └── twistlock-twistcli-sample-1.json
│ │ │ ├── twistlock-coderepo-hdf-withraw.json
│ │ │ ├── twistlock-coderepo-hdf.json
│ │ │ ├── twistlock-hdf-withraw.json
│ │ │ └── twistlock-hdf.json
│ │ ├── utils/
│ │ │ └── ohdf/
│ │ │ └── calculations/
│ │ │ ├── calculateComplianceScoresForExecJSONs.sample
│ │ │ ├── calculateSeverityCounts.sample
│ │ │ ├── calculateSummariesForExecJSONs.sample
│ │ │ ├── calculateTotalCounts.sample
│ │ │ └── calculateTotalCountsForSummaries.sample
│ │ ├── veracode/
│ │ │ ├── sample_input_report/
│ │ │ │ └── veracode.xml
│ │ │ └── veracode-hdf.json
│ │ ├── xccdf/
│ │ │ ├── cis/
│ │ │ │ ├── CIS_AlmaLinux_OS_9_Benchmark_v2.0.0-xccdf.xml
│ │ │ │ ├── CIS_Amazon_Linux_2_Benchmark_v3.0.0-xccdf.xml
│ │ │ │ ├── CIS_Apache_Tomcat_10_Benchmark_v1.1.0-xccdf.xml
│ │ │ │ └── CIS_Microsoft_IIS_10_Benchmark_v1.2.1-xccdf.xml
│ │ │ └── stigs/
│ │ │ ├── FULL_Windows_Server_2022_V2R1_mini-sample-xccdf.xml
│ │ │ ├── U_ASD_STIG_V5R1_Manual-xccdf.xml
│ │ │ ├── U_Adobe_ColdFusion_11_STIG_V1R4_Manual-xccdf.xml
│ │ │ ├── U_Apache_Tomcat_Application_Server_9_STIG_V2R2_Manual-xccdf.xml
│ │ │ ├── U_Apache_Tomcat_Application_Server_9_STIG_V2R3_Manual-xccdf.xml
│ │ │ ├── U_Apple_OS_X_10-14_STIG_V2R3_Manual-xccdf.xml
│ │ │ ├── U_Apple_OS_X_10-14_STIG_V2R4_Manual-xccdf.xml
│ │ │ ├── U_Apple_OS_X_10-15_STIG_V1R4_Manual-xccdf.xml
│ │ │ ├── U_Apple_OS_X_10-15_STIG_V1R5_Manual-xccdf.xml
│ │ │ ├── U_Apple_macOS_11_STIG_V1R2_Manual-xccdf.xml
│ │ │ ├── U_Apple_macOS_11_STIG_V1R3_Manual-xccdf.xml
│ │ │ ├── U_Application_Layer_Gateway_V1R2_Manual-xccdf.xml
│ │ │ ├── U_Application_Server_SRG_V3R1_Manual-xccdf.xml
│ │ │ ├── U_CAN_Ubuntu_18-04_LTS_STIG_V2R3_Manual-xccdf.xml
│ │ │ ├── U_CAN_Ubuntu_18-04_LTS_STIG_V2R4_Manual-xccdf.xml
│ │ │ ├── U_CAN_Ubuntu_20-04_LTS_STIG_V1R1_Manual-xccdf.xml
│ │ │ ├── U_CA_API_Gateway_ALG_STIG_V1R2_Manual-xccdf.xml
│ │ │ ├── U_CD_PGSQL_STIG_V1R1_Manual-xccdf.xml
│ │ │ ├── U_Central_Log_Server_SRG_V1R4_Manual-xccdf.xml
│ │ │ ├── U_Central_Log_Server_SRG_V2R1_Manual-xccdf.xml
│ │ │ ├── U_Cisco_IOS-XE_Router_RTR_STIG_V2R2_Manual-xccdf.xml
│ │ │ ├── U_Cisco_IOS-XR_Router_RTR_STIG_V2R1_Manual-xccdf.xml
│ │ │ ├── U_Cisco_IOS_Router_RTR_STIG_V2R1_Manual-xccdf.xml
│ │ │ ├── U_Cisco_IOS_XE_Switch_RTR_STIG_V2R1_Manual-xccdf.xml
│ │ │ ├── U_Cisco_NX-OS_Switch_RTR_STIG_V2R1_Manual-xccdf.xml
│ │ │ ├── U_Container_Platform_SRG_V1R1_Manual-xccdf.xml
│ │ │ ├── U_Container_Platform_SRG_V1R2_Manual-xccdf.xml
│ │ │ ├── U_Database_SRG_V3R1_Manual-xccdf.xml
│ │ │ ├── U_Docker_Enterprise_2-x_Linux-UNIX_STIG_V2R1_Manual-xccdf.xml
│ │ │ ├── U_Domain_Name_System_V2R4_Manual-xccdf.xml
│ │ │ ├── U_EDB_PGS_Advanced_Server_STIG_V2R1_Manual-xccdf.xml
│ │ │ ├── U_EDB_Postgres_Advanced_Server_v11_on_Windows_V2R1_Manual-xccdf.xml
│ │ │ ├── U_F5_BIG-IP_Device_Management_11-x_STIG_V2R1_Manual-xccdf.xml
│ │ │ ├── U_F5_BIG-IP_Local_Traffic_Manager_11-x_STIG_V2R1_Manual-xccdf.xml
│ │ │ ├── U_General_Purpose_Operating_System_SRG_V1R6_Manual-xccdf.xml
│ │ │ ├── U_General_Purpose_Operating_System_SRG_V2R1_Manual-xccdf.xml
│ │ │ ├── U_HP_FlexFabric_Switch_NDM_STIG_V1R3_Manual-xccdf.xml
│ │ │ ├── U_IBM_AIX_7-x_STIG_V2R2_Manual-xccdf.xml
│ │ │ ├── U_IBM_AIX_7-x_STIG_V2R3_Manual-xccdf.xml
│ │ │ ├── U_IBM_DB2_V10-5_LUW_STIG_V1R4_Manual-xccdf.xml
│ │ │ ├── U_IBM_DataPower_ALG_STIG_V1R1_Manual-xccdf.xml
│ │ │ ├── U_IBM_WebSphere_Traditional_V9-x_STIG_V1R1_Manual-xccdf.xml
│ │ │ ├── U_IBM_zOS_ACF2_STIG_V8R2_Manual-xccdf.xml
│ │ │ ├── U_IBM_zOS_ACF2_STIG_V8R3_Manual-xccdf.xml
│ │ │ ├── U_IBM_zOS_RACF_STIG_V8R3_Manual-xccdf.xml
│ │ │ ├── U_IBM_zOS_RACF_STIG_V8R4_Manual-xccdf.xml
│ │ │ ├── U_IBM_zOS_TSS_STIG_V8R2_Manual-xccdf.xml
│ │ │ ├── U_IBM_zOS_TSS_STIG_V8R3_Manual-xccdf.xml
│ │ │ ├── U_IB_8-x_DNS_STIG_V1R1_Manual-xccdf.xml
│ │ │ ├── U_Juniper_Router_RTR_STIG_V2R2_Manual-xccdf.xml
│ │ │ ├── U_Kubernetes_STIG_V1R1_Manual-xccdf.xml
│ │ │ ├── U_Kubernetes_STIG_V1R2_Manual-xccdf.xml
│ │ │ ├── U_MS_IE11_STIG_V1R19_Manual-xccdf.xml
│ │ │ ├── U_MS_Office_365_ProPlus_STIG_V2R2_Manual-xccdf.xml
│ │ │ ├── U_MS_Office_365_ProPlus_STIG_V2R3_Manual-xccdf.xml
│ │ │ ├── U_MS_Outlook_2010_STIG_V1R13_Manual-xccdf.xml
│ │ │ ├── U_MS_Outlook_2013_STIG_V1R13_Manual-xccdf.xml
│ │ │ ├── U_MS_SQL_Server_2014_Instance_STIG_V1R10_Manual-xccdf.xml
│ │ │ ├── U_MS_SQL_Server_2014_Instance_STIG_V2R1_Manual-xccdf.xml
│ │ │ ├── U_MS_SQL_Server_2016_Instance_STIG_V2R3_Manual-xccdf.xml
│ │ │ ├── U_MS_SQL_Server_2016_Instance_STIG_V2R4_Manual-xccdf.xml
│ │ │ ├── U_MS_Windows_10_STIG_V2R2_Manual-xccdf.xml
│ │ │ ├── U_MS_Windows_2012_and_2012_R2_DC_STIG_V3R2_Manual-xccdf.xml
│ │ │ ├── U_MS_Windows_2012_and_2012_R2_MS_STIG_V3R2_Manual-xccdf.xml
│ │ │ ├── U_MS_Windows_Server_2016_STIG_V2R2_Manual-xccdf.xml
│ │ │ ├── U_MS_Windows_Server_2019_STIG_V2R2_Manual-xccdf.xml
│ │ │ ├── U_Mainframe_Product_SRG_V1R4_Manual-xccdf.xml
│ │ │ ├── U_McAfee_VirusScan88_Local_Client_STIG_V5R16_Manual-xccdf.xml
│ │ │ ├── U_McAfee_VirusScan88_Managed_Client_STIG_V5R21_Manual-xccdf.xml
│ │ │ ├── U_Microsoft_Windows_2012_Server_DNS_STIG_V2R2_Manual-xccdf.xml
│ │ │ ├── U_Microsoft_Windows_2012_Server_DNS_STIG_V2R3_Manual-xccdf.xml
│ │ │ ├── U_NDM_SRG_V4R1_Manual-xccdf.xml
│ │ │ ├── U_Oracle_Database_11-2g_STIG_V2R1_Manual-xccdf.xml
│ │ │ ├── U_Oracle_Database_11g_Installation_STIG_V8R20_Manual-xccdf.xml
│ │ │ ├── U_Oracle_Database_11g_Instance_STIG_V8R20_Manual-xccdf.xml
│ │ │ ├── U_Oracle_Database_12c_STIG_V2R1_Manual-xccdf.xml
│ │ │ ├── U_Oracle_HTTP_Server_12-1-3_STIG_V1R7_Manual-xccdf.xml
│ │ │ ├── U_Oracle_Linux_6_STIG_V2R3_Manual-xccdf.xml
│ │ │ ├── U_Oracle_Linux_6_STIG_V2R4_Manual-xccdf.xml
│ │ │ ├── U_Oracle_Linux_7_V2R3_Manual-xccdf.xml
│ │ │ ├── U_Oracle_Linux_7_V2R4_Manual-xccdf.xml
│ │ │ ├── U_Oracle_MySQL_8-0_STIG_V1R1_Manual-xccdf.xml
│ │ │ ├── U_Oracle_WebLogic_Server_12c_V2R1_Manual-xccdf.xml
│ │ │ ├── U_PGS_SQL_9-x_STIG_V2R1_Manual-xccdf.xml
│ │ │ ├── U_PGS_SQL_9-x_STIG_V2R2_Manual-xccdf.xml
│ │ │ ├── U_RHEL_7_STIG_V2R7_Manual-xccdf.xml
│ │ │ ├── U_RHEL_7_STIG_V3R3_Manual-xccdf.xml
│ │ │ ├── U_RHEL_7_STIG_V3R4_Manual-xccdf.xml
│ │ │ ├── U_RHEL_8_STIG_V1R2_Manual-xccdf.xml
│ │ │ ├── U_RHEL_8_STIG_V1R3_Manual-xccdf.xml
│ │ │ ├── U_Router_SRG_V4R2_Manual-xccdf.xml
│ │ │ ├── U_SLES_12_STIG_V2R3_Manual-xccdf.xml
│ │ │ ├── U_SLES_12_STIG_V2R4_Manual-xccdf.xml
│ │ │ ├── U_SLES_15_STIG_V1R2_Manual-xccdf.xml
│ │ │ ├── U_SLES_15_STIG_V1R3_Manual-xccdf.xml
│ │ │ ├── U_SOL_10_SPARC_STIG_V2R2_Manual-xccdf.xml
│ │ │ ├── U_SOL_10_x86_STIG_V2R2_Manual-xccdf.xml
│ │ │ ├── U_SOL_11_SPARC_STIG_V2R3_Manual-xccdf.xml
│ │ │ ├── U_SOL_11_SPARC_STIG_V2R4_Manual-xccdf.xml
│ │ │ ├── U_SOL_11_X86_STIG_V2R3_Manual-xccdf.xml
│ │ │ ├── U_SOL_11_X86_STIG_V2R4_Manual-xccdf.xml
│ │ │ ├── U_SYM_ProxySG_ALG_STIG_V1R3_Manual-xccdf.xml
│ │ │ ├── U_Tanium_7-0_STIG_V1R2_Manual-xccdf.xml
│ │ │ ├── U_Tanium_7-3_STIG_V2R1_Manual-xccdf.xml
│ │ │ ├── U_Traditional_Security_Checklist_V1R3_Manual-xccdf.xml
│ │ │ ├── U_Trend_Micro_Deep_Security_9-x_STIG_V1R1_Manual-xccdf.xml
│ │ │ ├── U_UEM_Server_SRG_V1R1_Manual-xccdf.xml
│ │ │ ├── U_VMW_vRealize_Automation_7-x_SLES_STIG_V1R1_Manual-xccdf.xml
│ │ │ ├── U_VMW_vRealize_Automation_7-x_SLES_STIG_V2R1_Manual-xccdf.xml
│ │ │ ├── U_VMW_vRealize_Automation_7-x_tc_Server_STIG_V1R1_Manual-xccdf.xml
│ │ │ ├── U_VMW_vRealize_Automation_7-x_tc_Server_STIG_V2R1_Manual-xccdf.xml
│ │ │ ├── U_VMW_vRealize_Ops_6-x_SLES_STIG_V1R1_Manual-xccdf.xml
│ │ │ ├── U_VMW_vRealize_Ops_6-x_SLES_STIG_V2R1_Manual-xccdf.xml
│ │ │ ├── U_VMW_vRealize_Ops_6-x_tc_Server_STIG_V1R1_Manual-xccdf.xml
│ │ │ ├── U_VMW_vSphere_6-7_Photon_OS_STIG_V1R1_Manual-xccdf.xml
│ │ │ ├── U_VPN_SRG_V2R3_Manual-xccdf.xml
│ │ │ ├── U_Video_Services_Policy_STIG_V1R11_Manual-xccdf.xml
│ │ │ ├── U_Voice_Video_Services_Policy_STIG_V3R17_Manual-xccdf.xml
│ │ │ ├── U_Web_Server_V2R3_Manual-xccdf.xml
│ │ │ ├── Windows_Server_2019_V3R2_xccdf.xml
│ │ │ ├── Windows_Server_2022_V2R1_mini-sample-xccdf.xml
│ │ │ └── rhel-7-v3r8-mini-sample-xxcdf.xml
│ │ ├── xccdf_results/
│ │ │ ├── sample_input_report/
│ │ │ │ ├── xccdf-results-openscap-rhel7.xml
│ │ │ │ ├── xccdf-results-openscap-rhel8.xml
│ │ │ │ ├── xccdf-results-scc-rhel7.xml
│ │ │ │ └── xccdf-results-scc-rhel8.xml
│ │ │ ├── xccdf-openscap-rhel7-hdf-withraw.json
│ │ │ ├── xccdf-openscap-rhel7-hdf.json
│ │ │ ├── xccdf-openscap-rhel8-hdf-withraw.json
│ │ │ ├── xccdf-openscap-rhel8-hdf.json
│ │ │ ├── xccdf-scc-rhel7-hdf-withraw.json
│ │ │ ├── xccdf-scc-rhel7-hdf.json
│ │ │ ├── xccdf-scc-rhel8-hdf-withraw.json
│ │ │ └── xccdf-scc-rhel8-hdf.json
│ │ └── zap/
│ │ ├── sample_input_report/
│ │ │ ├── webgoat.json
│ │ │ └── zero.webappsecurity.json
│ │ ├── zap-webappsecurity-hdf-withraw.json
│ │ ├── zap-webappsecurity-hdf.json
│ │ ├── zap-webgoat-hdf-withraw.json
│ │ └── zap-webgoat-hdf.json
│ ├── tsconfig.json
│ └── utils/
│ ├── __tests__/
│ │ ├── cross_vendor_integration.test.ts
│ │ ├── delta_matching.test.ts
│ │ ├── global.test.ts
│ │ └── logging.test.ts
│ └── ohdf/
│ ├── __tests__/
│ │ └── output_generator.test.ts
│ ├── calculations.test.ts
│ └── data_loader.test.ts
├── tsconfig.json
└── vitest.config.ts
================================================
FILE CONTENTS
================================================
================================================
FILE: .deepsource.toml
================================================
version = 1
test_patterns = ["test/**"]
[[analyzers]]
name = "javascript"
enabled = true
================================================
FILE: .editorconfig
================================================
root = true
[*]
indent_style = space
indent_size = 2
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
[*.md]
trim_trailing_whitespace = false
================================================
FILE: .env-example
================================================
# -----------------------------------------------------------------------------
# Required environment variables
EMASSER_API_KEY=<The eMASS API key (api-key)>
EMASSER_HOST_URL=<The Full Qualified Domain Name (FQDN) for the eMASS server>
EMASSER_KEY_FILE_PATH=<The eMASS key.pem private key file in PEM format (if provided, the CERT is required)>
EMASSER_CERT_FILE_PATH=<The eMASS client.pem certificate file in PEM format (if provided, the KEY is required)>
EMASSER_CA_FILE_PATH=<The eMASS CA certificate (if provided no Key or Client PEM is needed)>
EMASSER_KEY_FILE_PASSWORD=<Secret phrase used to protect the encryption key>
# Required by most eMASS instances for actionable requests (post,put,delete)
EMASSER_USER_UID=<The eMASS User Unique Identifier (user-uid)>
# -----------------------------------------------------------------------------
# Optional environment variables
EMASSER_PORT=`<The server communication port number (default is 443)`
EMASSER_REQUEST_CERT=`<Server requests a certificate from connecting clients - true or false (default false)>`
EMASSER_REJECT_UNAUTHORIZED=`<Reject clients with invalid certificates - true or false (default true)>`
EMASSER_DEBUGGING=`<Set debugging on (true) or off (false) (default false)>`
EMASSER_CLI_DISPLAY_NULL=`<Display null value fields - true or false (default true)>`
EMASSER_EPOCH_TO_DATETIME=`<Convert epoch to data/time value - true or false (default false)>`
EMASSER_DOWNLOAD_DIR=`Directory where exported files are saved (default eMASSerDownloads)`
================================================
FILE: .github/dependabot.yml
================================================
version: 2
updates:
# Maintain dependencies for npm
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: daily
time: "20:00"
timezone: America/New_York
open-pull-requests-limit: 99
allow:
# Allow both direct and indirect updates for all packages.
- dependency-type: "all"
ignore:
# All Chai dependency major version 5 does not support common js modules
- dependency-name: "chai"
- dependency-name: "@types/chai"
================================================
FILE: .github/mergify.yml
================================================
queue_rules:
- name: default # mergify/configuration-deprecated-update
queue_conditions:
- label=ready-to-merge
merge_conditions:
- "#approved-reviews-by>=1"
- base=main
merge_method: squash
pull_request_rules:
- name: ask developers to resolve conflict
conditions:
- conflict
- -author~=^dependabot(|-preview)\[bot\]$
actions:
comment:
message: This pull request has a conflict. Could you fix it @{{author}}?
================================================
FILE: .github/release-drafter.yml
================================================
name-template: "$NEXT_PATCH_VERSION"
tag-template: "$NEXT_PATCH_VERSION"
categories:
- title: "Dependency Updates"
labels:
- "dependencies"
change-template: "- $TITLE @$AUTHOR (#$NUMBER)"
template: |
## What's New
$CHANGES
================================================
FILE: .github/workflows/anchore-syft.yml
================================================
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow checks out code, builds an image, performs a container image
# scan with Anchore's Syft tool, and uploads the results to the GitHub Dependency
# submission API.
# For more information on the Anchore sbom-action usage
# and parameters, see https://github.com/anchore/sbom-action. For more
# information about the Anchore SBOM tool, Syft, see
# https://github.com/anchore/syft
name: Anchore Syft SBOM scan
on:
push:
branches: [ "main" ]
permissions:
contents: write
jobs:
Anchore-Build-Scan:
permissions:
contents: write # required to upload to the Dependency submission API
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v5
- name: Build the Docker image
run: docker build . --file Dockerfile --tag localbuild/testimage:latest
- name: Scan the image and upload dependency results
uses: anchore/sbom-action@v0
with:
image: "localbuild/testimage:latest"
artifact-name: image.spdx.json
dependency-snapshot: true
================================================
FILE: .github/workflows/auto-approve-and-merge.yml
================================================
name: Auto approve and Merge Dependabot PRs
on:
pull_request_target:
types: [labeled]
permissions:
pull-requests: write
contents: write
jobs:
approve:
name: Auto-approve dependabot PRs
if: github.event.pull_request.user.login == 'dependabot[bot]' && contains(github.event.pull_request.labels.*.name, 'dependencies')
runs-on: ubuntu-24.04
steps:
- uses: hmarr/auto-approve-action@v4
- name: Enable auto-merge for Dependabot PRs
run: gh pr merge --auto --merge "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
================================================
FILE: .github/workflows/build-macos.yml
================================================
name: Build macOS Installer
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
permissions:
contents: read
jobs:
build-deploy:
runs-on: macos-15
steps:
- uses: actions/checkout@v5
- name: setup node
uses: actions/setup-node@v6
with:
node-version: "22"
check-latest: true
cache: 'npm'
- name: Install project dependencies
run: npm ci --omit=dev
- name: Remove testing resources
run: rm -rf test
- name: npm pack
run: npx oclif pack macos
- name: Rename Mac Installers
run: |
cd dist/macos
for file in saf-*.pkg; do
prefix=${file%-*-*.pkg}
suffix=${file#saf-*-*-*}
mv "$file" "$prefix-$suffix"
done
- name: Upload SAF-CLI macOS Installer Artifact
uses: actions/upload-artifact@v4
with:
name: SAF-CLI macOS Installer
path: dist/macos/saf-*.pkg
================================================
FILE: .github/workflows/build-rpm.yml
================================================
name: Build SAF-CLI RPM Installers
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
permissions:
contents: read
jobs:
build-deploy:
runs-on: ubuntu-24.04
container:
image: registry.access.redhat.com/ubi9/nodejs-22:latest
options: -u 0 # dnf needs root
defaults:
run:
shell: bash
steps:
- uses: actions/checkout@v5
with:
path: saf
- name: setup node
uses: actions/setup-node@v6
with:
node-version: "22"
check-latest: true
cache: 'npm'
cache-dependency-path: ./saf/package-lock.json
- name: install build dependencies
run: dnf install -y rpm-build perl-Digest-SHA # rpmbuild, shasum
- name: setup saf cli
working-directory: ./saf
run: |
rm -rf test
npm ci --omit=dev
- name: set filename envvar
working-directory: ./saf
run: |
echo "filename=saf-v$(cat VERSION)-linux-x64" >> "$GITHUB_ENV"
- name: pack into tarball # we are targetting x86-64 since oclif bundles a node binary, but the project is actually fully architecture independent so long as they have a node binary on it
working-directory: ./saf
run: npx oclif pack tarballs -t linux-x64 --no-xz
- name: repack tarball but include the spec file
working-directory: ./saf/dist
run: |
gzip -dc "$(ls)" > "$filename.tar"
tar -rf "$filename.tar" --transform 's|^\.\.|saf|' ../saf.spec
gzip "$filename.tar"
- name: build rpm
working-directory: ./saf
run: rpmbuild -ta "dist/$filename.tar.gz" -D "_rpmdir $(pwd)" -D "version $(cat VERSION)"
- name: upload binary as artifact
uses: actions/upload-artifact@v4
with:
name: SAF-CLI RPM Build noarch
path: saf/noarch/saf-*.rpm
================================================
FILE: .github/workflows/build-windows-linux.yml
================================================
name: Build SAF-CLI Windows/Linux Installers
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
permissions:
contents: read
jobs:
build-deploy:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v5
with:
path: saf
- name: setup node
uses: actions/setup-node@v6
with:
node-version: "22"
check-latest: true
cache: 'npm'
cache-dependency-path: ./saf/package-lock.json
- name: Install Nullsoft Scriptable Install System and p7zip
run: sudo apt install nsis p7zip-full
- name: setup saf cli
working-directory: ./saf
run: |
rm -rf test
npm ci --omit=dev
- name: Pack Windows Installer
working-directory: ./saf
run: npx oclif pack win
- name: Pack Debian Package
working-directory: ./saf
run: sudo npx oclif pack deb
- name: Rename Windows Installers
run: |
cd saf/dist/win32
for file in saf-*.exe; do
prefix=${file%-*-*} # get prefix by removing from end
suffix=${file#saf-*-*-} # get suffix by removing from start
mv "$file" "$prefix-$suffix"
done
- name: Rename Debian Installers
run: |
cd saf/dist/deb
for file in saf_*.deb; do
prefix=${file%.*-*.deb}
prefix_ver=${prefix#saf_}
suffix=${file#*_*_}
sudo mv "$file" "saf-$prefix_ver-$suffix"
done
- name: Upload SAF-CLI Windows Build x64 Artifact
uses: actions/upload-artifact@v4
with:
name: SAF-CLI Windows Build x64
path: saf/dist/win32/saf-*-x64.exe
- name: Upload SAF-CLI Windows Build x86 Artifact
uses: actions/upload-artifact@v4
with:
name: SAF-CLI Windows Build x86
path: saf/dist/win32/saf-*-x86.exe
# underscore here since that's how the file is named
- name: Upload SAF-CLI Debian x64 Artifact
uses: actions/upload-artifact@v4
with:
name: SAF-CLI Debian Build x64
path: saf/dist/deb/saf-*.deb
================================================
FILE: .github/workflows/bump-brew.yml
================================================
name: Bump Homebrew formula
on:
workflow_run:
workflows: ["Push SAF-CLI to NPM and GPR"]
types:
- completed
permissions:
contents: read
jobs:
update-formula:
if: ${{ github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-24.04
steps:
- name: Checkout repo
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Extract version
id: extract-version
run: echo "tag=$(git describe --abbrev=0 --tags)" >> $GITHUB_OUTPUT
- uses: mislav/bump-homebrew-formula-action@v3
with:
formula-name: saf-cli
homebrew-tap: mitre/homebrew-saf
download-url: https://registry.npmjs.org/@mitre/saf/-/saf-${{ steps.extract-version.outputs.tag }}.tgz
tag-name: ${{ steps.extract-version.outputs.tag }}
env:
COMMITTER_TOKEN: ${{ secrets.HOMEBREW_PAT }}
================================================
FILE: .github/workflows/draft-release.yml
================================================
name: Draft Release
on:
push:
branches:
- main
permissions:
contents: write # required to update the draft release
pull-requests: read # required to get information about the pull request
jobs:
update_draft_release:
runs-on: ubuntu-24.04
steps:
# Drafts your next Release notes as Pull Requests are merged into "main"
- uses: release-drafter/release-drafter@v6
with:
disable-autolabeler: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
================================================
FILE: .github/workflows/e2e-ci.yml
================================================
name: Run SAF-CLI E2E Tests
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
permissions:
contents: read
jobs:
build:
strategy:
fail-fast: true
matrix:
platform: [ ubuntu, macos, windows ]
runs-on: ${{ matrix.platform }}-latest
steps:
- uses: actions/checkout@v5
- name: Setup Node.js on ${{ matrix.platform }}
uses: actions/setup-node@v6
with:
node-version: "22"
check-latest: true
cache: 'npm'
- name: Install cinc-auditor on windows
if: ${{ matrix.platform == 'windows' }}
shell: pwsh
run: |
Start-Process powershell -Verb RunAs
. { iwr -useb https://omnitruck.cinc.sh/install.ps1 } | iex; install -project cinc-auditor
$env:Path = $env:Path + ';C:\cinc-project\cinc-auditor\bin' + ';C:\cinc-project\cinc-auditor\embedded\bin'
cinc-auditor -v
- name: Install cinc-auditor on ubuntu or macos
if: ${{ matrix.platform == 'ubuntu' || matrix.platform == 'macos' }}
run: |
curl -L https://omnitruck.cinc.sh/install.sh | sudo bash -s -- -P cinc-auditor
- name: Install dependencies, compile, and run tests on ${{ matrix.platform }}
run: |
npm ci
npm run prepack
npm run test:ci
- name: Sanity check that the SAF CLI works with no dev dependencies on windows
if: ${{ matrix.platform == 'windows' }}
shell: pwsh
run: |
npm ci --omit=dev
npm run prepack
$stderrFile = New-TemporaryFile
./bin/run -v 2> $stderrFile.FullName 1> $null
$exitCode = $LASTEXITCODE
$stderr = Get-Content $stderrFile.FullName -Raw
Remove-Item $stderrFile
if ($exitCode -eq 0) {
if (($null -ne $stderr) -and ($stderr.Trim())) {
Write-Host "Failed: received the following stderr:`n$stderr"
exit 1
}
} else {
Write-Host "Failed: received a non-zero exit code when doing 'saf -v'"
exit 1
}
- name: Sanity check that the SAF CLI works with no dev dependencies on ubuntu or macos
if: ${{ matrix.platform == 'ubuntu' || matrix.platform == 'macos' }}
run: |
npm ci --omit=dev
npm run prepack
if stderr=$(./bin/run -v 2>&1 1>/dev/null); then
[ -z "$stderr" ] || (printf "Failed: received the following stderr:\n%s\n" "$stderr"; exit 1)
else
echo "Failed: received a non-zero exit code when doing `saf -v`"
exit 1
fi
================================================
FILE: .github/workflows/linter.yml
================================================
name: Lint SAF-CLI
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v5
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: "22"
check-latest: true
cache: 'npm'
- name: Install project dependencies
run: npm ci
- name: Run lint
run: npm run lint:ci
================================================
FILE: .github/workflows/push-to-docker-main.yml
================================================
name: Push SAF CLI to Docker Hub on every merge to master and tag as latest
on:
push:
branches: [ main ]
permissions:
contents: read
jobs:
docker:
runs-on: ubuntu-24.04
steps:
- name: Checkout the SAF Repository
uses: actions/checkout@v5
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKER_USER }}
password: ${{ secrets.DOCKER_PAT }}
- name: Build and push the container image to DockerHub
id: docker_build
uses: docker/build-push-action@v6
with:
context: .
push: true
platforms: "linux/amd64,linux/arm64"
tags: mitre/saf:latest,mitre/saf:${{ github.sha }}
- name: Get Docker SHA since the Iron Bank release requires us to specify the exact resources we need them to pull into the environment
shell: bash
id: get-docker-sha
run: |
MAX_RETRIES=5
RETRY_DELAY=0.5 # in seconds
RETRY_COUNT=0
SUCCESS=false
while [ "$RETRY_COUNT" -lt "$MAX_RETRIES" ]; do
if docker pull mitre/saf:${{ github.sha }}; then
SUCCESS=true
break
else
RETRY_COUNT="$((RETRY_COUNT + 1))"
echo "Retry $RETRY_COUNT/$MAX_RETRIES: Docker pull failed. Retrying in $RETRY_DELAY seconds..."
sleep "$RETRY_DELAY"
fi
done
if [ "$SUCCESS" = true ]; then
echo "DOCKER_SHA=$(docker inspect --format='{{index .RepoDigests 0}}' mitre/saf:${{ github.sha }} | cut -d '@' -f 2)" >> $GITHUB_ENV
else
echo "Docker pull failed after $MAX_RETRIES attempts."
exit 1
fi
- name: Upgrade Iron Bank
uses: mitre/ironbank_release_action@v1
with:
name: SAF-CLI
version: ${{ github.sha }}
ironbank_pat: ${{ secrets.SAF_IRONBANK_REPO1_PAT }}
ironbank_username: ${{ secrets.SAF_IRONBANK_REPO1_USERNAME }}
ironbank_project_id: 17078
ironbank_project_clone_url: repo1.dso.mil/dsop/mitre/security-automation-framework/saf-mainline.git
git_commit_author_name: "Automated SAF CLI Release"
git_commit_author_email: "saf@mitre.org"
update_commands: |
yq e -i '.args.SAF_VERSION=\"${{ github.sha }}\" | .tags[0]=\"${{ github.sha }}\" | .labels.\"org.opencontainers.image.version\"=\"${{ github.sha }}\" | .resources[0].tag=\"mitre/saf:${{ github.sha }}\" | .resources[0].url=\"docker://docker.io/mitre/saf@${{ env.DOCKER_SHA }}\"' hardening_manifest.yaml
sed -i s/SAF_VERSION=\.\*/SAF_VERSION=${{ github.sha }}/ Dockerfile
================================================
FILE: .github/workflows/push-to-docker.yml
================================================
name: Push SAF CLI to Docker Hub on every release
on:
release:
types: [published]
workflow_dispatch:
inputs:
version:
description: 'Version'
required: true
permissions:
contents: read
jobs:
docker:
runs-on: ubuntu-24.04
steps:
- name: Run string replace to remove the v from the version number before using it in the docker tag
uses: frabert/replace-string-action@v2
id: format-tag
with:
pattern: 'v'
string: "${{ github.event.release.tag_name || github.event.inputs.version }}"
replace-with: ''
flags: 'g'
- name: Checkout the SAF Repository
uses: actions/checkout@v5
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKER_USER }}
password: ${{ secrets.DOCKER_PAT }}
- name: Build and push the container image to DockerHub
id: docker_build
uses: docker/build-push-action@v6
with:
context: .
push: true
platforms: "linux/amd64,linux/arm64"
tags: mitre/saf:release-latest,mitre/saf:${{ steps.format-tag.outputs.replaced }},mitre/saf:v1
- name: Get Docker SHA since the Iron Bank release requires us to specify the exact resources we need them to pull into the environment
shell: bash
id: get-docker-sha
run: |
MAX_RETRIES=5
RETRY_DELAY=0.5 # in seconds
RETRY_COUNT=0
SUCCESS=false
while [ "$RETRY_COUNT" -lt "$MAX_RETRIES" ]; do
if docker pull mitre/saf:${{ steps.format-tag.outputs.replaced }}; then
SUCCESS=true
break
else
RETRY_COUNT="$((RETRY_COUNT + 1))"
echo "Retry $RETRY_COUNT/$MAX_RETRIES: Docker pull failed. Retrying in $RETRY_DELAY seconds..."
sleep "$RETRY_DELAY"
fi
done
if [ "$SUCCESS" = true ]; then
echo "DOCKER_SHA=$(docker inspect --format='{{index .RepoDigests 0}}' mitre/saf:${{ steps.format-tag.outputs.replaced }} | cut -d '@' -f 2)" >> $GITHUB_ENV
else
echo "Docker pull failed after $MAX_RETRIES attempts."
exit 1
fi
- name: Upgrade Iron Bank
uses: mitre/ironbank_release_action@v1
with:
name: SAF-CLI
version: ${{ steps.format-tag.outputs.replaced }}
ironbank_pat: ${{ secrets.SAF_IRONBANK_REPO1_PAT }}
ironbank_username: ${{ secrets.SAF_IRONBANK_REPO1_USERNAME }}
ironbank_project_id: 17072
ironbank_project_clone_url: repo1.dso.mil/dsop/mitre/security-automation-framework/saf.git
git_commit_author_name: "Automated SAF CLI Release"
git_commit_author_email: "saf@mitre.org"
update_commands: |
yq e -i '.args.SAF_VERSION=\"${{ steps.format-tag.outputs.replaced }}\" | .tags[0]=\"${{ steps.format-tag.outputs.replaced }}\" | .labels.\"org.opencontainers.image.version\"=\"${{ steps.format-tag.outputs.replaced }}\" | .resources[0].tag=\"mitre/saf:${{ steps.format-tag.outputs.replaced }}\" | .resources[0].url=\"docker://docker.io/mitre/saf@${{ env.DOCKER_SHA }}\"' hardening_manifest.yaml
sed -i s/SAF_VERSION=\.\*/SAF_VERSION=${{ steps.format-tag.outputs.replaced }}/ Dockerfile
================================================
FILE: .github/workflows/push-to-npm-gpr.yml
================================================
name: Push SAF-CLI to NPM and GPR
on:
release:
types: [published]
workflow_dispatch:
permissions:
id-token: write # required for trusted publishing's use of OIDC
contents: read
packages: write
jobs:
build-deploy:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v5
- name: setup node
uses: actions/setup-node@v6
with:
node-version: "22"
check-latest: true
registry-url: "https://registry.npmjs.org"
cache: 'npm'
- name: Remove testing resources
run: rm -rf test
- name: Install project dependencies
run: npx -y npm@latest ci
- name: Pack all items that are published as packages
run: npx -y npm@latest pack
- name: Publish SAF CLI to NPM
run: npx -y npm@latest publish --access public mitre-saf-*.tgz
# Setup .npmrc file to publish to GitHub Package Registry
- uses: actions/setup-node@v6
with:
node-version: "22"
registry-url: 'https://npm.pkg.github.com'
cache: 'npm'
# Publish SAF CLI to GitHub Package Registry
- name: Publish SAF CLI to GPR
run: npx -y npm@latest publish --access public mitre-saf-*.tgz
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
================================================
FILE: .github/workflows/test-docker-image.yml
================================================
name: Build and Test SAF CLI Docker Image on every Pull Request or Push to Main
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
permissions:
contents: read
env:
TEST_TAG: saf:testTag
jobs:
docker:
runs-on: ubuntu-24.04
steps:
- name: Checkout the SAF Repository
uses: actions/checkout@v5
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker Image
id: docker_build
uses: docker/build-push-action@v6
with:
context: .
push: false
load: true # makes it available for the local docker executable
# doesn't need multiplatform support since we're only running it in this workflow
tags: ${{ env.TEST_TAG }}
- name: Test
run: |
docker run --rm ${{ env.TEST_TAG }}
================================================
FILE: .gitignore
================================================
generatedMD.md
*-debug.log
*-error.log
/.nyc_output
/dist
/lib
/tmp
/bin/deepsource
/test/logs
/test/sample_data/inspec/json/profile_and_controls/mapped_controls
node_modules
eMASSerDownloads
**/.DS_Store
*.*.un~
*.*.swp
out
.env
*.tgz
**/saf-cli.log
saf-cli.log
CliProcessOutput.log
deltaProcessReport.md
tsconfig.tsbuildinfo
================================================
FILE: .nvmrc
================================================
v22.0.0
================================================
FILE: .vscode/launch.json
================================================
{
"version": "0.2.0",
"configurations": [
{
"type": "node",
"request": "launch",
"name": "Debug MarkdownTable",
"runtimeExecutable": "node --inspect", // replace with your actual path
"program": "${workspaceFolder}/bin/run",
"args": [
"view",
"summary",
"-i",
"test/sample_data/HDF/input/rhel-8_hardened.json",
"--format",
"markdown",
"--logLevel",
"verbose"
],
"console": "integratedTerminal",
"internalConsoleOptions": "neverOpen",
"outFiles": ["${workspaceFolder}/dist/**/*.js"],
"preLaunchTask": "tsc: build - tsconfig.json",
"sourceMaps": true
}
]
}
================================================
FILE: .vscode/settings.json
================================================
{
"sonarlint.connectedMode.project": {
"connectionId": "SAF",
"projectKey": "mitre_saf"
},
"editor.defaultFormatter": null,
"editor.formatOnType": true,
"editor.formatOnPaste": true,
"[json]": {
"editor.defaultFormatter": "vscode.json-language-features"
}
}
================================================
FILE: CNAME
================================================
saf-cli.mitre.org
================================================
FILE: Dockerfile
================================================
ARG BASE_CONTAINER=node:22-alpine
FROM $BASE_CONTAINER AS builder
LABEL name="SAF" \
vendor="The MITRE Corporation" \
version="${SAF_VERSION}" \
release="1" \
url="https://github.com/mitre/saf" \
description="The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines" \
docs="https://github.com/mitre/saf" \
run="docker run -d --name ${NAME} ${IMAGE} <args>"
RUN mkdir -p /share
COPY . /build
WORKDIR /build
RUN rm -rf test
RUN npm ci --omit=dev --fetch-timeout=600000
RUN mv "$(npm pack | tail -1)" saf.tgz
FROM $BASE_CONTAINER AS app
COPY --from=builder /build/saf.tgz /build/
RUN npm install -g /build/saf.tgz && npm cache clean --force;
# Useful for CI pipelines
RUN apk add --no-cache bash jq curl ca-certificates yq
USER node
ENTRYPOINT ["saf"]
VOLUME ["/share"]
WORKDIR /share
================================================
FILE: LICENSE.md
================================================
# License
Copyright © 2025 The MITRE Corporation.
Approved for Public Release; Distribution Unlimited. Case Number 18-3678.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain a
copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
## Redistribution Terms
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
- Redistributions of source code must retain the above copyright/digital
rights legend, this list of conditions and the following Notice.
- Redistributions in binary form must reproduce the above
copyright/digital rights legend, this list of conditions and the
following Notice in the documentation and/or other materials provided
with the distribution.
- Neither the name of The MITRE Corporation nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
## Notice
MITRE grants permission to reproduce, distribute, modify, and otherwise
use this software to the extent permitted by the licensed terms provided
in the LICENSE file included with this project.
This software was produced by The MITRE Corporation for the U.S.
Government under contract. As such the U.S. Government has certain use
and data rights in this software. No use other than those granted to the
U.S. Government, or to those acting on behalf of the U.S. Government,
under these contract arrangements is authorized without the express
written permission of The MITRE Corporation.
For further information, please contact The MITRE Corporation, Contracts
Management Office, 7515 Colshire Drive, McLean, VA 22102-7539, (703)
983-6000.
================================================
FILE: README.md
================================================
# Security Automation Framework CLI
The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines
The SAF CLI is the successor to [Heimdall Tools](https://github.com/mitre/heimdall_tools) and [InSpec Tools](https://github.com/mitre/inspec_tools).
## Terminology
- ["Heimdall"](https://github.com/mitre/heimdall2) - A visualizer for all security result data
- ["OASIS Heimdall Data Format (OHDF) - aka HDF"](https://saf.mitre.org/#/normalize) - A common data format to preserve and transform security data
>[!NOTE]
> All mention of HDF in this document refers to the OHDF.
## Installation
* [Via NPM](#installation-via-npm)
* [Update via NPM](#update-via-npm)
* [Via Brew](#installation-via-brew)
* [Update via Brew](#update-via-brew)
* [Via Docker](#installation-via-docker)
* [Update via Docker](#update-via-docker)
* [Via Windows Installer](#installation-via-windows-installer)
* [Update via Windows Installer](#update-via-windows-installer)
## Developers
For detailed information about development, testing , and contributing to the SAF project refer to [MITRE SAF Development](https://github.com/mitre/saf/blob/main/docs/contributors-guide.md)
## Usage
### Attest HDF Data
* [Attest](#attest)
* [Create Attestations](#create-attestations)
* [Apply Attestations](#apply-attestations)
### [Get Help with Convert Command](#convert-command)
### Convert HDF to Other Formats
* [Convert From HDF](#convert-from-hdf)
* [HDF to ASFF](#hdf-to-asff)
* [HDF to Splunk](#hdf-to-splunk)
* [HDF to XCCDF Results](#hdf-to-xccdf-results)
* [HDF to Checklist](#hdf-to-checklist)
* [HDF to CSV](#hdf-to-csv)
* [HDF to Condensed JSON](#hdf-to-condensed-json)
* [HDF to HTML](#hdf-to-html)
### Convert Other Formats to HDF
* [Convert To HDF](#convert-to-hdf)
* [Anchore Grype to HDF](#anchore-grype-to-hdf)
* [ASFF to HDF](#asff-to-hdf)
* [AWS Config to HDF](#aws-config-to-hdf)
* [Burp Suite to HDF](#burp-suite-to-hdf)
* [Checkov to HDF](#checkov-to-hdf)
* [CKL to HDF](#ckl-to-hdf)
* [CKL to POA&M](#ckl-to-poam)
* [CycloneDX SBOM to HDF](#cyclonedx-sbom-to-hdf)
* [DBProtect to HDF](#dbprotect-to-hdf)
* [Dependency-Track to HDF](#dependency-track-to-hdf)
* [Fortify to HDF](#fortify-to-hdf)
* [gosec to HDF](#gosec-to-hdf)
* [Ion Channel 2 HDF](#ion-channel-2-hdf)
* [JFrog Xray to HDF](#jfrog-xray-to-hdf)
* [Tenable Nessus to HDF](#tenable-nessus-to-hdf)
* [Microsoft Secure Score to HDF](#msft_secure-to-hdf)
* [Netsparker to HDF](#netsparker-to-hdf)
* [NeuVector to HDF](#neuvector-to-hdf)
* [Nikto to HDF](#nikto-to-hdf)
* [Prisma to HDF](#prisma-to-hdf)
* [Prowler to HDF](#prowler-to-hdf)
* [Sarif to HDF](#sarif-to-hdf)
* [Scoutsuite to HDF](#scoutsuite-to-hdf)
* [Snyk to HDF](#snyk-to-hdf)
* [SonarQube to HDF](#sonarqube-to-hdf)
* [Splunk to HDF](#splunk-to-hdf)
* [Trivy to HDF](#trivy-to-hdf)
* [Trufflehog to HDF](#trufflehog-to-hdf)
* [Twistlock to HDF](#twistlock-to-hdf)
* [Veracode to HDF](#veracode-to-hdf)
* [XCCDF Results to HDF](#xccdf-results-to-hdf)
* [OWASP ZAP to HDF](#owasp-zap-to-hdf)
### eMASSer Client
* [eMASSer API CLI](#emasser-api-cli)
### View HDF Summaries and Data
* [View](#view)
* [Heimdall](#heimdall)
* [Summary](#summary)
### Validate HDF Thresholds
* [Validate](#validate)
* [Thresholds](#thresholds)
### Generate Data Reports and More
* [Generate](#generate)
* [Delta](#delta)
* [Delta Supporting Commands](#delta-supporting-options)
* [CKL Templates](#ckl-templates)
* [InSpec Metadata](#inspec-metadata)
* [Inspec Profile](#inspec-profile)
* [Thresholds](#thresholds-1)
* [Spreadsheet (csv/xlsx) to InSpec](#spreadsheet-csvxlsx-to-inspec)
* [DoD Stub vs CIS Stub Formatting](#dod-stub-vs-cis-stub-formatting)
* [Mapping Files](#mapping-files)
### Enhance and Supplement HDF Data
* [Supplement](#supplement)
* [Passthrough](#passthrough)
* [Read](#read)
* [Write](#write)
* [Target](#target)
* [Read](#read-1)
* [Write](#write-1)
### License and Authors
* [License and Author](#license-and-author)
---
## Installation
___
### Installation via NPM
The SAF CLI can be installed and kept up to date using `npm`, which is included with most versions of [NodeJS](https://nodejs.org/en/).
```bash
npm install -g @mitre/saf
```
#### Update via NPM
To update the SAF CLI with `npm`:
```bash
npm update -g @mitre/saf
```
[top](#installation)
---
### Installation via Brew
The SAF CLI can be installed and kept up to date using `brew`.
```
brew install mitre/saf/saf-cli
```
#### Update via Brew
To update the SAF CLI with `brew`:
```
brew upgrade mitre/saf/saf-cli
```
[top](#installation)
---
### Installation via Docker
**On Linux and Mac:**
The docker command below can be used to run the SAF CLI one time, where `arguments` contains the command and flags you want to run. For ex: `--version` or `view summary -i hdf-results.json`.
```
docker run -it -v$(pwd):/share mitre/saf <arguments>
```
To run the SAF CLI with a persistent shell for one or more commands, use the following, then run each full command. For ex: `saf --version` or `saf view summary -i hdf-results.json`. You can change the entrypoint you wish to use. For example, run with `--entrypoint sh` to open in a shell terminal. If the specified entrypoint is not found, try using the path such as `--entrypoint /bin/bash`.
```
docker run --rm -it --entrypoint bash -v$(pwd):/share mitre/saf
```
**On Windows:**
The docker command below can be used to run the SAF CLI one time, where `arguments` contains the command and flags you want to run. For ex: `--version` or `view summary -i hdf-results.json`.
```
docker run -it -v%cd%:/share mitre/saf <arguments>
```
To run the SAF CLI with a persistent shell for one or more commands, use the following, then run each full command. For ex: `saf --version` or `saf view summary -i hdf-results.json`. You can change the entrypoint you wish to use. For example, run with `--entrypoint sh` to open in a shell terminal. If the specified entrypoint is not found, try using the path such as `--entrypoint /bin/bash`.
```
docker run --rm -it --entrypoint sh -v%cd%:/share mitre/saf
```
**NOTE:**
Remember to use Docker CLI flags as necessary to run the various subcommands.
For example, to run the `emasser configure` subcommand, you need to pass in a volume that contains your certificates and where you can store the resultant .env. Furthermore, you need to pass in flags for enabling the pseudo-TTY and interactivity.
```
docker run -it -v "$(pwd)":/share mitre/saf emasser configure
```
Other commands might not require the `-i` or `-t` flags and instead only need a bind-mounted volume, such as a file based `convert`.
```
docker run --rm -v "$(pwd)":/share mitre/saf convert -i test/sample_data/trivy/sample_input_report/trivy-image_golang-1.12-alpine_sample.json -o test.json
```
Other flags exist to open up network ports or pass through environment variables so make sure to use whichever ones are required to successfully run a command.
#### Update via Docker
To update the SAF CLI with `docker`:
```bash
docker pull mitre/saf:latest
```
[top](#installation)
---
### Installation via Windows Installer
To install the latest release of the SAF CLI on Windows, download and run the most recent installer for your system architecture from the [Releases](https://github.com/mitre/saf/releases) 🌬️ page.
#### Update via Windows Installer
To update the SAF CLI on Windows, uninstall any existing version from your system and then download and run the most recent installer for your system architecture from the [Releases](https://github.com/mitre/saf/releases) 🌬️ page.
[top](#installation)
## Usage
---
### Attest
Attest to 'Not Reviewed' controls: sometimes requirements can’t be tested automatically by security tools and hence require manual review, whereby someone interviews people and/or examines a system to confirm (i.e., attest as to) whether the control requirements have been satisfied.
#### Create Attestations
```
attest create Create attestation files for use with `saf attest apply`
USAGE
$ saf attest create -o <attestation-file> [-i <hdf-json> -t <json | xlsx | yml | yaml>]
FLAGS
-i, --input=<value> (optional) An input HDF file to search for controls
-o, --output=<value> (required) The output filename
-t, --format=<option> [default: json] (optional) The output file type
<options: json|xlsx|yml|yaml>
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf attest create -o attestation.json -i hdf.json
$ saf attest create -o attestation.xlsx -t xlsx
```
[top](#usage)
#### Apply Attestations
```
attest apply Apply one or more attestation files to one or more HDF results sets
USAGE
$ saf attest apply -i <input-hdf-json>... <attestation>... -o <output-hdf-path>
FLAGS
-i, --input=<value>... (required) Your input HDF and Attestation file(s)
-o, --output=<value> (required) Output file or folder (for multiple executions)
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf attest apply -i hdf.json attestation.json -o new-hdf.json
$ saf attest apply -i hdf1.json hdf2.json attestation.xlsx -o outputDir
```
[top](#usage)
### Convert Command
Translating your data to and from Heimdall Data Format (HDF) is done using the `saf convert` command.
Want to Recommend or Help Develop a Converter? See [how to get started](https://github.com/mitre/saf/wiki/How-to-recommend-development-of-a-mapper) 📰
[top](#get-help-with-convert-command)
### Convert From HDF
[top](#convert-other-formats-to-hdf)
#### Anchore Grype to HDF
```
convert anchoregrype2hdf Translate a Anchore Grype output file into an HDF results set
USAGE
$ saf convert anchoregrype2hdf -i <anchoregrype-json> -o <hdf-scan-results-json> [-h] [-w]
FLAGS
-i, --input=<anchoregrype-json> (required) Input Anchore Grype file
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-w, --includeRaw Include raw data from the input Anchore Grype file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert anchoregrype2hdf -i anchoregrype.json -o output-hdf-name.json
```
[top](#convert-hdf-to-other-formats)
#### HDF to ASFF
***Note:*** Uploading findings into AWS Security hub requires configuration of the AWS CLI, see 👉 [the AWS documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html) or configuration of environment variables via Docker.
```
convert hdf2asff Translate a Heimdall Data Format JSON file into
AWS Security Findings Format JSON file(s) and/or
upload to AWS Security Hub
USAGE
$ saf convert hdf2asff -a <account-id> -r <region> -i <hdf-scan-results-json> -t <target> [-h] [-R] (-u [-I -C <certificate>] | [-o <asff-output-folder>])
FLAGS
-C, --certificate=<certificate> Trusted signing certificate file
-I, --insecure Disable SSL verification, this is insecure.
-R, --specifyRegionAttribute Manually specify the top-level `Region` attribute - SecurityHub
populates this attribute automatically and prohibits one from
updating it using `BatchImportFindings` or `BatchUpdateFindings`
-i, --input=<hdf-scan-results-json> (required) Input HDF JSON File
-o, --output=<asff-output-folder> Output ASFF JSON Folder
-r, --region=<region> (required) SecurityHub Region
-t, --target=<target> (required) Unique name for target to track findings across time
-u, --upload Upload findings to AWS Security Hub
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
Send output to local file system
$ saf convert hdf2asff -i rhel7-scan_02032022A.json -a 123456789 -r us-east-1 -t rhel7_example_host -o rhel7.asff
Upload findings to AWS Security Hub
$ saf convert hdf2asff -i rds_mysql_i123456789scan_03042022A.json -a 987654321 -r us-west-1 -t Instance_i123456789 -u
Upload findings to AWS Security Hub and Send output to local file system
$ saf convert hdf2asff -i snyk_acme_project5_hdf_04052022A.json -a 2143658798 -r us-east-1 -t acme_project5 -o snyk_acme_project5 -u
```
[top](#convert-hdf-to-other-formats)
#### HDF to Splunk
**Notice**: HDF to Splunk requires configuration on the Splunk server. See 👉 [Splunk Configuration](https://github.com/mitre/saf/wiki/Splunk-Configuration).
```
convert hdf2splunk Translate and upload a Heimdall Data Format JSON file into a Splunk server
USAGE
$ saf convert hdf2splunk -i <hdf-scan-results-json> -H <host> -I <index> [-h] [-P <port>] [-s http|https] [-u <username> | -t <token>] [-p <password>] [-L info|warn|debug|verbose]
FLAGS
-H, --host=<host> (required) Splunk Hostname or IP
-I, --index=<index> (required) Splunk index to import HDF data into
-P, --port=<port> [default: 8089] Splunk management port (also known as the Universal Forwarder port)
-i, --input=<hdf-scan-results-json> (required) Input HDF file
-p, --password=<password> Your Splunk password
-s, --scheme=<option> [default: https] HTTP Scheme used for communication with splunk
<options: http|https>
-t, --token=<token> Your Splunk API Token
-u, --username=<username> Your Splunk username
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
User name/password Authentication
$ saf convert hdf2splunk -i rhel7-results.json -H 127.0.0.1 -u admin -p Valid_password! -I hdf
Token Authentication
$ saf convert hdf2splunk -i rhel7-results.json -H 127.0.0.1 -t your.splunk.token -I hdf
```
For HDF Splunk Schema documentation visit 👉 [Heimdall converter schemas](https://github.com/mitre/heimdall2/blob/master/libs/hdf-converters/src/converters-from-hdf/splunk/Schemas.md#schemas)
**Previewing HDF Data Within Splunk:**
An example of a full raw search query:
```sql
index="<<YOUR INDEX>>" meta.subtype=control | stats values(meta.filename) values(meta.filetype) list(meta.profile_sha256) values(meta.hdf_splunk_schema) first(meta.status) list(meta.status) list(meta.is_baseline) values(title) last(code) list(code) values(desc) values(descriptions.*) values(id) values(impact) list(refs{}.*) list(results{}.*) list(source_location{}.*) values(tags.*) by meta.guid id
| join meta.guid
[search index="<<YOUR INDEX>>" meta.subtype=header | stats values(meta.filename) values(meta.filetype) values(meta.hdf_splunk_schema) list(statistics.duration) list(platform.*) list(version) by meta.guid]
| join meta.guid
[search index="<<YOUR INDEX>>" meta.subtype=profile | stats values(meta.filename) values(meta.filetype) values(meta.hdf_splunk_schema) list(meta.profile_sha256) list(meta.is_baseline) last(summary) list(summary) list(sha256) list(supports{}.*) last(name) list(name) list(copyright) list(maintainer) list(copyright_email) last(version) list(version) list(license) list(title) list(parent_profile) list(depends{}.*) list(controls{}.*) list(attributes{}.*) list(status) by meta.guid]
```
An example of a formatted table search query:
```sql
index="<<YOUR INDEX>>" meta.subtype=control | stats values(meta.filename) values(meta.filetype) list(meta.profile_sha256) values(meta.hdf_splunk_schema) first(meta.status) list(meta.status) list(meta.is_baseline) values(title) last(code) list(code) values(desc) values(descriptions.*) values(id) values(impact) list(refs{}.*) list(results{}.*) list(source_location{}.*) values(tags.*) by meta.guid id
| join meta.guid
[search index="<<YOUR INDEX>>" meta.subtype=header | stats values(meta.filename) values(meta.filetype) values(meta.hdf_splunk_schema) list(statistics.duration) list(platform.*) list(version) by meta.guid]
| join meta.guid
[search index="<<YOUR INDEX>>" meta.subtype=profile | stats values(meta.filename) values(meta.filetype) values(meta.hdf_splunk_schema) list(meta.profile_sha256) list(meta.is_baseline) last(summary) list(summary) list(sha256) list(supports{}.*) last(name) list(name) list(copyright) list(maintainer) list(copyright_email) last(version) list(version) list(license) list(title) list(parent_profile) list(depends{}.*) list(controls{}.*) list(attributes{}.*) list(status) by meta.guid]
| rename values(meta.filename) AS "Results Set", values(meta.filetype) AS "Scan Type", list(statistics.duration) AS "Scan Duration", first(meta.status) AS "Control Status", list(results{}.status) AS "Test(s) Status", id AS "ID", values(title) AS "Title", values(desc) AS "Description", values(impact) AS "Impact", last(code) AS Code, values(descriptions.check) AS "Check", values(descriptions.fix) AS "Fix", values(tags.cci{}) AS "CCI IDs", list(results{}.code_desc) AS "Results Description", list(results{}.skip_message) AS "Results Skip Message (if applicable)", values(tags.nist{}) AS "NIST SP 800-53 Controls", last(name) AS "Scan (Profile) Name", last(summary) AS "Scan (Profile) Summary", last(version) AS "Scan (Profile) Version"
| table meta.guid "Results Set" "Scan Type" "Scan (Profile) Name" ID "NIST SP 800-53 Controls" Title "Control Status" "Test(s) Status" "Results Description" "Results Skip Message (if applicable)" Description Impact Severity Check Fix "CCI IDs" Code "Scan Duration" "Scan (Profile) Summary" "Scan (Profile) Version"
```
[top](#convert-hdf-to-other-formats)
#### HDF to XCCDF Results
```
convert hdf2xccdf Translate an HDF file into an XCCDF XML
USAGE
$ saf convert hdf2xccdf -i <hdf-scan-results-json> -o <output-xccdf-xml> [-h]
FLAGS
-i, --input=<hdf-scan-results-json> (required) Input HDF file
-o, --output=<output-xccdf-xml> (required) Output XCCDF XML File
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert hdf2xccdf -i hdf_input.json -o xccdf-results.xml
```
[top](#convert-hdf-to-other-formats)
#### HDF to Checklist
```
convert hdf2ckl Translate a Heimdall Data Format JSON file into a
DISA checklist file
USAGE
$ saf convert hdf2ckl -i <hdf-scan-results-json> -o <output-ckl> [-h] [-m <metadata>] [--profilename <value>] [--profiletitle <value>] [--version <value>] [--releasenumber <value>] [--releasedate <value>] [--marking <value>] [-H <value>] [-I <value>] [-M <value>] [-F <value>] [--targetcomment <value>] [--role Domain Controller|Member Server|None|Workstation] [--assettype Computing|Non-Computing] [--techarea |Application Review|Boundary Security|CDS Admin Review|CDS Technical Review|Database Review|Domain Name System (DNS)|Exchange Server|Host Based System Security (HBSS)|Internal Network|Mobility|Other Review|Releasable Networks (REL)|Releaseable Networks (REL)|Traditional Security|UNIX OS|VVOIP Review|Web Review|Windows OS] [--stigguid <value>] [--targetkey <value>] [--webdbsite <value> --webordatabase] [--webdbinstance <value> ] [--vulidmapping gid|id]
FLAGS
-h, --help Show CLI help.
-i, --input=<value> (required) Input HDF file
-o, --output=<value> (required) Output CKL file
CHECKLIST METADATA FLAGS
-F, --fqdn=<value> Fully Qualified Domain Name
-H, --hostname=<value> The name assigned to the asset within the network
-I, --ip=<value> IP address
-M, --mac=<value> MAC address
-m, --metadata=<value> Metadata JSON file, generate one with "saf generate ckl_metadata"
--assettype=<option> The category or classification of the asset
<options: Computing|Non-Computing>
--marking=<value> A security classification or designation of the asset, indicating its sensitivity level
--profilename=<value> Profile name
--profiletitle=<value> Profile title
--releasedate=<value> Profile release date
--releasenumber=<value> Profile release number
--role=<option> The primary function or role of the asset within the network or organization
<options: Domain Controller|Member Server|None|Workstation>
--stigguid=<value> A unique identifier associated with the STIG for the asset
--targetcomment=<value> Additional comments or notes about the asset
--targetkey=<value> A unique key or identifier for the asset within the checklist or inventory system
--techarea=<option> The technical area or domain to which the asset belongs
<options: |Application Review|Boundary Security|CDS Admin Review|CDS Technical Review|Database Review|Domain Name System (DNS)|Exchange Server|Host Based System Security (HBSS)|Internal Network|Mobility|Other Review|Releasable Networks (REL)|Releaseable Networks (REL)|Traditional Security|UNIX OS|VVOIP Review|Web Review|Windows OS>
--version=<value> Profile version number
--vulidmapping=<option> Which type of control identifier to map to the checklist ID
<options: gid|id>
--webdbinstance=<value> The specific instance of the web application or database running on the server
--webdbsite=<value> The specific site or application hosted on the web or database server
--webordatabase Indicates whether the STIG is primarily for either a web or database server
DESCRIPTION
Translate a Heimdall Data Format JSON file into a DISA checklist file
EXAMPLES
$ saf convert hdf2ckl -i rhel7-results.json -o rhel7.ckl --fqdn reverseproxy.example.org --hostname reverseproxy --ip 10.0.0.3 --mac 12:34:56:78:90:AB
$ saf convert hdf2ckl -i rhel8-results.json -o rhel8.ckl -m rhel8-metadata.json
```
[top](#convert-hdf-to-other-formats)
#### HDF to CSV
```
convert hdf2csv Translate a Heimdall Data Format JSON file into a
Comma Separated Values (CSV) file
USAGE
$ saf convert hdf2csv -i <hdf-scan-results-json> -o <output-csv> [-h] [-f <csv-fields>] [-t]
FLAGS
-f, --fields=<csv-fields> [default: All Fields] Fields to include in output CSV, separated by commas
-i, --input=<hdf-scan-results-json> (required) Input HDF file
-o, --output=<output-csv> (required) Output CSV file
-t, --noTruncate Don't truncate fields longer than 32,767 characters (the cell limit in Excel)
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
Running the CLI interactively
$ saf convert hdf2csv --interactive
Providing flags at the command line
$ saf convert hdf2csv -i rhel7-results.json -o rhel7.csv --fields "Results Set,Status,ID,Title,Severity"
```
[top](#convert-hdf-to-other-formats)
#### HDF to Condensed JSON
```
convert hdf2condensed Condensed format used by some community members
to pre-process data for elasticsearch and custom dashboards
USAGE
$ saf convert hdf2condensed -i <hdf-scan-results-json> -o <condensed-json> [-h]
FLAGS
-i, --input=<hdf-scan-results-json> (required) Input HDF file
-o, --output=<condensed-json> (required) Output condensed JSON file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert hdf2condensed -i rhel7-results.json -o rhel7-condensed.json
```
[top](#convert-hdf-to-other-formats)
#### HDF to HTML
```
convert hdf2html Translate an HDF file into a Heimdall Report HTML file
USAGE
$ saf convert hdf2html -i <hdf-scan-results-json>... -o <output-html> [-t <output-type>] [-h]
FLAGS
-h, --help
Show CLI help.
-i, --input=<value>...
(required) Input HDF JSON file
-o, --output=<value>
(required) Output HTML file
-t, --type=<option>
[default: Administrator] The report type to generate
Report types differ with the information they include
Executive: Profile Info + Statuses + Compliance Level
Manager: Executive + Test Results and Details
Administrator: Manager + Test Code
<options: Executive|Manager|Administrator>
DESCRIPTION
Translate an HDF file into a Heimdall Report HTML file
EXAMPLES
$ saf convert hdf2html -i hdf_input.json -o report.html -t Manager
```
[top](#convert-hdf-to-other-formats)
---
### Convert To HDF
#### ASFF to HDF
Output|Use|Command
---|---|---
ASFF json|All the findings that will be fed into the mapper|aws securityhub get-findings > asff.json
AWS SecurityHub enabled standards json|Get all the enabled standards so you can get their identifiers|aws securityhub get-enabled-standards > asff_standards.json
AWS SecurityHub standard controls json|Get all the controls for a standard that will be fed into the mapper|aws securityhub describe-standards-controls --standards-subscription-arn "arn:aws:securityhub:us-east-1:123456789123:subscription/cis-aws-foundations-benchmark/v/1.2.0" > asff_cis_standard.json
```
convert asff2hdf Translate a AWS Security Finding Format JSON into a
Heimdall Data Format JSON file(s)
USAGE
$ saf convert asff2hdf -o <hdf-output-folder> [-h] (-i <asff-json> [--securityhub <standard-json>]... | -a -r <region> [-I | -C <certificate>] [-t <target>]) [-L info|warn|debug|verbose]
FLAGS
-C, --certificate=<certificate> Trusted signing certificate file
-I, --insecure Disable SSL verification, this is insecure
-H, --securityHub=<standard-json> Additional input files to provide context that an ASFF file needs
such as the CIS AWS Foundations or AWS Foundational Security Best
Practices documents (in ASFF compliant JSON form)
-a, --aws Pull findings from AWS Security Hub
-i, --input=<asff-json> (required if not using AWS) Input ASFF JSON file
-o, --output=<hdf-output-folder> (required) Output HDF JSON folder
-r, --region=<region> Security Hub region to pull findings from
-t, --target=<target>... Target ID(s) to pull from Security Hub (maximum 10), leave blank for non-HDF findings
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
Using ASFF JSON file
$ saf convert asff2hdf -i asff-findings.json -o output-folder-name
Using ASFF JSON file with additional input files
$ saf convert asff2hdf -i asff-findings.json --securityhub <standard-1-json> ... --securityhub <standard-n-json> -o output-folder-name
Using AWS to pull ASFF JSON findings
$ saf convert asff2hdf --aws -o out -r us-west-2 --target rhel7
```
[top](#convert-other-formats-to-hdf)
#### AWS Config to HDF
***Note:*** Pulling AWS Config results data requires configuration of the AWS CLI, see 👉 [the AWS documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html) or configuration of environment variables via Docker.
```
convert aws_config2hdf Pull Configuration findings from AWS Config and convert
into a Heimdall Data Format JSON file
USAGE
$ saf convert aws_config2hdf -r <region> -o <hdf-scan-results-json> [-h] [-a <access-key-id>] [-s <secret-access-key>] [-t <session-token>] [-i]
FLAGS
-a, --accessKeyId=<access-key-id> Access key ID
-i, --insecure Disable SSL verification, this is insecure.
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-r, --region=<region> (required) Region to pull findings from
-s, --secretAccessKey=<secret-access-key> Secret access key
-t, --sessionToken=<session-token> Session token
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert aws_config2hdf -a ABCDEFGHIJKLMNOPQRSTUV -s +4NOT39A48REAL93SECRET934 -r us-east-1 -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### Burp Suite to HDF
```
convert burpsuite2hdf Translate a BurpSuite Pro XML file into a Heimdall
Data Format JSON file
USAGE
$ saf convert burpsuite2hdf -i <burpsuite-xml> -o <hdf-scan-results-json> [-h] [-w]
FLAGS
-i, --input=<burpsuite-xml> (required) Input Burpsuite Pro XML File
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-w, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert burpsuite2hdf -i burpsuite_results.xml -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### Checkov to HDF
```
convert checkov2hdf Translate a Checkov JSON file into a Heimdall
Data Format JSON file
USAGE
$ saf convert checkov2hdf -i <checkov-json> -o <hdf-scan-results-json> [-h] [-w]
FLAGS
-i, --input=<checkov-json> (required) Input Checkov JSON File
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-w, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert checkov2hdf -i checkov_results.json -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### CKL to HDF
```
convert ckl2hdf Translate a Checklist XML file into a Heimdall
Data Format JSON file
USAGE
$ saf convert ckl2hdf -i <ckl-xml> -o <hdf-scan-results-json> [-h] [-r]
FLAGS
-i, --input=<ckl-xml> (required) Input Checklist XML File
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-r, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
DESCRIPTION
Translate a Checklist XML file into a Heimdall Data Format JSON file
EXAMPLES
$ saf convert ckl2hdf -i ckl_results.xml -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### CKL to POA&M
Note: The included CCI to NIST Mappings are the extracted from NIST.gov, for mappings specific to eMASS use [this](https://github.com/mitre/ckl2POAM/blob/main/resources/cci2nist.json) file instead).
```
convert ckl2POAM Translate DISA Checklist CKL file(s) to POA&M files
USAGE
$ saf convert ckl2POAM -i <disa-checklist> -o <poam-output-folder> [-h] [-O <office/org>] [-d <device-name>] [-s <num-rows>]
FLAGS
-O, --officeOrg=<office/org> Default value for Office/org (prompts for each file if not set)
-d, --deviceName=<device-name> Name of target device (prompts for each file if not set)
-i, --input=<disa-checklist>... (required) Path to the DISA Checklist File(s)
-o, --output=<poam-output-folder> (required) Path to output PO&M File(s)
-s, --rowsToSkip=<num-rows> [default: 4] Rows to leave between POA&M Items for milestones
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
ALIASES
$ saf convert ckl2poam
EXAMPLES
$ saf convert ckl2POAM -i checklist_file.ckl -o output-folder -d abcdefg -s 2
```
[top](#convert-other-formats-to-hdf)
#### CycloneDX SBOM to HDF
Note: Currently, only the CycloneDX SBOM, VEX, and HBOM formats are officially supported in the CycloneDX SBOM convert command (formats like SaaSBOM are NOT supported and will result in errors). To convert other non-CycloneDX SBOM formats, first convert your current SBOM data file into the CycloneDX SBOM data format with [their provided utility](https://github.com/CycloneDX/cyclonedx-cli) and then convert the CycloneDX SBOM file to OHDF with the `saf convert cyclonedx_sbom2hdf` command.
EX) To convert SPDX SBOM format to CycloneDX SBOM format using the [CycloneDX CLI](https://github.com/CycloneDX/cyclonedx-cli), you can perform the following:
```
cyclonedx-cli convert --input-file spdx-sbom.json --output-file cyclonedx-sbom.json --input-format spdxjson --output-format json
```
And then use that resulting CycloneDX SBOM file to convert to OHDF.
```
convert cyclonedx_sbom2hdf Translate a CycloneDX SBOM report into an HDF results set
USAGE
$ saf convert cyclonedx_sbom2hdf -i <cyclonedx_sbom-json> -o <hdf-scan-results-json> [-h] [-w]
FLAGS
-i, --input=<cyclonedx_sbom-json> (required) Input CycloneDX SBOM File
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-w, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert cyclonedx_sbom2hdf -i cyclonedx_sbom.json -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### DBProtect to HDF
```
convert dbprotect2hdf Translate a DBProtect report in "Check Results
Details" XML format into a Heimdall Data Format JSON file
USAGE
$ saf convert dbprotect2hdf -i <dbprotect-xml> -o <hdf-scan-results-json> [-h] [-w]
FLAGS
-i, --input=<dbprotect-xml> (required) 'Check Results Details' XML File
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-w, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert dbprotect2hdf -i check_results_details_report.xml -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
##### Dependency-Track to HDF
```
convert dependency_track2hdf Translate a Dependency-Track results JSON
file into a Heimdall Data Format JSON file
USAGE
$ saf convert dependency_track2hdf -i <dt-fpf-json> -o <hdf-scan-results-json> [-h] [-w]
FLAGS
-h, --help Show CLI help.
-i, --input=<value> (required) Input Dependency-Track FPF file
-o, --output=<value> (required) Output HDF file
-w, --with-raw
GLOBAL FLAGS
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
saf convert dependency_track2hdf -i dt-fpf.json -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### Fortify to HDF
```
convert fortify2hdf Translate a Fortify results FVDL file into a Heimdall
Data Format JSON file; the FVDL file is an XML that can be
extracted from the Fortify FPR project file using standard
file compression tools
USAGE
$ saf convert fortify2hdf -i <fortify-fvdl> -o <hdf-scan-results-json> [-h] [-w]
FLAGS
-i, --input=<fortify-fvdl> (required) Input FVDL File
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-w, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert fortify2hdf -i audit.fvdl -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### gosec to HDF
```
convert gosec2hdf Translate a gosec (Golang Security Checker) results file
into a Heimdall Data Format JSON file
USAGE
$ saf convert gosec2hdf -i <gosec-json> -o <hdf-scan-results-json> [-h] [-w]
FLAGS
-h, --help Show CLI help.
-i, --input=<value> (required) Input gosec Results JSON File
-o, --output=<value> (required) Output HDF JSON File
-w, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert gosec2hdf -i gosec_results.json -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### Ion Channel 2 HDF
```
convert ionchannel2hdf Pull and translate SBOM data from Ion Channel
into Heimdall Data Format
USAGE
$ saf convert ionchannel2hdf -o <hdf-output-folder> [-h] (-i <ionchannel-json> | -a <api-key> -t <team-name> [--raw ] [-p <project>] [-A ]) [-L info|warn|debug|verbose]
FLAGS
-A, --allProjects Pull all projects available within your team
-L, --logLevel=<option> [default: info]
<options: info|warn|debug|verbose>
-a, --apiKey=<api-key> API Key from Ion Channel user settings
-i, --input=<ionchannel-json>... Input IonChannel JSON file
-o, --output=<hdf-output-folder> (required) Output JSON folder
-p, --project=<project>... The name of the project(s) you would like to pull
-t, --teamName=<team-name> Your team name that contains the project(s) you would like to pull data from
--raw Output Ion Channel raw data
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
Using Input IonChannel JSON file
$ saf convert ionchannel2hdf -o output-folder-name -i ion-channel-file.json
Using IonChannel API Key (pull one project)
$ saf convert ionchannel2hdf -o output-folder-name -a ion-channel-apikey -t team-name -p project-name-to-pull --raw
Using IonChannel API Key (pull all project)
$ saf convert ionchannel2hdf -o output-folder-name -a ion-channel-apikey -t team-name -A --raw
```
[top](#convert-other-formats-to-hdf)
#### JFrog Xray to HDF
```
convert jfrog_xray2hdf Translate a JFrog Xray results JSON file into a
Heimdall Data Format JSON file
USAGE
$ saf convert jfrog_xray2hdf -i <jfrog-xray-json> -o <hdf-scan-results-json> [-h] [-w]
FLAGS
-i, --input=<jfrog-xray-json> (required) Input JFrog JSON File
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-w, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert jfrog_xray2hdf -i xray_results.json -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### Tenable Nessus to HDF
```
convert nessus2hdf Translate a Nessus XML results file into a Heimdall Data Format JSON file.
The current iteration maps all plugin families except for 'Policy Compliance'
A separate HDF JSON is generated for each host reported in the Nessus Report.
USAGE
$ saf convert nessus2hdf -i <nessus-xml> -o <hdf-scan-results-json> [-h] [-w]
FLAGS
-i, --input=<nessus-xml> (required) Input Nessus XML File
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-w, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert nessus2hdf -i nessus_results.xml -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### Microsoft Secure Score to HDF
Output|Use|Command
---|---|---
Microsoft Secure Score JSON|This file contains the Graph API response for the `security/secureScore` endpoint|PowerShell$ `Get-MgSecuritySecureScore -Top 500`
Microsoft Secure Score Control Profiles JSON|This file contains the Graph API response for the `security/secureScoreControlProfiles` endpoint|PowerShell$ `Get-MgSecuritySecureScoreControlProfile -Top 500`
Combined JSON|Combine the outputs from `security/secureScore` and `security/secureScoreControlProfiles` endpoints|`jq -s \'{"secureScore": .[0], "profiles": .[1]}\' secureScore.json secureScoreControlProfiles.json`
```
convert msft_secure2hdf Translate a Microsoft Secure Score report and Secure Score Control to a Heimdall Data Format JSON file
USAGE
$ saf convert msft_secure2hdf -p <secure-score-control-profiles> -r <secureScore-json>-o <hdf-scan-results-json> [-h]
$ saf convert msft_secure2hdf -t <azure-tenant-id> -a <azure-app-id> -s <azure-app-secret> -o <hdf-scan-results-json> [-h]
$ saf convert msft_secure2hdf -i <combined-inputs> -o <hdf-scan-results-json> [-h]
FLAGS
-C, --certificate=<value> Trusted signing certificate file
-I, --insecure Disable SSL verification, this is insecure.
-a, --appId=<value> Azure application ID
-i, --combinedInputs=<value> JSON File combining the outputs from the Microsoft Graph API endpoints
{secureScore: <CONTENTS_OF_INPUT_SCORE_DOC>}, profiles: <CONTENTS_OF_INPUT_PROFILES_DOC>
-o, --output=<value> (required) Output HDF JSON file
-p, --inputProfiles=<value> Input Microsoft Graph API "GET /security/secureScoreControlProfiles" output JSON File
-r, --inputScoreDoc=<value> Input Microsoft Graph API "GET /security/secureScores" output JSON File
-s, --appSecret=<value> Azure application secret
-t, --tenantId=<value> Azure tenant ID
-w, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
Using input files
$ saf convert msft_secure2hdf -p secureScore.json -r secureScoreControlProfiles -o output-hdf-name.json [-w]
Using Azure tenant ID
$ saf convert msft_secure2hdf -t "12345678-1234-1234-1234-1234567890abcd" \
-a "12345678-1234-1234-1234-1234567890abcd" \
-s "aaaaa~bbbbbbbbbbbbbbbbbbbbbbbbb-cccccccc" \
-o output-hdf-name.json [-I | -C <certificate>]
Using combined inputs
$ saf convert msft_secure2hdf -i <(jq '{"secureScore": .[0], "profiles": .[1]}' secureScore.json secureScoreControlProfiles.json)> \
-o output-hdf-name.json [-w]
```
[top](#convert-other-formats-to-hdf)
#### Netsparker to HDF
```
convert netsparker2hdf Translate a Netsparker XML results file into a
Heimdall Data Format JSON file. The current
iteration only works with Netsparker Enterprise
Vulnerabilities Scan.
USAGE
$ saf convert netsparker2hdf -i <netsparker-xml> -o <hdf-scan-results-json> [-h] [-w]
FLAGS
-i, --input=<netsparker-xml> (required) Input Netsparker XML File
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-w, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert netsparker2hdf -i netsparker_results.xml -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### NeuVector to HDF
```
convert neuvector2hdf Translate a NeuVector results JSON to a Heimdall Data Format JSON file
USAGE
$ saf convert neuvector2hdf -i <neuvector-json> -o <hdf-scan-results-json>
FLAGS
-i, --input=<value> (required) Input NeuVector Results JSON File
-o, --output=<value> (required) Output HDF JSON file
-w, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert neuvector2hdf -i neuvector.json -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### Nikto to HDF
```
convert nikto2hdf Translate a Nikto results JSON file into a Heimdall
Data Format JSON file.
Note: Currently this mapper only supports single
target Nikto Scans
USAGE
$ saf convert nikto2hdf -i <nikto-json> -o <hdf-scan-results-json> [-h] [-w]
FLAGS
-i, --input=<nikto-json> (required) Input Niktop Results JSON File
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-w, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert nikto2hdf -i nikto-results.json -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### Prisma to HDF
```
convert prisma2hdf Translate a Prisma Cloud Scan Report CSV file into
Heimdall Data Format JSON files
USAGE
$ saf convert prisma2hdf -i <prisma-cloud-csv> -o <hdf-output-folder> [-h]
FLAGS
-i, --input=<prisma-cloud-csv> (required) Prisma Cloud Scan Report CSV
-o, --output=<hdf-output-folder> (required) Output HDF JSON file
GLOBAL FLAGS
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert prisma2hdf -i prismacloud-report.csv -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### Prowler to HDF
```
convert prowler2hdf Translate a Prowler-derived AWS Security Finding
Format results from JSONL
into a Heimdall Data Format JSON file
USAGE
$ saf convert prowler2hdf -i <prowler-finding-json> -o <hdf-output-folder> [-h]
FLAGS
-i, --input=<prowler-finding-json> (required) Input Prowler ASFF JSON File
-o, --output=<hdf-output-folder> (required) Output HDF JSON Folder
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert prowler2hdf -i prowler-asff.json -o output-folder
```
[top](#convert-other-formats-to-hdf)
#### Sarif to HDF
```
convert sarif2hdf Translate a SARIF JSON file into a Heimdall Data
Format JSON file
USAGE
$ saf convert sarif2hdf -i <sarif-json> -o <hdf-scan-results-json> [-h] [-w]
FLAGS
-i, --input=<sarif-json> (required) Input SARIF JSON File
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-w, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
DESCRIPTION
SARIF level to HDF impact mapping are:
SARIF level error -> HDF impact 0.7
SARIF level warning -> HDF impact 0.5
SARIF level note -> HDF impact 0.3
SARIF level none -> HDF impact 0.1
SARIF level not provided -> HDF impact 0.1 as default
EXAMPLES
$ saf convert sarif2hdf -i sarif-results.json -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### Scoutsuite to HDF
```
convert scoutsuite2hdf Translate a ScoutSuite results from a Javascript
object into a Heimdall Data Format JSON file
Note: Currently this mapper only supports AWS
USAGE
$ saf convert scoutsuite2hdf -i <scoutsuite-results-js> -o <hdf-scan-results-json> [-h] [-w]
FLAGS
-i, --input=<scoutsuite-results-js> (required) Input ScoutSuite Results JS File
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-w, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert scoutsuite2hdf -i scoutsuite-results.js -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### Snyk to HDF
```
convert snyk2hdf Translate a Snyk results JSON file into a Heimdall
Data Format JSON file
A separate HDF JSON is generated for each project
reported in the Snyk Report
USAGE
$ saf convert snyk2hdf -i <snyk-json> -o <hdf-scan-results-json> [-h]
FLAGS
-i, --input=<snyk-json> (required) Input Snyk Results JSON File
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert snyk2hdf -i snyk_results.json -o output-file-prefix
```
[top](#convert-other-formats-to-hdf)
#### SonarQube to HDF
NOTE: Pulling data from the SonarQube instance could take an extended amount of time depending on network conditions and the scale of the project being assessed.
NOTE: The SonarQube instance might need "warming up" before it properly returns all the codesnippets and rules from its API so repeated attempts at this command might be necessary.
```
convert sonarqube2hdf Pull SonarQube vulnerabilities for the specified
project name and optional branch or pull/merge
request ID name from an API and convert into a
Heimdall Data Format JSON file
USAGE
$ saf convert sonarqube2hdf -n <sonar-project-key> -u <http://your.sonar.instance:9000> -a <your-sonar-api-key> [ -b <target-branch> | -p <pull-request-id> ] [-s <statuses-to-exclude>] -o <hdf-scan-results-json>
FLAGS
-a, --auth=<your-sonar-api-key> (required) SonarQube API Key / User Token - please ensure that the user has permissions for the project (including seeing the code)
-n, --projectKey=<sonar-project-key> (required) SonarQube Project Key
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-u, --url=<http://your.sonar.instance:9000> (required) SonarQube Base URL (excluding '/api')
-b, --branch=<target-branch> Requires Sonarqube Developer Edition or above
-p, --pullRequestID=<pull-request-id> Requires Sonarqube Developer Edition or above
-g, --organization=<value> SonarQube organization name - used as a default when necessary to access rule descriptions
-s, --excludeIssueStatuses=<value> Comma-separated list of issue statuses to EXCLUDE from results
(e.g. "ACCEPTED,IN_SANDBOX"). Replaces the default exclusions
(FALSE_POSITIVE, FIXED for SonarQube 10.4+; CLOSED for older versions).
Omit this flag to use defaults.
-w, --includeRaw Include raw input requests in HDF JSON file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert sonarqube2hdf -n sonar_project_key -u http://sonar:9000 --auth abcdefg -p 123 -o scan_results.json -w
$ saf convert sonarqube2hdf -n sonar_project_key -u http://sonar:9000 --auth abcdefg -o scan_results.json -s "ACCEPTED,IN_SANDBOX"
```
[top](#convert-other-formats-to-hdf)
#### Splunk to HDF
```
convert splunk2hdf Pull HDF data from your Splunk instance back into an HDF file
USAGE
$ saf splunk2hdf -H <host> -I <index> [-h] [-P <port>] [-s http|https] (-u <username> -p <password> | -t <token>) [-L info|warn|debug|verbose] [-i <filename/GUID> -o <hdf-output-folder>]
FLAGS
-H, --host=<value> (required) Splunk Hostname or IP
-I, --index=<value> (required) Splunk index to query HDF data from
-P, --port=<value> [default: 8089] Splunk management port (also known as the Universal Forwarder port)
-i, --input=<value>... GUID(s) or Filename(s) of files from Splunk to convert
-o, --output=<value> Output HDF JSON Folder
-p, --password=<value> Your Splunk password
-s, --scheme=<option> [default: https] HTTP Scheme used for communication with splunk
<options: http|https>
-t, --token=<value> Your Splunk API Token
-u, --username=<value> Your Splunk username
GLOBAL FLAGS
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert splunk2hdf -H 127.0.0.1 -u admin -p Valid_password! -I hdf -i some-file-in-your-splunk-instance.json -i yBNxQsE1mi4f3mkjtpap5YxNTttpeG -o output-folder
```
[top](#convert-other-formats-to-hdf)
#### Trivy to HDF
```
convert trivy2hdf Translate a Trivy-derived AWS Security Finding
Format results from JSONL
into a Heimdall Data Format JSON file
USAGE
$ saf convert trivy2hdf -i <trivy-finding-json> -o <hdf-output-folder>
FLAGS
-i, --input=<trivy-finding-json> (required) Input Trivy ASFF JSON File
-o, --output=<hdf-output-folder> (required) Output HDF JSON Folder
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
DESCRIPTION
Note: Currently this mapper only supports the results of Trivy's `image`
subcommand (featuring the CVE findings) while using the ASFF template format
(which comes bundled with the repo). An example call to Trivy to get this
type of file looks as follows:
AWS_REGION=us-east-1 AWS_ACCOUNT_ID=123456789012 trivy image --no-progress --format template --template "@/absolute_path_to/git_clone_of/trivy/contrib/asff.tpl" -o trivy_asff.json golang:1.12-alpine
EXAMPLES
$ saf convert trivy2hdf -i trivy-asff.json -o output-folder
```
[top](#convert-other-formats-to-hdf)
#### Trufflehog to HDF
```
convert trufflehog2hdf Translate a Trufflehog output file into an HDF results set
USAGE
$ saf convert trufflehog2hdf -i <trufflehog-json> -o <hdf-scan-results-json> [-h] [-w]
FLAGS
-i, --input=<trufflehog-json> (required) Input Trufflehog file
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-w, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert trufflehog2hdf -i trufflehog.json -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### Twistlock to HDF
```
convert twistlock2hdf Translate a Twistlock CLI output file into an HDF results set
USAGE
$ saf convert twistlock2hdf -i <twistlock-json> -o <hdf-scan-results-json> [-h] [-w]
FLAGS
-i, --input=<twistlock-json> (required) Input Twistlock file
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-w, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert twistlock2hdf -i twistlock.json -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### Veracode to HDF
```
convert veracode2hdf Translate a Veracode XML file into a Heimdall Data
Format JSON file
USAGE
$ saf convert veracode2hdf -i <veracode-xml> -o <hdf-scan-results-json> [-h]
FLAGS
-i, --input=<veracode-xml> (required) Input Veracode XML File
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert veracode2hdf -i veracode_results.xml -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### XCCDF Results to HDF
***Note:*** `xccdf_results2hdf` only supports native OpenSCAP and SCC output.
```
convert xccdf_results2hdf Translate a SCAP client XCCDF-Results XML report
to a Heimdall Data Format JSON file
USAGE
$ saf convert xccdf_results2hdf -i <xccdf-results-xml> -o <hdf-scan-results-json> [-h] [-w]
FLAGS
-i, --input=<xccdf-results-xml> (required) Input XCCDF Results XML File
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-w, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert xccdf_results2hdf -i results-xccdf.xml -o output-hdf-name.json
```
[top](#convert-other-formats-to-hdf)
#### OWASP ZAP to HDF
```
convert zap2hdf Translate a OWASP ZAP results JSON to a Heimdall Data Format JSON file
USAGE
$ saf convert zap2hdf -i <zap-json> -n <target-site-name> -o <hdf-scan-results-json> [-h] [-w]
FLAGS
-i, --input=<zap-json> (required) Input OWASP Zap Results JSON File
-n, --name=<target-site-name> (required) Target Site Name
-o, --output=<hdf-scan-results-json> (required) Output HDF JSON File
-w, --includeRaw Include raw input file in HDF JSON file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf convert zap2hdf -i zap_results.json -n mitre.org -o scan_results.json
```
[top](#convert-other-formats-to-hdf)
---
### eMASSer API CLI
The SAF CLI implements the eMASS REST API capabilities by incorporating the eMASSer CLI into the SAF CLI. Please references the [eMASSer Features](https://saf-cli.mitre.org/docs/emasser) 📜 for additional information
To get top level help execute the following commad:
```
$ saf emasser [-h or -help]
[eMASS] The eMASS REST API implementation
USAGE
$ saf emasser COMMAND
TOPICS
emasser delete eMass REST API DELETE endpoint commands
emasser get eMass REST API GET endpoint commands
emasser post eMass REST API POST endpoint commands
emasser put eMass REST API PUT endpoint commands
COMMANDS
emasser configure Generate a configuration file (.env) for accessing an eMASS instances.
emasser version Display the eMASS API specification version the CLI implements.
```
[top](#emasser-client)
___
### View
#### Heimdall
You can start a local Heimdall Lite instance to visualize your findings with the SAF CLI. To start an instance use the `saf view heimdall` command:
```
view heimdall Run an instance of Heimdall Lite to
visualize your data
USAGE
$ saf view heimdall [-h] [-p <port>] [-f <file>] [-n]
FLAGS
-h, --help Show CLI help
-f, --files=<file>... File(s) to display in Heimdall
-n, --noOpenBrowser Don't open the default browser automatically
-p, --port=<port> [default: 3000] Port To Expose Heimdall On (Default 3000)
ALIASES
$ saf heimdall
EXAMPLES
$ saf view heimdall -p 8080
```
[top](#view-hdf-summaries-and-data)
#### Summary
To get a quick compliance summary from an HDF file (grouped by profile name) use the `saf view summary` command:
```
view summary Get a quick compliance overview of an HDF file
USAGE
$ saf view summary -i <<hdf-file>... [-o <output>] [-f json|yaml|markdown] [-s] [-r] [-t] [-l <value>] [-h]
FORMATTING FLAGS
-f, --format=<option> [default: yaml] Specify output format
<options: json|yaml|markdown>
-r, --[no-]print-pretty Enable human-readable data output
-t, --[no-]title-table Add titles to the markdown table(s)
HELP FLAGS
-h, --help Show help information
I/O FLAGS
-i, --input=<value>... (required) Specify input HDF file(s)
-o, --output=<value> Specify output file(s)
-s, --[no-]stdout Enable printing to console
DEBUGGING FLAGS
-l, --logLevel=<value> [default: info] Set log level
ALIASES
$ saf summary
EXAMPLES
Summarize 'input.hdf' single HDF file
$ saf summary -i input.hdf
Specify Formats
$ saf summary -i input.hdf input.json --format=json
Output GitHub Flavored Markdown Table, skip the console, and save to 'output.md
$ saf summary -i input.hdf input.json --format=markdown --no-stdout -o output.md
Summarize multiple HDF files
$ saf summary --input input1.hdf --input input2.hdf
$ saf summary --input input1.hdf input2.hdf
Save summary to 'output.json' and print to the console
$ saf summary -i input.hdf --output output.json
Enable human-readable output
$ saf summary --input input.hdf --pretty-print
Useful for scripts or data-processing (RAW yaml/json/etc.)
$ saf summary -i input.hdf --no-pretty-print
```
[top](#view-hdf-summaries-and-data)
---
### Validate
#### Thresholds
See the wiki for more information on 👉 [template files](https://github.com/mitre/saf/wiki/Validation-with-Thresholds).
```
validate threshold Validate the compliance and status counts of an HDF file
USAGE
$ saf validate threshold -i <hdf-json> [-I <flattened-threshold-json> | -T <template-file>] [-h] [-L info|warn|debug|verbose]
FLAGS
-i, --input=<value> (required) The HDF JSON File to be validated by the threshold values
-T, --templateFile=<value> A threshold YAML file containing expected threshold values.
Generate it using the "saf generate threshold" command
-I, --templateInline=<value> An inline (on the command line) flattened JSON containing the validation
thresholds (Intended for backwards compatibility with InSpec Tools)
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
Providing a threshold template file
$ saf validate threshold -i rhel7-results.json -T threshold.yaml
Specifying the threshold inline
$ saf validate threshold -i rhel7-results.json -I "{compliance.min: 80}, {passed.total.min: 18}, {failed.total.max: 2}"
```
[top](#validate-hdf-thresholds)
---
### Generate
#### Delta
See the wiki for more information on 👉 [Delta](https://github.com/mitre/saf/wiki/Delta).
```
Update an existing InSpec profile with updated XCCDF guidance
USAGE
$ saf generate delta [-h] [-L info|warn|debug|verbose] [-J <value> | --interactive] [-X <value> | -U <value>]
[-o <value> | ] [-O <value> | ] [-r <value> | ] [-T rule|group|cis|version | ] [-M -c <value>]
FLAGS
-J, --inspecJsonFile=<value> InSpec Profile Controls JSON summary file
- can be generated using the "[cinc-auditor or inspec] json <profile path> | jq . > profile.json" command
-M, --runMapControls Run the approximate string matching process
-O, --ovalXmlFile=<value> The OVAL XML file containing definitions used in the new guidance - in the form of .xml file
-T, --idType=<option> [default: rule] Control ID Types: 'rule' - Vulnerability IDs (ex. 'SV-XXXXX'), 'group' - Group IDs (ex. 'V-XXXXX'), 'cis' - CIS Rule IDs
(ex. C-1.1.1.1), 'version' - Version IDs (ex. RHEL-07-010020 - also known as STIG IDs)
<options: rule|group|cis|version>
-U, --xccdfUrl=<value> (required [-X or -U] or --interactive) The URL for the XCCDF package containing the new guidance (.zip, e.g., DISA STIG downloads)
-X, --xccdfXmlFile=<value> (required [-X or -U] or --interactive) The XCCDF File containing the new guidance (.xml or .zip)
-c, --controlsDir=<value> (required with -M or -J not provided) The InSpec profile directory containing the controls to update (controls Delta is processing)
-o, --deltaOutputDir=<value> (required if not --interactive) The output folder for the updated profile (this will contain the new controls modified by delta)
- if it is not empty, it will be overwritten.
-r, --reportFile=<value> Output markdown report file - must have an extension of .md
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
Running the CLI interactively
$ saf generate delta --interactive
Providing a XCCDF (File), a Profile Controls Summary, and no Fuzzy matching)
$ saf generate delta -X <xccdf_benchmarks.[xml, zip]>, -J <profile_summary.json> -c <current-controls-dir> -o <updated_controls_dir>, [options]
Providing a XCCDF (URL), a Profile Controls Summary, and no Fuzzy matching)
$ saf generate delta -U <URL-to-benchmark.zip>, -J <profile_summary.json> -c <current-controls-dir> -o <updated_controls_dir>, [options]
Providing a XCCDF (File), a Profile Controls Summary, with Fuzzy matching)
$ saf generate delta -X <xccdf_benchmarks.[xml, zip]>, -J <profile_summary.json> -c <current-controls-dir> -o <updated_controls_dir>, -M, [options]
Providing a XCCDF (URL), a Profile Controls Summary, with Fuzzy matching)
$ saf generate delta -U <URL-to-benchmark.zip>, -J <profile_summary.json> -c <current-controls-dir> -o <updated_controls_dir>, -M, [options]
```
[top](#generate-data-reports-and-more)
#### Delta Supporting Options
Use this process prior of running `generate delta`. The process updates the controls with metadata provided by the XCCDF guidance to include the controls name and number. Additionally it formates the control the same way the `generate delta` will. Running this process minimizes the delta output content and makes for better and easier visualization of the modification provided by the Delta process.
```
USAGE
$ saf generate update_controls4delta [-X <value> | -U <value>] -c <value> [-J <value>] [-P V|SV] [-g] [-f] [-b] [-h] [--interactive] [-L info|warn|debug|verbose]
FLAGS
-U, --xccdfUrl=<value> (required [-X or -U]) The URL pointing to the XCCDF file containing the new guidance (DISA STIG downloads)
-X, --xccdfXmlFile=<value> (required [-X or -U]) The XCCDF XML file containing the new guidance - in the form of .xml file
-c, --controlsDir=<value> (required) The InSpec profile controls directory containing the profiles to be updated
-J, --inspecJsonFile=<value> Input execution/profile JSON file - can be generated using the "inspec json <profile path> > profile.json"
command. If not provided the `inspec` CLI must be installed
-P, --controlPrefix=<option> [default: V] Old control number prefix V or SV, default V <options: V|SV>
-g, --[no-]useXccdfGroupId Use the XCCDF `Group Id` to rename the controls. Uses prefix V or SV based on controlPrefix option
[default: false]
-b, --[no-]backupControls Preserve modified controls in a backup directory (oldControls) inside the controls directory
[default: true]
-f, --[no-]formatControls Format control contents in the same way `generate delta` will write controls
[default: true]
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
Providing an XCCDF File
$ saf generate update_controls4delta -X ./the_xccdf_guidance_file.xml [-J <profile_json_file.json>]
[-c the_controls_directory --no-backupControls --no-formatControls -P <V or SV> -g -L debug]
Providing an URL point to an ZIP XCCDF (from DISA STIG downloads)
$ saf generate update_controls4delta -U <URL to DISA STIGs downloads> [-J <profile_json_file.json>]
[-c the_controls_directory --no-backupControls --no-formatControls -P <V or SV> -g -L debug]
```
[top](#generate-data-reports-and-more)
#### CKL Templates
Checklist template files are used to give extra information to `saf convert hdf2ckl`.
```
generate ckl_metadata Generate a checklist metadata template for "saf convert hdf2ckl"
USAGE
$ saf generate ckl_metadata -o <json-file> [-h]
FLAGS
-o, --output=<json-file> (required) Output JSON File
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf generate ckl_metadata -o rhel_metadata.json
```
[top](#generate-data-reports-and-more)
#### InSpec Metadata
InSpec metadata files are used to give extra information to `saf convert *2inspec_stub`.
```
generate inspec_metadata Generate an InSpec metadata template for "saf convert *2inspec_stub"
USAGE
$ saf generate inspec_metadata -o <json-file>
FLAGS
-o, --output=<json-file> (required) Output JSON File
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf generate inspec_metadata -o ms_sql_baseline_metadata.json
```
[top](#generate-data-reports-and-more)
#### Inspec Profile
```
generate inspec_profile Generate a new skeleton profile based on a (STIG or CIS) XCCDF benchmark file
USAGE
$ saf generate inspec_profile -X <stig-xccdf-xml> [-O <oval-xccdf-xml] [-o <output-folder>] [-m <metadata-json>] [-T (rule|group|cis|version)] [-s] [-L (info|warn|debug|verbose)] [-h] [--interactive]
FLAGS
-X, --xccdfXmlFile=<value> (required) Path to the XCCDF benchmark file
-O, --ovalDefinitions=<value> Path to an OVAL definitions file to populate profile elements that reference OVAL definitions
-T, --idType=<option> [default: rule] Control ID Types: 'rule' - Vulnerability IDs (ex. 'SV-XXXXX'), 'group' -
Group IDs (ex. 'V-XXXXX'), 'cis' - CIS Rule IDs (ex.
C-1.1.1.1), 'version' - Version IDs (ex. RHEL-07-010020 - also known as STIG IDs)
<options: rule|group|cis|version>
-m, --metadata=<value> Path to a JSON file with additional metadata for the inspec.yml
The metadata Json is of the following format:
{"maintainer": string, "copyright": string, "copyright_email": string, "license": string, "version": string}
-o, --output=<value> [default: profile] The output folder to write the generated InSpec content (defaults to profile if
unable to translate xccdf title)
-s, --singleFile Output the resulting controls as a single file
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
ALIASES
$ saf generate xccdf_benchmark2inspec_stub
EXAMPLES
$ saf generate xccdf_benchmark2inspec_stub -X ./U_RHEL_6_STIG_V2R2_Manual-xccdf.xml -T group --logLevel debug -r rhel-6-update-report.md
$ saf generate xccdf_benchmark2inspec_stub -X ./CIS_Ubuntu_Linux_18.04_LTS_Benchmark_v1.1.0-xccdf.xml -O ./CIS_Ubuntu_Linux_18.04_LTS_Benchmark_v1.1.0-oval.xml --logLevel debug
```
[top](#generate-data-reports-and-more)
#### Thresholds
Threshold files are used in Continious Integration (CI) to ensure minimum compliance levels and validate control severities and statuses using `saf validate threshold`
See the wiki for more information on 👉 [template files](https://github.com/mitre/saf/wiki/Validation-with-Thresholds).
```
generate threshold Generate a compliance template for "saf validate threshold".
Default output states that you must have your current
control counts or better (More Passes and/or less
Fails/Skips/Not Applicable/No Impact/Errors)
USAGE
$ saf generate threshold -i <hdf-json> [-o <threshold-yaml>] [-h] [-e] [-c]
FLAGS
-c, --generateControlIds Validate control IDs have the correct severity and status
-e, --exact All counts should be exactly the same when validating, not just less than or greater than
-i, --input=<value> (required) Input HDF JSON File
-o, --output=<value> Output Threshold YAML File
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf generate threshold -i rhel7-results.json -e -c -o output.yaml
```
[top](#generate-data-reports-and-more)
#### Spreadsheet (csv/xlsx) to InSpec
You can use `saf generate spreadsheet2inspec_stub` to generate an InSpec profile stub from a spreadsheet file.
```
generate spreadsheet2inspec_stub Generate an InSpec profile stub from a CSV STIGs or CIS XLSX benchmarks
USAGE
$ saf generate spreadsheet2inspec_stub -i, --input=<XLSX or CSV> -o, --output=FOLDER
OPTIONS
-M, --mapping=mapping Path to a YAML file with mappings for each field, by default, CIS Benchmark
fields are used for XLSX, STIG Viewer CSV export is used by CSV
-c, --controlNamePrefix=controlNamePrefix Prefix for all control IDs
-f, --format=cis|disa|general [default: general]
-i, --input=input (required)
-e, --encodingHeader Add the "# encoding: UTF-8" comment at the top of each control
-l, --lineLength=lineLength [default: 80] Characters between lines within InSpec controls
-m, --metadata=metadata Path to a JSON file with additional metadata for the inspec.yml file
-o, --output=output (required) [default: profile] Output InSpec profile stub folder
GLOBAL FLAGS
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
saf generate spreadsheet2inspec_stub -i spreadsheet.xlsx -o profile
```
[top](#generate-data-reports-and-more)
##### DoD Stub vs CIS Stub Formatting
The converter supports both Stub and CIS styles. The `--format` flag is used to specify the required output format. Default is DoD Stub Format.
- Specifying the `--format` flag as either `cis` or `disa` will parse the input spreadsheet according to the standard formats for CIS Benchmark exports and DISA STIG exports, respectively.
- You can also use the `general` setting (the default) to parse an arbitrary spreadsheet, but if you do so, you must provide a mapping file with the `--mapping` flag so that `saf` can parse the input.
- If you provide a non-standard spreadsheet, the first row of values are assumed to be column headers.
[top](#generate-data-reports-and-more)
#### Mapping Files
Mapping files are YAML files that tell `saf` which columns in the input spreadsheet should be parsed. Mapping files are structured as following:
``` yaml
id: # Required
- ID
- "recommendation #"
title: # Required
- Title # You can give more than one column header as a value for an
- title # attribute if you are not sure how it will be spelled in the input.
desc:
- Description
- Discussion
- description
impact: 0.5 # If impact is set, its value will be used for every control
desc.rationale:
- Rationale
- rationale statement
desc.check: # Required
- Audit
- audit procedure
desc.fix:
- Remediation
- remediation procedure
desc.additional_information: # You can define arbitrary values under desc and tag
- Additional Information # if you have extra fields to record
desc.default_value:
- Default Value
ref: # InSpec keyword - saf will check this column for URLs (links to documentation)
- References # and record each address as a ref attribute
```
Where the keys (`title`) are InSpec control attributes and the values (`- Title`) are the column headers in the input spreadsheet that correspond to that attribute.
[top](#generate-data-reports-and-more)
---
### Supplement
Supplement (ex. read or modify) elements that provide contextual information in an HDF file such as `passthrough` or `target`
#### Passthrough
Supplement (ex. read or modify) the `passthrough` element, which provides contextual information in the Heimdall Data Format results JSON file
```
EXAMPLE (combined read, modfication, and overwrite of the original file)
$ saf supplement passthrough read -i hdf_with_passthrough.json | jq -rc '.key = "new value"' | xargs -0 -I{} saf supplement passthrough write -i hdf_with_passthrough.json -d {}
```
Passthrough data can be any context/structure. See the sample below or visit 👉 [Supplement HDF files with additional information](https://github.com/mitre/saf/wiki/Supplement-HDF-files-with-additional-information-(ex.-%60passthrough%60,-%60target%60))
```json
{
"CDM": {
"HWAM": {
"Asset_ID_Tattoo": "arn:aws:ec2:us-east-1:123456789012:instance/i-12345acbd5678efgh90",
"Data_Center_ID": "1234-5678-ABCD-1BB1-CC12DD34EE56FF78",
"FQDN": "i-12345acbd5678efgh90.ec2.internal",
"Hostname": "i-12345acbd5678efgh90",
"ipv4": "10.0.1.25",
"ipv6": "none defined",
"mac": "02:32:fd:e3:68:a1",
"os": "Linux",
"FISMA_ID": "ABCD2C21-7781-92AA-F126-FF987CZZZZ"
},
"CSM": {
"Server_Type": "member server",
"source_tool": "InSpec"
}
}
}
```
[top](#enhance-and-supplement-hdf-data)
##### Read
```
supplement passthrough read Read the `passthrough` attribute in a given Heimdall Data Format JSON file and send it to stdout or write it to a file
USAGE
$ saf supplement passthrough read -i <hdf-json> [-o <passthrough-json>]
FLAGS
-i, --input=<value> (required) An input HDF file
-o, --output=<value> An output `passthrough` JSON file (otherwise the data is sent to stdout)
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf supplement passthrough read -i hdf.json -o passthrough.json
```
[top](#enhance-and-supplement-hdf-data)
##### Write
```
supplement passthrough write Overwrite the `passthrough` attribute in a given HDF file with the provided `passthrough` JSON data
USAGE
$ saf supplement passthrough write -i <input-hdf-json> (-f <input-passthrough-json> | -d <passthrough-json>) [-o <output-hdf-json>]
FLAGS
-d, --passthroughData=<value> Input passthrough-data (can be any valid JSON); this flag or `passthroughFile` must be provided
-f, --passthroughFile=<value> An input passthrough-data file (can contain any valid JSON); this flag or `passthroughData` must be provided
-i, --input=<value> (required) An input Heimdall Data Format file
-o, --output=<value> An output Heimdall Data Format JSON file (otherwise the input file is overwritten)
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
DESCRIPTION
Passthrough data can be any context/structure. See sample ideas at [https://github.com/mitre/saf/wiki/Supplement-HDF-files-with-additional-information-(ex.-%60passthrough%60,-%60target%60)#:~:text=Settings-,Supplement%20HDF%20files%20with%20additional%20information,-(ex.%20%60passthrough%60%2C%20%60target](https://github.com/mitre/saf/wiki/Supplement-HDF-files-with-additional-information-(ex.-%60passthrough%60,-%60target%60))
EXAMPLES
Providing passthrough-data
$ saf supplement passthrough write -i hdf.json -d '{"a": 5}'
Using passthrough-data file
$ saf supplement passthrough write -i hdf.json -f passthrough.json -o new-hdf.json
```
[top](#enhance-and-supplement-hdf-data)
#### Target
Supplement (ex. read or modify) the `target` element, which provides contextual information in the Heimdall Data Format results JSON file
```
EXAMPLE (combined read, modfication, and overwrite of the original file)
$ saf supplement target read -i hdf_with_target.json | jq -rc '.key = "new value"' | xargs -0 -I{} saf supplement target write -i hdf_with_target.json -d {}
```
Passthrough data can be any context/structure. See the sample below or visit 👉 [Supplement HDF files with additional information](https://github.com/mitre/saf/wiki/Supplement-HDF-files-with-additional-information-(ex.-%60passthrough%60,-%60target%60))
```json
{
"AWS":{
"Resources":[
{
"Type":"AwsEc2Instance",
"Id":"arn:aws:ec2:us-east-1:123456789012:instance/i-06036f0ccaa012345",
"Partition":"aws",
"Region":"us-east-1",
"Details":{
"AwsEc2Instance":{
"Type":"t2.medium",
"ImageId":"ami-0d716eddcc7b7abcd",
"IpV4Addresses":[
"10.0.0.27"
],
"KeyName":"rhel7_1_10152021",
"VpcId":"vpc-0b53ff8f37a06abcd",
"SubnetId":"subnet-0ea14519a4ddaabcd"
}
}
}
]
}
}
```
[top](#enhance-and-supplement-hdf-data)
##### Read
```
supplement target read Read the `target` attribute in a given Heimdall Data Format JSON file and send it to stdout or write it to a file
USAGE
$ saf supplement target read -i <hdf-json> [-o <target-json>]
FLAGS
-i, --input=<value> (required) An input HDF file
-o, --output=<value> An output `target` JSON file (otherwise the data is sent to stdout)
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
EXAMPLES
$ saf supplement target read -i hdf.json -o target.json
```
[top](#enhance-and-supplement-hdf-data)
##### Write
```
supplement target write Overwrite the `target` attribute in a given HDF file with the provided `target` JSON data
USAGE
$ saf supplement target write -i <input-hdf-json> (-f <input-target-json> | -d <target-json>) [-o <output-hdf-json>]
FLAGS
-d, --targetData=<value> Input target-data (can be any valid JSON); this flag or `targetFile` must be provided
-f, --targetFile=<value> An input target-data file (can contain any valid JSON); this flag or `targetData` must be provided
-i, --input=<value> (required) An input Heimdall Data Format file
-o, --output=<value> An output Heimdall Data Format JSON file (otherwise the input file is overwritten)
GLOBAL FLAGS
-h, --help Show CLI help
-L, --logLevel=<option> [default: info] Specify level for logging (if implemented by the CLI command)
<options: info|warn|debug|verbose>
--interactive Collect input tags interactively (not available on all CLI commands)
DESCRIPTION
Target data can be any context/structure. See sample ideas at https://github.com/mitre/saf/wiki/Supplement-HDF-files-with-additional-information-(ex.-%60passthrough%60,-%60target%60)
EXAMPLES
Providing target-data
$ saf supplement target write -i hdf.json -d '{"a": 5}'
Using target-data file
$ saf supplement target write -i hdf.json -f target.json -o new-hdf.json
```
[top](#enhance-and-supplement-hdf-data)
# Authors
- Author:: Will Dower [wdower](https://github.com/wdower)
- Author:: Ryan Lin [Rlin232](https://github.com/rlin232)
- Author:: Amndeep Singh Mann [Amndeep7](https://github.com/amndeep7)
- Author:: Camden Moors [camdenmoors](https://github.com/camdenmoors)
- Author:: Emily Rodriguez [em-c-rod](https://github.com/em-c-rod)
- Author:: George Dias [georgedias](https://github.com/georgedias)
================================================
FILE: VERSION
================================================
1.6.0
================================================
FILE: _config.yml
================================================
theme: jekyll-theme-cayman
================================================
FILE: bin/run
================================================
#!/usr/bin/env node
const oclif = require('@oclif/core')
oclif.run().then(require('@oclif/core/flush')).catch(require('@oclif/core/handle'))
================================================
FILE: bin/run.cmd
================================================
@echo off
node "%~dp0\run" %*
================================================
FILE: docs/contributors-guide.md
================================================
# MITRE SAF Development, Testing and Contribution Guide
The MITRE saf-cli is an OCLIF application developed with TypeScript.
## Prerequisites
- Node.js (check the package.json file for the current version)
- npm (version 6 or newer)
## Installation
To install the project, clone the repository and install the dependencies:
```bash
git clone https://github.com/mitre/saf.git
cd project
npm install
```
## Development
To start the development server, run:
```bash
npm run dev -- ${command you desire to run & its flags}
```
This script will clean the `lib` directory, compile the TypeScript files, and start the application. You can pass arguments to the `dev` script using the `--` syntax. For example:
```bash
npm run dev -- --help
npm run dev -- view summary
```
## Testing
We use both ts-mocha/chai and ts-jest for testing.
### Command Tests
The 'command' tests are located in the `./test/commands` directory and organized by the OCLIF commands such as attest, view, generate etc. These tests are written in ts-mocha. You can run all the tests or a single test. For example:
```bash
npm run test:mocha
npm run test:mocha:one ./test/commands/view/summary.ts
```
### Utility Tests
The 'utility' tests are located in the `./test/utils` directory and organized by each of the utility classes of the saf-cli. These tests are a mix of chai and jest tests. The chai tests are all the files named `{utility}.test.ts` and the jest tests are located in the `__tests__` directory. You can run all the tests or a single test. For example:
```bash
npm run test:jest
npm run test:jest:one ./test/utils/calculations.test.ts
```
### Run All Tests
To invoke all tests `chai` and `jest` use the following commands:
```bash
npm run test
npm run tests
```
## Linting
We use ESLint with the TypeScript ESLint plugin for linting. The command lint’s all TypeScript files found in the `scr` directory (including sub-directories). To run the linter, use:
```bash
npm run lint:ci # Reports issues found, does not fix them
npm run lint # Invokes the --fix flag, fixes issues found
```
## Building
To build the project, use:
```bash
npm run prepack
```
This script will clean the `lib` directory and compile the TypeScript files.
## Usage
Here's how you can use the CLI:
```bash
./bin/run command-name # Darwin or Linux
node bin/run command-name # Windows
```
You can get help on the available commands with:
```bash
./bin/run --help # Darwin or Linux
node bin/run --help # Windows
```
## Creating a Release
The process of creating a release is document in the SAF CLI Wiki Page [How-to Create a SAF CLI Release](https://github.com/mitre/saf/wiki/How%E2%80%90to-Create-a-SAF-CLI-Release)
>[!WARNING]
> Before executing the preparatory script ensure that you're on a directory containing the most recent commit of the SAF CLI. The first step of the scrip will do a `git checkout main` proceeding by a `git pull origin main`
Basically the process of creating a SAF CLI release consists of performing the following steps:
1. Run the appropriate preparatory release script
```bash
./release-pre.sh # Darwin or Linux
.\release-pre.ps1 # Windows
```
The script performs the following:
- Retrieve the latest main content
- Bump the SAF CLI version number in the VERSION file and package.json
- Update MITRE dependencies to latest versions
- Remove the `node_modules` if exists
- Install all supporting modules
- Build and run all tests
- Add unstaged files to the staging area (package.json - version) or any other file with the modified flag (M)
- Commit previously staged files with `signoff` tag with the new version number
- Tag the commit with new release version
- Push and updated all three references to the repository with the version number
2. Add the generated packages to the staged release
3. Associate the tags with the drafted release
4. Set the release to be the latest
5. Publish the release
>[!NOTE]
>Detailed information on steps 2 through 5 are listed in the [How-to Create a SAF CLI Release](https://github.com/mitre/saf/wiki/How%E2%80%90to-Create-a-SAF-CLI-Release) Wiki page
## Contributing
Contributions are welcome! We use the standard GitFlow model for PRs. Please ensure that your PRs pass all tests and close all related issues. We also use a semver-based release process.
## License
See the LICENSE and NOTICE files at the root of the project.
================================================
FILE: docs/emasser/index.md
================================================
# SAF CLI eMASSer Features and Capabilities
## Environment Variables
To facilitate setting the required environment variables the `SAF CLI eMASSer` utilizes a zero-dependency module to load Required/Optional variables from a `.env` file. See [Generating an eMASS Configuration File](#generating-an-emass-configuration-file)
### Configuring the `.env` File
An `.env-example` file is provided with the required and optional fields.
Modify the `.env-example` as necessary and save it as a `.env` file.
Place the file on the path where the `emasser` command is executed.
### Required Environment Variables
The following environment variables are required:
* EMASSER_API_KEY=`<API key>`
* EMASSER_HOST_URL=`<FQDN of the eMASS server>`
* EMASSER_KEY_FILE_PATH=`<<The eMASS key.pem private key file in PEM format (if provided, the CERT is required)>>`
* EMASSER_CERT_FILE_PATH=`<The eMASS client.pem certificate file in PEM format (if provided, the KEY is required)>`
* EMASSER_CA_FILE_PATH=`<The eMASS CA certificate (if provided no Key or Client PEM is needed)>`
* EMASSER_KEY_FILE_PASSWORD=`<The certificate passphrase>`
### Optional but required by most eMASS integrations
* EMASSER_USER_UID=`<Unique user identifier associated with the API Key (api-key)`
### Optional Environment Variables
The following environment variables are *optional:
* EMASSER_PORT=`<The server communication port number (default is 443)`
* EMASSER_REQUEST_CERT=`<Server requests a certificate from clients - true or false (default false)>`
* EMASSER_REJECT_UNAUTHORIZED=`<Reject connection not authorized with the list of supplied CAs- true or false (default true)>`
* EMASSER_DEBUGGING=`<set debugging - true or false (default false)>`
* EMASSER_CLI_DISPLAY_NULL=`<display null value fields - true or false (default true)>`
* EMASSER_EPOCH_TO_DATETIME=`<convert epoch to data/time value - true or false (default false)>`
* EMASSER_DOWNLOAD_DIR=`<directory where exported files are saved (default eMASSerDownloads)>`
\* If not provided defaults are used
The proper format to set these variables in the `.env` files is as follows:
```bash
[VARIABLE_NAME]='value'
```
***NOTE***
The `eMASSer` commands requires access to an eMASS instance. Authentication and authorization to an eMASS instance is **not** a function of `eMASSer CLI` and needs to be accomplished with the eMASS instance owner organization. Further information about eMASS credential requirements refer to [Defense Counterintelligence and Security Agency](https://www.dcsa.mil/is/emass/) about eMASS access.
Fo instruction on how to request an eMASS visit [eMASS Account Process Request and API Registration](https://github.com/mitre/emasser/wiki/eMASS-Account-Process-Request-and-API-Registration)
---
## Common eMASSer Endpoint Requests Information
- The eMASS API provides the capability of updating multiple entries within several endpoints, however the `SAF CLI eMASSer`, in some cases only supports updating one entry at the time.
## API Endpoints Provided
### GET
* [/api](#get-test-connection)
* [/api/systems](#get-system)
* [/api/systems/{systemId}](#get-systems)
* [/api/system-roles](#get-roles)
* [/api/system-roles/{roleCategory}](#get-roles)
* [/api/systems/{systemId}/controls](#get-controls)
* [/api/systems/{systemId}/test-results](#get-test_results)
* [/api/systems/{systemId}/poams](#get-poams)
* [/api/systems/{systemId}/poams/{poamId}](#get-poams)
* [/api/systems/{systemId}/poams/{poamId}/milestones](#get-milestones)
* [/api/systems/{systemId}/poams/{poamId}/milestones/{milestoneId})](#get-milestones)
* [/api/systems/{systemId}/artifacts](#get-artifacts)
* [/api/systems/{systemId}/artifacts-export](#get-artifacts)
* [/api/systems/{systemId}/approval/cac](#get-cac)
* [/api/systems/{systemId}/approval/pac](#get-pac)
* [/api/systems/{systemId}/hw-baseline](#get-hardware)
* [/api/systems/{systemId}/sw-baseline](#get-sotware)
* [/api/cmmc-assessments](#get-cmmc)
* [/api/workflow-definitions](#get-workflow_definitions)
* [/api/systems/{systemId}/workflow-instances](#get-workflow_instances)
* [/api/dashboards/{endpoint}](#get-dashboards)
### POST
* [/api/api-key](#post-register-cert)
* [/api/systems/{systemId}/test-results](#post-test_results)
* [/api/systems/{systemId}/poam](#post-poams)
* [/api/systems/{systemId}/poam/{poamId}/milestones](#post-milestones)
* [/api/systems/{systemId}/artifacts](#post-artifacts)
* [/api/systems/{systemId}/approval/cac](#post-cac)
* [/api/systems/{systemId}/approval/pac](#post-pac)
* [/api/systems/{systemId}/hw-baseline](#post-hardware)
* [/api/systems/{systemId}/sw-baseline](#post-software)
* [/api/systems/{systemId}/device-scan-results](#post-device-scan-results)
* [/api/systems/{systemId}/cloud-resource-results](#post-cloud_resource)
* [/api/systems/{systemId}/container-scan-results](#post-container_scans)
* [/api/systems/{systemId}/static-code-scans](#post-static_code_scans)
### PUT
* [/api/systems/{systemId}/controls](#put-controls)
* [/api/systems/{systemId}/poams](#put-poams)
* [/api/systems/{systemId}/poams/{poamId}/milestones](#put-milestones)
* [/api/systems/{systemId}/artifacts](#put-artifacts)
* [/api/systems/{systemId}/hw-baseline](#put-hardware)
* [/api/systems/{systemId}/sw-baseline](#put-software)
### DELETE
* [/api/systems/{systemId}/poams](#delete-poams)
* [/api/systems/{systemId}/poams/{poamId}/milestones](#delete-milestones)
* [/api/systems/{systemId}/artifacts](#delete-artifacts)
* [/api/systems/{systemId}/hw-baseline](#delete-hardware)
* [/api/systems/{systemId}/sw-baseline](#delete-software)
## Generating an eMASS Configuration File
Provided with the eMASS API CLI is an interactive command line user interface for generating the configuration file `.env` required to connect to an eMASS instance(s).
```
Generate a configuration file (.env) for accessing an eMASS instances.
USAGE
$ saf emasser configure
DESCRIPTION
Generate a configuration file (.env) for accessing an eMASS instances.
Authentication to an eMASS instances requires a PKI-valid/trusted client
certificate. The eMASSer CLI accepts a Key/Client pair certificates (.pem) or
a CA certificate (.pem or .crt). A Unique user identifier (user-uid) is used by
most eMASS integration, however certain integrations, the user-uid is not required
Required eMASS configuration variables:
EMASSER_API_KEY <The eMASS API key (api-key) - valid key is > 30 alpha numeric characters>
EMASSER_HOST_URL <The Full Qualified Domain Name (FQDN) for the eMASS server>
EMASSER_KEY_FILE_PATH <The eMASS key.pem private key file in PEM format (if provided the CERT is required)>
EMASSER_CERT_FILE_PATH <The eMASS client.pem certificate file in PEM format (if provided the KEY is required)>
EMASSER_CA_FILE_PATH <The eMASS CA certificate (if provided no Key or Client PEM is needed)>
EMASSER_KEY_FILE_PASSWORD <The password for the private encryption key.pem file>
Certain eMASS integrations may not require (most do) this variable:
EMASSER_USER_UID <The eMASS User Unique Identifier (user-uid)>
Optional eMASS configuration variables, if not provided defaults are used:
EMASSER_PORT <The server communication port number (default is 443)>
EMASSER_REQUEST_CERT <Server requests a certificate from connecting clients - true or false (default true)>
EMASSER_REJECT_UNAUTHORIZED <Reject clients with invalid certificates - true or false (default true)>
EMASSER_DEBUGGING <Set debugging on (true) or off (false) (default false)>
EMASSER_CLI_DISPLAY_NULL <Display null value fields - true or false (default true)>
EMASSER_EPOCH_TO_DATETIME <Convert epoch to data/time value - true or false (default false)>
EMASSER_DOWNLOAD_DIR <Directory where the CLI exports files (default eMASSerDownloads)>
EXAMPLES
$ saf emasser configure
```
## Endpoints CLI help
To view eMASS API top help (available topics & commands) use the following command:
```
$ saf emasser [-h or -help]
[eMASS] The eMASS REST API implementation
USAGE
$ saf emasser COMMAND
TOPICS
emasser delete eMass REST API DELETE endpoint commands
emasser get eMass REST API GET endpoint commands
emasser post eMass REST API POST endpoint commands
emasser put eMass REST API PUT endpoint commands
COMMANDS
emasser configure Generate a configuration file (.env) for accessing an eMASS instance(s).
emasser version Display the eMASS API specification version the CLI implements.
```
Each CLI endpoint command have several layers of help.
- Using `-h or -help` after a topic (command) `get, put, post, or delete` lists all available endpoint calls. The following command would list all available `GET` endpoints commands.
```
$ saf emasser get [-h or -help]
eMass REST API GET endpoint commands
USAGE
$ saf emasser get COMMAND
COMMANDS
emasser get artifacts Retrieve artifacts for a system or system/filename combination
emasser get cac View one or many Control Approval Chain (CAC) in a system specified system ID
emasser get cmmc View Cybersecurity Maturity Model Certification (CMMC) Assessments
emasser get controls Get system Security Control information for both the Implementation Plan and Risk Assessment
emasser get dashboards Retrieves a pre-defined dashboard by orgId
emasser get hardware View all hardware baseline for a system available on the eMASS instance
emasser get milestones Retrieve milestones by system by systemID/poamID or systemID/poamID/milestoneID combination
emasser get pac View one or many Package Approval Chain (PAC) in a system specified system ID
emasser get poams Retrieve Poams for a system or system/poam Id combination
emasser get roles Retrieve all available system roles, or filter by options
emasser get software View all software baseline for a system available on the eMASS instance
emasser get system Get system information for a specific system defined by ID (systemId)
emasser get systems Get available systems filter on provided options
emasser get test_connection Test if eMASSer is properly configured to a valid eMASS URL
emasser get test_results Get test results for a specific system defined by ID (systemId)
emasser get workflow_definitions View all workflow schemas available on the eMASS instance
emasser get workflow_instances Retrieve all workflow instances or workflow instances noted by workflowInstanceID
```
- Preceding any command with `[-h or -help` provides help for the command. The following command would list all available sub-commands and options for the `get artifacts` endpoint command.
```
$ emasser get -h artifacts
Retrieve artifacts for a system or system/filename combination
USAGE
$ saf emasser get artifacts [ARGUMENT]
ARGUMENTS
forSystem Retrieves available milestones for provided system (Id)
export Exports the milestone(s) for provided system (Id) and file name
FLAGS
-h, --help Show eMASSer CLI help for the GET Artifacts endpoint
DESCRIPTION
Retrieve artifacts for a system or system/filename combination
```
- Using `help` after any command lists all available options (flags). The following command would list all available options for the `get artifacts export` endpoint command.
```
$ emasser get artifacts export -help
Retrieves the file artifacts (if compress is true the file binary contents are returned, otherwise the file textual contents are returned.)
USAGE
$ saf emasser get artifacts [ARGUMENT]
ARGUMENTS
forSystem Retrieves available milestones for provided system (Id)
export Exports the milestone(s) for provided system (Id) and file name
FLAGS
-h, --help Show eMASSer CLI help for the GET Artifacts command
-s, --systemId=<value> (required) The system identification number
-f, --filename=<value> (required) The artifact file name
-C, --[no-]compress Boolean - Compress true or false
-P, --[no-]printToStdOut Boolean - Print to standard output
DESCRIPTION
Retrieves an artifact file for selected system
(file is sent to EMASSER_DOWNLOAD_DIR (defaults to eMASSerDownloads) if flag [-P, --printToStdOut] not provided)
EXAMPLES
$ saf emasser get artifacts export [-s, --systemId] <value> [-f, --filename] <value> [options]
```
**The same format is applicable for POST, PUT, and DELETE requests as well, however there may be additional help content**
## Command line flags
All command line flags have a short and long option, for example: -s or --systemId can be use as:
```
-s 36 or --systemId 36
```
Boolean `true/false` flags do **NOT** take an argument, they are reversed with `--no-` value. If we have a flag name `isTemplate` it would be uses as:
```
--isTemplate (true) --no-isTemplate (false)
```
## Usage - GET
### ```get test connection```
---
The Test Connection endpoint provides the ability to verify connection to the web service.
$ emasser get test_connection
A return of success from the call indicates that the CLI can reach the configured server URL.
References [Required Environment Variables](#required-environment-variables) for the necessary environment variables.
[top](#api-endpoints-provided)
### ```get system```
---
The `get system` command retrieves a single system defined by the ID (systemId).
```
Get system information for a specific system defined by ID (systemId)
USAGE
$ saf emasser get system [options]
FLAGS
-h, --help Show eMASSer CLI help for the GET System endpoint
-s, --systemId=<value> (required) The system identification number
-I, --[no-]includePackage Boolean - include system packages
-p, --policy=<option> Filter on policy
<options: diacap|rmf|reporting>
DESCRIPTION
Get system information for a specific system defined by ID (systemId)
EXAMPLES
$ saf emasser get system [-s, --systemId] <value> [options]
```
- required flag (parameter):
|parameter | type or values |
|-------------|:----------------------------------|
|--systemId |Integer - Unique system identifier |
- Optional flags (parameters) are:
|parameter | type or values |
|------------------------|:----------------------------------------|
|--includePackage |BOOLEAN - true or false |
|--policy |Possible values: diacap, rmf, reporting |
[top](#api-endpoints-provided)
### ```get systems```
----
The `get systems` command retrieves all available system defined by the ID (systemId) and filter by available options.
```
Get available systems filter on provided options
USAGE
$ saf emasser get systems [options]
FLAGS
-h, --help Show eMASSer CLI help for the GET Systems endpoint
-D, --[no-]includeDecommissioned Boolean - include decommissioned systems
-I, --[no-]includePackage Boolean - include system packages
-M, --[no-]includeDitprMetrics Boolean - include DoD Information Technology metrics
-S, --[no-]reportsForScorecard Boolean - include score card
-c, --coamsId=<value> Cyber Operational Attributes Management System (COAMS) string Id
-p, --policy=<option> Filter on policy <options: diacap|rmf|reporting>
-r, --registrationType=<option> Filter on registration type
<options: assessAndAuthorize|assessOnly|guest|regular|functional|cloudServiceProvider|commonControlProvider>
-t, --ditprId=<value> DoD Information Technology (IT) Portfolio Repository (DITPR) string Id
DESCRIPTION
Get available systems filter on provided options
EXAMPLES
$ saf emasser get systems [options]
```
- Optional flags (parameters) are:
|parameter | type or values |
|------------------------|:----------------------------------------------------------------------------|
|--coamsId |Cyber Operational Attributes Management System (COAMS) string Id |
|--ditprId |DoD Information Technology (IT) Portfolio Repository (DITPR) string id |
|--includeDecommissioned |BOOLEAN - true or false |
|--includeDitprMetrics |BOOLEAN - true or false |
|--includePackage |BOOLEAN - true or false |
|--policy |Possible values: diacap, rmf, reporting |
|--registrationType |Possible values: assessAndAuthorize, assessOnly, guest, regular, functional, |
| | cloudServiceProvider, commonControlProvider |
|--reportsForScorecard |BOOLEAN - true or false |
[top](#api-endpoints-provided)
### ```get roles```
----
There are two endpoints for system roles - `all` and `byCategory`
```
USAGE
$ saf emasser get roles [ARGUMENT]
ARGUMENTS
all Retrieves all available system roles
byCategory Retrieves role(s) - filtered by [options] params
FLAGS
-h, --help Show eMASSer CLI help for the GET Roles endpoint
DESCRIPTION
Retrieve all available system roles, or filter by options
EXAMPLES
$ saf emasser get roles all
$ saf emasser get roles byCategory [-c, --roleCategory] <value> [-r, --role] <value> [options]
```
- required flags (parameters) are:
|parameter | type or values |
|:---------------|:------------------------------------------|
|--roleCategory |Possible values: PAC, CAC, Other |
|--role |Possible values: AO, Auditor, Artifact Manager, C&A Team, IAO, ISSO, PM/IAM, SCA, User Rep (View Only), Validator (IV&V)|
- optional parameter are:
|parameter | type or values |
|------------------------|:----------------------------------------|
|--policy |Possible values: diacap, rmf, reporting |
|--includeDecommissioned |BOOLEAN - true or false |
[top](#api-endpoints-provided)
### ```get controls```
----
Get system Security Control information for both the Implementation Plan and Risk Assessment
```
USAGE
$ saf emasser get controls [options]
FLAGS
-h, --help Show eMASSer CLI help for the GET Controls endpoint
-s, --systemId=<value> (required) The system identification number
-A, --[no-]acronyms The system acronym(s) e.g "AC-1, AC-2" - if not provided all controls for systemId are returned
DESCRIPTION
Get system Security Control information for both the Implementation Plan and Risk Assessment
EXAMPLES
$ saf emasser get controls --systemId <value> [option]
```
- required flag (parameter):
|parameter | type or values |
|-------------|:----------------------------------|
|--systemId |Integer - Unique system identifier |
- optional flag (parameter):
|parameter | type or values |
|-------------|:------------------------------------------|
|--acronyms |The system acronym(s) e.g "AC-1, AC-2" - if not provided all controls for systemId are returned |
[top](#api-endpoints-provided)
### ```get test_results```
----
Get test results for a specific system defined by ID (systemId)
```
USAGE
$ saf emasser get test_results [options]
FLAGS
-h, --help Show eMASSer CLI help for the GET Test Results endpoint
-s, --systemId=<value> (required) The system identification number
-L, --[no-]latestOnly Boolean - Filter on latest only
-a, --controlAcronyms=<value> The system acronym(s) e.g "AC-1, AC-2"
-c, --ccis=<value> The system CCIS string numerical value
DESCRIPTION
Get test results for a specific system defined by ID (systemId)
EXAMPLES
$ saf emasser get test_results --systemId <value> [options]
```
- required flag (parameter):
|parameter | type or values |
|-------------|:----------------------------------|
|--systemId |Integer - Unique system identifier |
- optional flags (parameters) are:
|parameter | type or values |
|-------------------|:------------------------------------------|
|--controlAcronyms |String - The system acronym(s) e.g "AC-1, AC-2" |
|--ccis |String - The system CCIS string numerical value |
|--latestOnly |BOOLEAN - true or false|
[top](#api-endpoints-provided)
### ```get poams```
----
There are two endpoints for system poams `forSystem` and `byPoamId`
- forSystem - Retrieves all poams for specified system ID
```shell
USAGE
$ saf emasser get poams [ARGUMENT]
ARGUMENTS
forSystem Retrieves Poams for specified system ID
byPoamId Retrieves Poams for specified system and poam ID
FLAGS
-h, --help Show eMASSer CLI help for the GET POA&Ms endpoint
-s, --systemId=<value> (required) The system identification number
-Y, --[no-]systemOnly Boolean - Return only systems
-a, --controlAcronyms=<value> The system acronym(s) e.g "AC-1, AC-2"
-c, --ccis=<value> The system CCIS string numerical value
--scheduledCompletionDateEnd=<value> The completion end date
--scheduledCompletionDateStart=<value> The completion start date
DESCRIPTION
Retrieves Poams for specified system ID
EXAMPLES
$ saf emasser get poams forSystem [-s, --systemId] <value> [options]
```
- required flag (parameter):
|parameter | type or values |
|-------------|:----------------------------------|
|--systemId |Integer - Unique system identifier |
- optional flags (parameters) are:
|parameter | type or values |
|-------------------------------|:----------------------------------------------|
|--scheduledCompletionDateStart |Date - Unix time format (e.g. 1499644800) |
|--scheduledCompletionDateEnd |Date - Unix time format (e.g. 1499990400) |
|--controlAcronyms |String - The system acronym(s) e.g "AC-1, AC-2"|
|--ccis |String - The system CCIS string numerical value|
|--systemOnly |BOOLEAN - true or false|
- byPoamId - Retrieves all poams for specified system and poam ID
```
USAGE
$ saf emasser get poams [ARGUMENT]
ARGUMENTS
forSystem Retrieves Poams for specified system ID
byPoamId Retrieves Poams for specified system and poam ID
FLAGS
-h, --help Show eMASSer CLI help for the GET POA&Ms endpoint
-p, --poamId=<value> (required) The poam identification number
-s, --systemId=<value> (required) The system identification number
DESCRIPTION
Retrieves Poams for specified system and poam ID
EXAMPLES
$ saf emasser get poams byPoamId [-s, --systemId] <value> [-p, --poamId] <value>
```
- required flags (parameters) are:
|parameter | type or values |
|-------------|:----------------------------------|
|--systemId |Integer - Unique system identifier |
|--poamId |Integer - Unique poam identifier |
[top](#api-endpoints-provided)
### ```get milestones```
----
There are two endpoints for system milestones `byPoamId` and `byMilestoneId`
- byPoamId - Retrieves milestone(s) for specified system and poam ID
```shell
USAGE
$ saf emasser get milestones [ARGUMENT]
ARGUMENTS
byPoamId Retrieves milestone(s) for specified system and poam Id
byMilestoneId Retrieves milestone(s) for specified system, poam, and milestone Id
FLAGS
-h, --help Show eMASSer CLI help for the GET Milestones endpoint
-p, --poamId=<value> (required) Unique poam identifier
-s, --systemId=<value> (required) Unique system identifier
-c, --scheduledCompletionDateEnd=<value> Unix time format (e.g. 1499990400)
-t, --scheduledCompletionDateStart=<value> Unix time format (e.g. 1499644800)
DESCRIPTION
Retrieves milestone(s) for specified system and poam ID
EXAMPLES
$ saf emasser get milestones byPoamId [-s, --systemId] <value> [-p, --poamId] <value> [options]
```
- required flags (parameters) are:
|parameter | type or values |
|-------------|:----------------------------------|
|--systemId |Integer - Unique system identifier |
|--poamId |Integer - Unique poam identifier |
- optional flags (parameters) are:
|parameter | type or values |
|-------------------------------|:----------------------------------------------|
|--scheduledCompletionDateStart |Date - Unix time format (e.g. 1499644800) |
|--scheduledCompletionDateEnd |Date - Unix time format (e.g. 1499990400) |
- byMilestoneId, Retrieve milestone(s) for specified system, poam, and milestone ID"
```
USAGE
$ saf emasser get milestones [ARGUMENT]
ARGUMENTS
byPoamId Retrieves milestone(s) for specified system and poam Id
byMilestoneId Retrieves milestone(s) for specified system, poam, and milestone Id
FLAGS
-h, --help Show eMASSer CLI help for the GET Milestones endpoint
-m, --milestoneId=<value> (required) Unique milestone identifier
-p, --poamId=<value> (required) The poam identification number
-s, --systemId=<value> (required) The system identification number
DESCRIPTION
Retrieve milestone(s) for specified system, poam, and milestone ID
EXAMPLES
$ saf emasser get milestones byMilestoneId [-s, --systemId] <value> [-p, --poamId] <value> [-m, --milestoneId] <value>
```
- required flags (parameters) are:
|parameter | type or values |
|--------------|:-------------------------------------|
|--systemId |Integer - Unique system identifier |
|--poamId |Integer - Unique poam identifier |
|--milestoneId |Integer - Unique milestone identifier |
[top](#api-endpoints-provided)
### ```get artifacts```
----
There are two endpoints for artifacts `forSystem` and `export`
- forSystem - Retrieves one or many artifacts in a system specified system ID
```shell
USAGE
$ saf emasser get artifacts [ARGUMENT]
ARGUMENTS
forSystem Retrieves available milestones for provided system (Id)
export Exports the milestone(s) for provided system (Id) and file name
FLAGS
-h, --help Show eMASSer CLI help for the GET Artifacts endpoint
-s, --systemId=<value> (required) Unique system identifier
-a, --controlAcronyms=<value> The system acronym(s) e.g "AC-1, AC-2"
-c, --ccis=<value> The system CCIS string numerical value
-f, --filename=<value> The artifact file name
-y, --[no-]systemOnly Boolean - Return only systems
DESCRIPTION
Retrieves one or many artifacts for a system specified system ID
EXAMPLES
$ saf emasser get artifacts forSystem [-s, --systemId] <value> [options]
```
- required flag (parameter):
|parameter | type or values |
|-------------|:----------------------------------|
|--systemId |Integer - Unique system identifier |
- optional flags (parameters) are:
|parameter | type or values |
|-------------------------------|:----------------------------------------------|
|--filename |The artifact file name |
|--controlAcronyms |String - The system acronym(s) e.g "AC-1, AC-2"|
|--ccis |String - The system CCIS string numerical value|
|--systemOnly |BOOLEAN - true or false|
- export - Retrieves the file artifacts (if compress is true the file binary contents are returned, otherwise the file textual contents are returned.)
```
USAGE
$ saf emasser get artifacts [ARGUMENT]
ARGUMENTS
forSystem Retrieves available milestones for provided system (Id)
export Exports the milestone(s) for provided system (Id) and file name
FLAGS
-h, --help Show eMASSer CLI help for the GET Artifacts endpoint
-s, --systemId=<value> (required) The system identification number
-f, --filename=<value> (required) The artifact file name
-C, --[no-]compress Boolean - Compress true or false
DESCRIPTION
Retrieves the file artifacts (if compress is true the file binary contents are returned, otherwise the file textual contents are returned.)
EXAMPLES
$ saf emasser get artifacts export [-s, --systemId] <value> [-f, --filename] <value> [options]
```
- required flags (parameters) are:
|parameter | type or values |
|-------------|:----------------------------------|
|--systemId |Integer - Unique system identifier |
|--filename |The artifact file name |
- optional flag (parameter):
|parameter | type or values |
|-------------|:----------------------------------|
|--compress |BOOLEAN - true or false. |
[top](#api-endpoints-provided)
### ```get cac```
----
To view one or many Control Approval Chain (CAC) in a system specified system ID use the following command:
```shell
USAGE
$ saf emasser get cac [options]
FLAGS
-h, --help Show eMASSer CLI help for the GET CAC endpoint
-s, --systemId=<value> (required) The system identification number
-a, --controlAcronyms=<value> The system acronym(s) e.g "AC-1, AC-2"
DESCRIPTION
View one or many Control Approval Chain (CAC) in a system specified system ID
EXAMPLES
$ saf emasser get cac --systemId <value>
```
- required flag (parameter):
|parameter | type or values |
|-------------|:----------------------------------|
|--systemId |Integer - Unique system identifier |
- optional flag (parameter):
|parameter | type or values |
|-------------------------------|:----------------------------------------------|
|--controlAcronyms |String - The system acronym(s) e.g "AC-1, AC-2"|
[top](#api-endpoints-provided)
### ```get pac```
----
To view one or many Package Approval Chain (PAC) in a system specified system ID use the following command:
```shell
USAGE
$ saf emasser get pac [options]
FLAGS
-h, --help Show eMASSer CLI help for the GET PAC endpoint
-s, --systemId=<value> (required) The system identification number
DESCRIPTION
View one or many Package Approval Chain (PAC) in a system specified system ID
EXAMPLES
$ saf emasser get pac --systemId <value>
```
- required flag (parameter):
|parameter | type or values |
|-------------|:----------------------------------|
|--systemId |Integer - Unique system identifier |
[top](#api-endpoints-provided)
### ```get hardware```
---
To view Hardware Baseline assets use the following command:
```shell
USAGE
$ saf emasser get hardware [ARGUMENT] [FLAGS]
NOTE: see EXAMPLES for argument case format
ARGUMENTS
baseline Retrieves all hardware baseline for a system
FLAGS
-h, --help Show eMASSer CLI help for the GET Hardware Baseline command
-s, --systemId=<value> (required) The system identification number
-S, --pageSize=<value> The number of entries per page (default 20000)
-i, --pageIndex=<value> The index of the starting page (default first page 0)
DESCRIPTION
View all hardware baseline for a system available on the eMASS instance
EXAMPLES
Retrieve baselines without pagination
$ saf emasser get hardware baseline [-s, --systemId] <value> [options]
Retrieve baselines with pagination
$ saf emasser get hardware baseline [-s, --systemId] <value> [-S, --pageSize]=<value> [-i, --pageIndex]=<value>
```
- required flag (parameter):
|parameter | type or values |
|-------------|:----------------------------------|
|--systemId |Integer - Unique system identifier |
- Optional flags (parameters) are:
|parameter | type or values |
|-------------------|:--------------------------------------------------------------|
|-i, --pageIndex |Integer - The index of the starting page (default first page 0)|
|-s, --pageSize |Integer - The number of entries per page (default 20000) |
[top](#api-endpoints-provided)
### ```get software```
---
To view Software Baseline assets use the following command:
```shell
USAGE
$ saf emasser get software [ARGUMENT] [FLAGS]
NOTE: see EXAMPLES for argument case format
ARGUMENTS
baseline Retrieves all software baseline for a system
FLAGS
-h, --help Show eMASSer CLI help for the GET Software Baseline command
-s, --systemId=<value> (required) The system identification number
-S, --pageSize=<value> The number of entries per page (default 20000)
-i, --pageIndex=<value> The index of the starting page (default first page 0)
DESCRIPTION
View all software baseline for a system available on the eMASS instance
EXAMPLES
Retrieve baselines without pagination
$ saf emasser get software baseline [-s, --systemId] <value> [options]
Retrieve baselines with pagination
$ saf emasser get software baseline [-s, --systemId] <value> [-S, --pageSize]=<value> [-i, --pageIndex]=<value>
```
- required flag (parameter):
|parameter | type or values |
|-------------|:----------------------------------|
|-s, --systemId |Integer - Unique system identifier |
- Optional flags (parameters) are:
|parameter | type or values |
|-------------------|:--------------------------------------------------------------|
|-i, --pageIndex |Integer - The index of the starting page (default first page 0)|
|-s, --pageSize |Integer - The number of entries per page (default 20000) |
[top](#api-endpoints-provided)
### ```get cmmc```
----
To view Cybersecurity Maturity Model Certification (CMMC) Assessments use the following command:
```
USAGE
$ saf emasser get cmmc [options]
FLAGS
-h, --help Show eMASSer CLI help for the GET CMMC endpoint
-d, --sinceDate=<value> (required) The CMMC date. Unix date format
DESCRIPTION
View Cybersecurity Maturity Model Certification (CMMC) Assessments
EXAMPLES
$ saf emasser get cmmc --sinceDate <value>
```
- Required flag (parameter):
|parameter | type or values |
|----------------|:--------------------------------------|
|--sinceDate |Date - The CMMC date. Unix date format |
[top](#api-endpoints-provided)
### ```get workflow_definitions```
----
To view Workflow Definitions use the following command:
```
USAGE
$ saf emasser get workflow_definitions [options]
FLAGS
-h, --help Show eMASSer CLI help for the GET Workflow Definitions endpoint
-i, --[no-]includeInactive Boolean - Include inactive workflows
-r, --registrationType=<option> The registration type - must be a valid type
<options: assessAndAuthorize|assessOnly|guest|regular|functional|cloudServiceProvider|commonControlProvider>
DESCRIPTION
View all workflow schemas available on the eMASS instance
EXAMPLES
$ saf emasser get workflow_definitions [options]
```
- Optional flags (parameters) are:
|parameter | type or values |
|---------------------|:----------------------------------------------------------------------------|
|--includeInactive |BOOLEAN - true or false |
|--registrationType |Possible values: assessAndAuthorize, assessOnly, guest, regular, functional, |
| | cloudServiceProvider, commonControlProvider |
[top](#api-endpoints-provided)
### ```get workflow_instances```
----
There are two endpoints to view workflow instances `all` and `byInstanceId`
- all
```
USAGE
$ saf emasser get workflow_instances [ARGUMENT]
ARGUMENTS
all Retrieves all workflow instances in a site
byInstanceId Retrieves workflow(s) instance by ID
FLAGS
-h, --help Show eMASSer CLI help for the GET Workflow Instances endpoint
-C, --[no-]includeComments Boolean - Include transition comments
-D, --[no-]includeDecommissionSystems Boolean - Include decommissioned systems
-p, --pageIndex=<value> The page number to query
-d, --sinceDate=<value> The Workflow Instance date. Unix date format
-s, --status=<option> The Workflow status - must be a valid status. If not provided includes all systems
<options: active|inactive|all>
DESCRIPTION
Retrieves all workflow instances
EXAMPLES
$ saf emasser get workflow_instances all [options]
```
- Optional flags (parameters) are:
|parameter | type or values |
|-----------------------------|:---------------------------------------------------|
|--includeComments |BOOLEAN - true or false |
|--includeDecommissionSystems |BOOLEAN - true or false |
|--pageIndex |Integer - The page number to query |
|--sinceDate |Date - The Workflow Instance date. Unix date format |
|--status |Possible values: active, inactive, all (If no value is specified, returns all active and inactive workflows) |
- byWorkflowInstanceId
```
USAGE
$ saf emasser get workflow_instances [ARGUMENT]
ARGUMENTS
all Retrieves all workflow instances in a site
byInstanceId Retrieves workflow(s) instance by ID
FLAGS
-h, --help Show eMASSer CLI help for the GET Workflow Instances endpoint
-w, --workflowInstanceId=<value> (required) Unique workflow instance identifier
DESCRIPTION
Retrieves workflow instance by workflow Instance ID
EXAMPLES
$ saf emasser get workflow_instances byInstanceId [-w, --workflowInstanceId] <value>
```
- required flag (parameter):
|parameter | type or values |
|---------------------|:---------------------------------------------|
|--workflowInstanceId |Integer - Unique workflow instance identifier |
[top](#api-endpoints-provided)
### ```get dashboards```
----
The Dashboards endpoints provide the ability to view data contained in dashboard exports. In the eMASS front end, these dashboard exports are generated as Excel exports.
```shell
USAGE
$ saf emasser get dashboards [ARGUMENT] [FLAGS]
NOTE: see EXAMPLES for argument case format
ARGUMENTS
status_details Get systems status detail dashboard information
terms_conditions_summary Get system terms and conditions summary dashboard information
terms_conditions_details Get system terms and conditions details dashboard information
connectivity_ccsd_summary Get system connectivity CCSD summary dashboard information
connectivity_ccsd_details Get system connectivity CCSD details dashboard information
atc_iatc_details Get system ATC/IATC details dashboard information
questionnaire_summary Get system questionnaire summary dashboard information
questionnaire_details Get system questionnaire details dashboard information
workflows_history_summary Get system workflow history summary dashboard information
workflows_history_details Get system workflow history details dashboard information
workflows_history_stage_details Get system workflow history stage details dashboard information
control_compliance_summary Get control compliance summary dashboard information
security_control_details Get security control details dashboard information
assessment_procedures_details Get assessment procedures details dashboard information
poam_summary Get systems POA&Ms summary dashboard information
poam_details Get system POA&Ms details dashboard information
artifacts_summary Get artifacts summary dashboard information
artifacts_details Get artifacts details dashboard information
hardware_summary Get hardware summary dashboard information
hardware_details Get hardware details dashboard information
sensor_hardware_summary Get sensor hardware summary dashboard information
sensor_hardware_details Get sensor hardware details dashboard information
software_summary Get software baseline summary dashboard information
software_details Get software baseline details dashboard information
sensor_software_summary Get sensor software summary dashboard information
sensor_software_details Get sensor software details dashboard information
sensor_software_counts Get sensor software counts dashboard information
critical_assets_summary Get critical assets summary dashboard information
vulnerability_summary Get vulnerability summary dashboard information
device_findings_summary Get device findings summary dashboard information
device_findings_details Get device findings details dashboard information
application_findings_summary Get application findings summary dashboard information
application_findings_details Get application findings details dashboard information
ports_protocols_summary Get ports and protocols summary dashboard information
ports_protocols_details Get ports and protocols details dashboard information
integration_status_summary Get CONMON integration status summary dashboard information
associations_details Get system associations details dashboard information
user_assignments_details Get user system assignments details dashboard information
org_migration_status Get organization migration status dashboard information
system_migration_status Get system migration status dashboard information
fisma_metrics Get FISMA metrics dashboard information
coast_guard_fisma_metrics Get Coast Guard FISMA metrics dashboard information
privacy_summary Get system privacy summary dashboard information
fisma_saop_summary Get VA OMB-FISMA SAOP summary dashboard information
va_icamp_tableau_poam_details Get VA system ICAMP Tableau POA&M details dashboard information
va_aa_summary Get VA system A&A summary dashboard information
va_a2_summary Get VA system A2.0 summary dashboard information
va_pl_109_summary Get VA System P.L. 109 reporting summary dashboard information
va_fisma_inventory_summary Get VA system FISMA inventory summary dashboard information
va_fisma_inventory_crypto_summary Get VA system FISMA inventory summary dashboard information
va_threat_risk_summary Get VA threat risk summary dashboard information
va_threat_source_details Get VA threat source details dashboard information
va_threat_architecture_details Get VA threat architecture details dashboard information
cmmc_status_summary Get CMMC assessment status summary dashboard information
cmmc_compliance_summary Get CMMC assessment requirements compliance summary dashboard information
cmmc_security_requirements_details Get CMMC assessment security requirements details dashboard information
cmmc_requirement_objectives_details Get CMMC assessment requirement objectives details dashboard information
FLAGS
-I, --[no-]excludeInherited Boolean - exclude inherited data (default false)
-h, --help Show eMASSer CLI help for the GET Dashboards command
-i, --pageIndex=<value> The index of the starting page (default first page 0)
-o, --orgId=<value> (required) The organization identification number
-s, --pageSize=<value> The number of entries per page (default 20000)
DESCRIPTION
Retrieves a pre-defined dashboard by orgId
EXAMPLES
$ saf emasser get dashboards [dashboard name] [-o, --orgId] <value> [options]
```
All endpoint calls utilize the same parameter values, they are:
- Required flag (parameter):
|parameter | type or values |
|--------------|:------------------------------------------------|
|--orgId |Integer - The organization identification number |
- Optional flags (parameters) are:
|parameter | type or values |
|-------------------|:--------------------------------------------------------------|
|--excludeInherited |BOOLEAN - If no value is specified, includes inherited data |
|--pageIndex |Integer - The index of the starting page (default first page 0)|
|--pageSize |Integer - The number of entries per page (default 20000) |
[top](#api-endpoints-provided)
## Usage - POST
### ``post register cert``
---
The Registration endpoint provides the ability to register a certificate & obtain an API-key.
```shell
USAGE
$ saf emasser post register
FLAGS
-h, --help Show eMASSer CLI help for the Register (POST) a certificate & obtain the API-key
DESCRIPTION
The Registration endpoint provides the ability to register a certificate & obtain an API-key
EXAMPLES
$ saf emasser post register
```
[top](#post)
### ``post test_results``
---
Test Result add (POST) endpoint API business rules.
|Business Rule | Parameter/Field |
|---------------------------------------------------------------------|:-----------------|
| Tests Results cannot be saved if the "Test Date" is in the future. | `testDate` |
| Test Results cannot be saved if a Security Control is "Inherited" in the system record. | `description` |
| Test Results cannot be saved if an Assessment Procedure is "Inherited" in the system record. | `description` |
| Test Results cannot be saved if the AP does not exist in the system. | `description` |
| Test Results cannot be saved if the control is marked "Not Applicable" by an Overlay. | `description` |
| Test Results cannot be saved if the control is required to be assessed as "Applicable" by an Overlay.| `description` |
| Test Results cannot be saved if the Tests Results entered is greater than 4000 characters.|`description`|
| Test Results cannot be saved if the following fields are missing data: | `complianceStatus`, `testDate`, `testedBy`, `description`|
| Test results cannot be saved if there is more than one test result per CCI |`cci`|
---
Add (POST) test results CLI usage
```shell
USAGE
$ saf emasser post test_results [FLAGS]
FLAGS
-h, --help Show eMASSer CLI help for the POST Test Results command
-s, --systemId=<value> (required) The system identification number
-a, --assessmentProcedure=<value> (required) The Security Control Assessment Procedure being assessed
-b, --testedBy=<value> (required) The person that conducted the test (Last Name, First)
-t, --testDate=<value> (required) The date test was conducted, Unix time format
-d, --description=<value> (required) The description of test result. 4000 Characters
-S, --complianceStatus=<option> (required) The compliance status of the test result
<options: Compliant|Non-Compliant|Not Applicable>
DESCRIPTION
Add test results for a system's Assessment Procedures which determine Security Control compliance
See the FLAGS section for required fields and acceptable values
EXAMPLES
$ saf emasser post test_results [-s,--systemId] [-a,--assessmentProcedure] [-b,--testedBy] [-t,--testDate] [-d,--description] [-S,--complianceStatus]
```
Note: If no POA&Ms or AP exist for the control (system), the following message is returned:
"You have entered a Non-Compliant Test Result. You must create a POA&M Item for this Control and/or AP if one does not already exist."
[top](#post)
### ``post poams``
---
#### Plan of Action and Milestones (POA&M) add (POST) endpoint API business rules.
##### Requirements based on `status` field value
|status |Required Fields
|----------------|--------------------------------------------------------
|Risk Accepted |`comments`, `resources`
|Ongoing |`scheduledCompletionDate`, `resources`, `milestones` (at least 1)
|Completed |`scheduledCompletionDate`, `comments`, `resources`, `completionDate`, `milestones` (at least 1)
|Not Applicable |POAM can not be created
##### POC fields requirements
If a POC email is supplied, the application will attempt to locate a user
already registered within the application and pre-populate any information
not explicitly supplied in the request. If no such user is found, these
fields are required within the request.
- `pocOrganization`, `pocFirstName`, `pocLastName`, `pocEmail`, `pocPhoneNumber`
##### Business logic for adding POA&Ms
- POA&M Items cannot be saved if associated Security Control or AP is inherited.
- POA&M Items cannot be created manually if a Security Control or AP is Not Applicable.
- Completed POA&M Item cannot be saved if Completion Date is in the future.
- Completed POA&M Item cannot be saved if Completion Date (completionDate) is in the future.
- Risk Accepted POA&M Item cannot be saved with a Scheduled Completion Date or Milestones
- POA&M Items with a review status of "Not Approved" cannot be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date.
- POA&M Items with a review status of "Approved" can be saved if Milestone Scheduled Completion Date exceeds POA&M Item Scheduled Completion Date.
- POA&M Items that have a status of "Completed" and a status of "Ongoing" cannot be saved without Milestones.
- POA&M Items that have a status of "Risk Accepted" cannot have milestones.
- POA&M Items with a review status of "Approved" that have a status of "Completed" and "Ongoing" cannot update Scheduled Completion Date.
- POA&M Items that have a review status of "Approved" are required to have a Severity Value assigned.
- POA&M Items cannot be updated if they are included in an active package.
- Archived POA&M Items cannot be updated.
- POA&M Items with a status of "Not Applicable" will be updated through test result creation.
- If the Security Control or Assessment Procedure does not exist in the system we may have to just import POA&M Item at the System Level.
##### POA&M parameters/fields character limitations
- Fields that can not exceed 100 characters:
- Office / Organization (`pocOrganization`)
- First Name (`pocFirstName`)
- Last Name (`pocLastName`)
- Email (`email`)
- Phone Number (`pocPhoneNumber`)
- External Unique ID (`externalUid`)
- Fields that can not exceed 250 characters:
- Resource (`resource`)
- Fields that can not exceed 2000 character:
- Vulnerability Description (`vulnerabilityDescription`)
- Source Identifying Vulnerability (`sourceIdentVuln`)
- Recommendations (`recommendations`)
- Risk Accepted Comments (`comments`)
- Milestone Description (`description`)
- Mitigation Justification (`mitigation`)
##### Add (POST) POA&Ms CLI usages
```shell
USAGE
$ saf emasser post poams [FLAGS]
NOTE: see EXAMPLES for command usages
FLAGS
-h, --help Show eMASSer CLI help for the POST POA&Ms command
-s, --systemId=<value> (required) The system identification number
-f, --dataFile=<value> (required) A well formed JSON file containing the data to add. It can ba a single object or an array of objects.
DESCRIPTION
Add a Plan of Action and Milestones (POA&M) into a systems.
This CLI expects an input file containing the necessary fields to add a POA&M. The content
of the file must be in compliance with the eMASS API defined business rules for adding POA&Ms.
EXAMPLES
$ saf emasser post poams [-s,--systemId] [-f,--dataFile]
```
**Note:** The input file should be a well formed JSON containing the POA&M information based on defined business rules.
---
##### Required JSON parameter/fields are:
```json
{
"status": "One of the following: [Ongoing, Risk Accepted, Completed, Not Applicable]",
"vulnerabilityDescription": "POA&M vulnerability description",
"sourceIdentifyingVulnerability": "Source that identifies the vulnerability",
"pocOrganization": "Organization/Office represented",
"resources": "List of resources used"
}
```
##### Required for VA but Conditional for Army and USCG JSON parameters/fields are:
```json
{
"identifiedInCFOAuditOrOtherReview": "If not specified, this field will be set to false because it does not accept a null value (Required for VA. Optional for Army and USCG)",
"personnelResourcesFundedBaseHours": "Hours for personnel resources that are founded (Required for VA. Optional for Army and USCG)",
"personnelResourcesCostCode": "Values are specific per eMASS instance (Required for VA. Optional for Army and USCG)",
"personnelResourcesUnfundedBaseHours": "Funded based hours (100.00) (Required for VA. Optional for Army and USCG)",
"personnelResourcesNonfundingObstacle": "Values are specific per eMASS instance (Required for VA. Optional for Army and USCG)",
"personnelResourcesNonfundingObstacleOtherReason": "Reason (text 2,000 char) (Required for VA. Optional for Army and USCG)",
"nonPersonnelResourcesFundedAmount": "Funded based hours (100.00) (Required for VA. Optional for Army and USCG)",
"nonPersonnelResourcesCostCode": "Values are specific per eMASS instance (Required for VA. Optional for Army and USCG)",
"nonPersonnelResourcesUnfundedAmount": "Funded based hours (100.00) (Required for VA. Optional for Army and USCG)",
"nonPersonnelResourcesNonfundingObstacle": "Values are specific per eMASS instance (Required for VA. Optional for Army and USCG)",
"nonPersonnelResourcesNonfundingObstacleOtherReason": "Reason (text 2,000 char) (Required for VA. Optional for Army and USCG)"
}
```
##### Conditional JSON parameters/fields are:
```json
{
"milestones": [
{
"description": "The milestone description",
"scheduledCompletionDate": "Milestone scheduled completion date (Unix format)"
}
],
"pocFirstName": "First name of POC (only if Last Name, Email, or Phone Number have data)",
"pocLastName": "Last name of POC (only if First Name, Email, or Phone Number have data)",
"pocEmail": "Email address of POC (only if First Name, Last Name, or Phone Number have data)",
"pocPhoneNumber": "Phone number of POC (only if First Name, Last Name, or Email have data)",
"severity": "Risk Analysis field, maybe required by certain eMASS instances. Required for approved items",
"scheduledCompletionDate": "Required for ongoing and completed POA&M items",
"completionDate": "Field is required for completed POA&M items",
"comments": "Field is required for completed and risk accepted POA&M items"
}
```
##### Optional JSON parameters/fields
```json
{
"externalUid": "External ID associated with the POA&M",
"controlAcronym": "The system acronym(s) e.g AC-1, AC-2",
"assessmentProcedure": "The Security Control Assessment Procedures being associated with the POA&M Item",
"securityChecks": "Security Checks that are associated with the POA&M",
"rawSeverity": "One of the following [Very Low, Low, Moderate, High, Very High]",
"relevanceOfThreat": "Risk Analysis field, maybe required by certain eMASS instances. One of the following [Very Low, Low, Moderate, High, Very High]",
"likelihood": "Risk Analysis field, maybe required by certain eMASS instances. One of the following [Very Low, Low, Moderate, High, Very High]",
"impact": "Risk Analysis field, maybe required by certain eMASS instances. Description of Security Control impact",
"residualRiskLevel": "Risk Analysis field, maybe required by certain eMASS instances. One of the following [Very Low, Low, Moderate, High, Very High]",
"mitigations": "Risk Analysis field, maybe required by certain eMASS instances. Mitigation explanation",
"impactDescription": "Description of the security control impact",
"recommendations": "Any recommendations content",
"resultingResidualRiskLevelAfterProposedMitigations": "One of the following [Very Low, Low, Moderate, High, Very High] (Navy only)",
"predisposingConditions": "Conditions (Navy only)",
"threatDescription": "Threat description (Navy only)",
"devicesAffected": "List of affected devices by hostname. If all devices are affected, use `system` or `all` (Navy only)"
}
```
##### All accepted parameters/fields are:
```json
{
"status": "One of the following: [Ongoing, Risk Accepted, Completed, Not Applicable]",
"vulnerabilityDescription": "POA&M vulnerability description",
"sourceIdentifyingVulnerability": "Source that identifies the vulnerability",
"pocOrganization": "Organization/Office represented",
"resources": "List of resources used",
"identifiedInCFOAuditOrOtherReview": "If not specified, this field will be set to false because it does not accept a null value (Required for VA. Optional for Army and USCG)",
"personnelResourcesFundedBaseHours": "Hours for personnel resources that are founded (Required for VA. Optional for Army and USCG)",
"personnelResourcesCostCode": "Values are specific per eMASS instance (Required for VA. Optional for Army and USCG)",
"personnelResourcesUnfundedBaseHours": "Funded based hours (100.00) (Required for VA. Optional for Army and USCG)",
"personnelResourcesNonfundingObstacle": "Values are specific per eMASS instance (Required for VA. Optional for Army and USCG)",
"personnelResourcesNonfundingObstacleOtherReason": "Reason (text 2,000 char) (Required for VA. Optional for Army and USCG)",
"nonPersonnelResourcesFundedAmount": "Funded based hours (100.00) (Required for VA. Optional for Army and USCG)",
"nonPersonnelResourcesCostCode": "Values are specific per eMASS instance (Required for VA. Optional for Army and USCG)",
"nonPersonnelResourcesUnfundedAmount": "Funded based hours (100.00) (Required for VA. Optional for Army and USCG)",
"nonPersonnelResourcesNonfundingObstacle": "Values are specific per eMASS instance (Required for VA. Optional for Army and USCG)",
"nonPersonnelResourcesNonfundingObstacleOtherReason": "Reason (text 2,000 char) (Required for VA. Optional for Army and USCG)",
"milestones": [
{
"description": "The milestone description",
"scheduledCompletionDate": "Milestone scheduled completion date (Unix format)"
}
],
"pocFirstName": "First name of POC (only if Last Name, Email, or Phone Number have data)",
"pocLastName": "Last name of POC (only if First Name, Email, or Phone Number have data)",
"pocEmail": "Email address of POC (only if First Name, Last Name, or Phone Number have data)",
"pocPhoneNumber": "Phone number of POC (only if First Name, Last Name, or Email have data)",
"severity": "Risk Analysis field, maybe required by certain eMASS instances. Required for approved items",
"scheduledCompletionDate": "Required for ongoing and completed POA&M items",
"completionDate": "Field is required for completed POA&M items",
"comments": "Field is required for completed and risk accepted POA&M items",
"externalUid": "External ID associated with the POA&M",
"controlAcronym": "The system acronym(s) e.g AC-1, AC-2",
"assessmentProcedure": "The Security Control Assessment Procedures being associated with the POA&M Item",
"securityChecks": "Security Checks that are associated with the POA&M",
"rawSeverity": "One of the following [Very Low, Low, Moderate, High, Very High]",
"relevanceOfThreat": "Risk Analysis field, maybe required by certain eMASS instances. One of the following [Very Low, Low, Moderate, High, Very High]",
"likelihood": "Risk Analysis field, maybe required by certain eMASS instances. One of the following [Very Low, Low, Moderate, High, Very High]",
"impact": "Risk Analysis field, maybe required by certain eMASS instances. Description of Security Control impact",
"residualRiskLevel": "Risk Analysis field, maybe required by certain eMASS instances. One of the following [Very Low, Low, Moderate, High, Very High]",
"mitigations": "Risk Analysis field, maybe required by certain eMASS instances. Mitigation explanation",
"impactDescription": "Description of the security control impact",
"recommendations": "Any recommendations content",
"resultingResidualRiskLevelAfterProposedMitigations": "One of the following [Very Low, Low, Moderate, High, Very High] (Navy only)",
"predisposingConditions": "Conditions (Navy only)",
"threatDescription": "Threat description (Navy only)",
"devicesAffected": "List of affected devices by hostname. If all devices are affected, use `system` or `all` (Navy only)"
}
```
[top](#post)
### ``post milestones``
---
Add (POST) milestones to one or many POA&M items in a system
```shell
USAGE
$ saf emasser post milestones -s <value> -p <value> -d <description> -c <completion-date>
FLAGS
-h, --help Post (add) milestones to one or many POA&M items in a system
-p, --poamId=<value> (required) The poam identification number
-s, --systemId=<value> (required) The system identification number
-c, --scheduledCompletionDate=<value> (required) The scheduled completion date - Unix time format
-d, --description=<value> (required) The milestone description
DESCRIPTION
Add milestones to one or many POA&M items in a system
Milestones provide specific information about the status
of processes used to mitigate risks and weakness findings.
EXAMPLES
$ saf emasser post milestones [-s,--systemId] [-p,--poamId] [-d,--description] [-c,--scheduledCompletionDate]
```
[top](#post)
### ``post artifacts``
---
#### Upload artifacts one or many artifacts in a system
The body of a request through the Artifacts POST endpoint accepts a single binary file.
Two Artifact POST methods are currently accepted: individual and bulk.
Filename uniqueness within an eMASS system will be enforced by the API for both methods.
For POST requests that should result in a single artifact, the request should include the file.
#### Business rules
Upon successful receipt of one or many artifacts, if a file is matched via filename to an
artifact existing within the application, the file associated with the artifact will be updated.
If no artifact is matched via filename to the application, a new artifact will be created with
the following default values. Any values not specified below will be null.
```shell
- isTemplate: false
- type: other
- category: evidence
```
Any values not specified below will be null.
#### Artifacts rules and limitations
- Artifact cannot be saved if File Name (fileName) exceeds 1,000 characters
- Artifact cannot be saved if Name (name) exceeds 100 characters
- Artifact cannot be saved if Description (description) exceeds 10,000 characters
- Artifact cannot be saved if Reference Page Number (refPageNumber) exceeds 50 characters
- Artifact cannot be saved if the file does not have an allowable file extension/type.
- Artifact version cannot be saved if an Artifact with the same file name already exist in the system.
- Artifact cannot be saved if the file size exceeds 30MB.
- Artifact cannot be saved if the Last Review Date is set in the future.
- Artifact cannot be saved if the following fields are missing data:
- Filename
- Type
- Category
---
#### Add (POST) Artifacts CLI usages
```shell
USAGE
$ saf emasser post artifacts [FLAGS]
NOTE: see EXAMPLES for command options
FLAGS
-h, --help Post (add) artifact file(s) to a system
-f, --fileName=<value>... (required) Artifact file(s) to post to the given system, can have multiple (space separated)
-s, --systemId=<value> (required) The system identification number
-T, --[no-]isTemplate Boolean - Indicates whether an artifact is a template.
-c, --category=<option> Artifact category [default: Evidence] Various artifact category are accepted (defined by the eMASS administrator)
-t, --type=<option> Artifact file type [default: Other] Various artifact file type are accepted (defined by the eMASS administrator)
DESCRIPTION
Uploads a single or multiple artifacts to a system.
The single file can be an individual artifact or a .zip
file containing multiple artifacts. If multiple files are
provided they are archived into a zip file and sent as bulk.
EXAMPLES
Add a single artifact file
$ saf emasser post artifacts [-s,--
gitextract_8tjlmnxx/ ├── .deepsource.toml ├── .editorconfig ├── .env-example ├── .github/ │ ├── dependabot.yml │ ├── mergify.yml │ ├── release-drafter.yml │ └── workflows/ │ ├── anchore-syft.yml │ ├── auto-approve-and-merge.yml │ ├── build-macos.yml │ ├── build-rpm.yml │ ├── build-windows-linux.yml │ ├── bump-brew.yml │ ├── draft-release.yml │ ├── e2e-ci.yml │ ├── linter.yml │ ├── push-to-docker-main.yml │ ├── push-to-docker.yml │ ├── push-to-npm-gpr.yml │ └── test-docker-image.yml ├── .gitignore ├── .nvmrc ├── .vscode/ │ ├── launch.json │ └── settings.json ├── CNAME ├── Dockerfile ├── LICENSE.md ├── README.md ├── VERSION ├── _config.yml ├── bin/ │ ├── run │ └── run.cmd ├── docs/ │ ├── contributors-guide.md │ └── emasser/ │ └── index.md ├── eslint.config.js ├── oclif-theme.json ├── pack-hdf-converters.bat ├── pack-hdf-converters.sh ├── pack-heimdall-lite.bat ├── pack-heimdall-lite.sh ├── pack-inspec-objects.bat ├── pack-inspec-objects.sh ├── pack-inspecjs.bat ├── pack-inspecjs.sh ├── package.json ├── release-prep.ps1 ├── release-prep.sh ├── saf-cli.code-workspace ├── saf.spec ├── src/ │ ├── commands/ │ │ ├── attest/ │ │ │ ├── apply.ts │ │ │ └── create.ts │ │ ├── convert/ │ │ │ ├── anchoregrype2hdf.ts │ │ │ ├── asff2hdf.ts │ │ │ ├── aws_config2hdf.ts │ │ │ ├── burpsuite2hdf.ts │ │ │ ├── checkov2hdf.ts │ │ │ ├── ckl2hdf.ts │ │ │ ├── ckl2poam.ts │ │ │ ├── conveyor2hdf.ts │ │ │ ├── cyclonedx_sbom2hdf.ts │ │ │ ├── dbprotect2hdf.ts │ │ │ ├── dependency_track2hdf.ts │ │ │ ├── fortify2hdf.ts │ │ │ ├── gosec2hdf.ts │ │ │ ├── hdf2asff.ts │ │ │ ├── hdf2caat.ts │ │ │ ├── hdf2ckl.ts │ │ │ ├── hdf2condensed.ts │ │ │ ├── hdf2csv.ts │ │ │ ├── hdf2html.ts │ │ │ ├── hdf2splunk.ts │ │ │ ├── hdf2xccdf.ts │ │ │ ├── index.ts │ │ │ ├── ionchannel2hdf.ts │ │ │ ├── jfrog_xray2hdf.ts │ │ │ ├── msft_secure2hdf.ts │ │ │ ├── nessus2hdf.ts │ │ │ ├── netsparker2hdf.ts │ │ │ ├── neuvector2hdf.ts │ │ │ ├── nikto2hdf.ts │ │ │ ├── prisma2hdf.ts │ │ │ ├── prowler2hdf.ts │ │ │ ├── sarif2hdf.ts │ │ │ ├── scoutsuite2hdf.ts │ │ │ ├── snyk2hdf.ts │ │ │ ├── sonarqube2hdf.ts │ │ │ ├── splunk2hdf.ts │ │ │ ├── trivy2hdf.ts │ │ │ ├── trufflehog2hdf.ts │ │ │ ├── twistlock2hdf.ts │ │ │ ├── veracode2hdf.ts │ │ │ ├── xccdf_results2hdf.ts │ │ │ └── zap2hdf.ts │ │ ├── emasser/ │ │ │ ├── configure.ts │ │ │ ├── delete/ │ │ │ │ ├── artifacts.ts │ │ │ │ ├── cloud_resources.ts │ │ │ │ ├── container_scans.ts │ │ │ │ ├── hardware_baseline.ts │ │ │ │ ├── milestones.ts │ │ │ │ ├── poams.ts │ │ │ │ └── software_baseline.ts │ │ │ ├── get/ │ │ │ │ ├── artifacts.ts │ │ │ │ ├── cac.ts │ │ │ │ ├── cmmc.ts │ │ │ │ ├── controls.ts │ │ │ │ ├── dashboards.ts │ │ │ │ ├── hardware.ts │ │ │ │ ├── milestones.ts │ │ │ │ ├── pac.ts │ │ │ │ ├── poams.ts │ │ │ │ ├── roles.ts │ │ │ │ ├── software.ts │ │ │ │ ├── system.ts │ │ │ │ ├── systems.ts │ │ │ │ ├── test_connection.ts │ │ │ │ ├── test_results.ts │ │ │ │ ├── workflow_definitions.ts │ │ │ │ └── workflow_instances.ts │ │ │ ├── hello.ts │ │ │ ├── post/ │ │ │ │ ├── artifacts.ts │ │ │ │ ├── cac.ts │ │ │ │ ├── cloud_resources.ts │ │ │ │ ├── container_scans.ts │ │ │ │ ├── device_scans.ts │ │ │ │ ├── hardware_baseline.ts │ │ │ │ ├── milestones.ts │ │ │ │ ├── pac.ts │ │ │ │ ├── poams.ts │ │ │ │ ├── register.ts │ │ │ │ ├── software_baseline.ts │ │ │ │ ├── static_code_scans.ts │ │ │ │ └── test_results.ts │ │ │ ├── put/ │ │ │ │ ├── artifacts.ts │ │ │ │ ├── controls.ts │ │ │ │ ├── hardware_baseline.ts │ │ │ │ ├── milestones.ts │ │ │ │ ├── poams.ts │ │ │ │ └── software_baseline.ts │ │ │ └── version.ts │ │ ├── generate/ │ │ │ ├── ckl_metadata.ts │ │ │ ├── delta.ts │ │ │ ├── inspec_metadata.ts │ │ │ ├── inspec_profile.ts │ │ │ ├── spreadsheet2inspec_stub.ts │ │ │ ├── threshold.ts │ │ │ └── update_controls4delta.ts │ │ ├── harden/ │ │ │ └── harden.ts │ │ ├── scan/ │ │ │ └── scan.ts │ │ ├── supplement/ │ │ │ ├── passthrough/ │ │ │ │ ├── read.ts │ │ │ │ └── write.ts │ │ │ └── target/ │ │ │ ├── read.ts │ │ │ └── write.ts │ │ ├── validate/ │ │ │ └── threshold.ts │ │ └── view/ │ │ ├── heimdall.ts │ │ └── summary.ts │ ├── index.ts │ ├── resources/ │ │ ├── cis2nist.json │ │ └── files.json │ ├── types/ │ │ ├── accurate-search/ │ │ │ └── index.d.ts │ │ ├── csv.d.ts │ │ ├── emass_client/ │ │ │ └── index.d.ts │ │ ├── fuse/ │ │ │ └── index.d.ts │ │ ├── inspec.d.ts │ │ ├── splunk-sdk-no-env/ │ │ │ └── index.d.ts │ │ ├── stig.d.ts │ │ ├── threshold.d.ts │ │ └── xlsx_populate.d.ts │ └── utils/ │ ├── ckl2poam.ts │ ├── csv.ts │ ├── delta_matching.ts │ ├── emasser/ │ │ ├── api_config.ts │ │ ├── api_connection.ts │ │ ├── generate_config.ts │ │ ├── init_connection.ts │ │ ├── output_error.ts │ │ ├── output_formatter.ts │ │ └── utilities.ts │ ├── global.ts │ ├── logging.ts │ ├── oclif/ │ │ ├── base_command.ts │ │ ├── help/ │ │ │ └── help.ts │ │ └── hooks/ │ │ └── command_not_found.ts │ ├── ohdf/ │ │ ├── calculations.ts │ │ ├── data_loader.ts │ │ ├── output_generator.ts │ │ └── types.ts │ ├── threshold.ts │ └── xccdf2inspec.ts ├── test/ │ ├── commands/ │ │ ├── attest/ │ │ │ └── apply.test.ts │ │ ├── convert/ │ │ │ ├── anchoregrype2hdf.test.ts │ │ │ ├── burpsuite2hdf.test.ts │ │ │ ├── checkov2hdf.test.ts │ │ │ ├── ckl2hdf.test.ts │ │ │ ├── ckl2poam.test.ts │ │ │ ├── cyclonedx_sbom2hdf.test.ts │ │ │ ├── dbprotect2hdf.spec.ts │ │ │ ├── dependency_track2hdf.test.ts │ │ │ ├── fortify2hdf.test.ts │ │ │ ├── gosec2hdf.test.ts │ │ │ ├── hdf2caat.test.ts │ │ │ ├── hdf2ckl.test.ts │ │ │ ├── hdf2csv.test.ts │ │ │ ├── hdf2html.test.ts │ │ │ ├── jfrog_xray2hdf.test.ts │ │ │ ├── msft_secure2hdf.test.ts │ │ │ ├── netsparker2hdf.test.ts │ │ │ ├── neuvector2hdf.test.ts │ │ │ ├── nikto2hdf.test.ts │ │ │ ├── prisma2hdf.test.ts │ │ │ ├── sarif2hdf.test.ts │ │ │ ├── scoutsuite2hdf.test.ts │ │ │ ├── trufflehog2hdf.test.ts │ │ │ ├── twistlock2hdf.test.ts │ │ │ ├── veracode2hdf.test.ts │ │ │ ├── xccdf_results2hdf.test.ts │ │ │ └── zap2hdf.test.ts │ │ ├── emasser/ │ │ │ ├── delete.test.ts │ │ │ ├── get.test.ts │ │ │ ├── mock.server.ts │ │ │ ├── post.test.ts │ │ │ └── put.test.ts │ │ ├── generate/ │ │ │ ├── delta.test.ts │ │ │ ├── inspec_profile.test.ts │ │ │ ├── spreadsheet2inspec_stub.test.ts │ │ │ ├── threshold.test.ts │ │ │ └── update_controls4delta.test.ts │ │ ├── supplement/ │ │ │ ├── passthrough.test.ts │ │ │ └── target.test.ts │ │ ├── utils.ts │ │ ├── validate/ │ │ │ └── threshold.test.ts │ │ └── view/ │ │ ├── heimdall_view_cli.test.ts │ │ └── summary.test.ts │ ├── sample_data/ │ │ ├── HDF/ │ │ │ ├── input/ │ │ │ │ ├── RHEL7_overrides_hdf.json │ │ │ │ ├── minimal-hdf.json │ │ │ │ ├── minimal_hdf.json │ │ │ │ ├── red_hat_good.json │ │ │ │ ├── rhel-8_hardened.json │ │ │ │ ├── triple_overlay_profile_example.json │ │ │ │ ├── triple_overlay_profile_sample.json │ │ │ │ └── vSphere8_report.json │ │ │ └── output/ │ │ │ ├── caat/ │ │ │ │ └── caat.xlsx │ │ │ ├── csv/ │ │ │ │ ├── red_hat_good_parsed_CSV.json │ │ │ │ └── triple_overlay_parsed_CSV.json │ │ │ └── summary/ │ │ │ ├── rhel-8_hardened_output.json │ │ │ ├── rhel-8_hardened_output.md │ │ │ └── rhel-8_hardened_output.yml │ │ ├── anchoregrype/ │ │ │ ├── amazon-grype-hdf.json │ │ │ ├── amazon-grype-withraw.json │ │ │ ├── anchore-grype-hdf.json │ │ │ ├── anchore-grype-withraw.json │ │ │ ├── sample_input_report/ │ │ │ │ ├── amazon.json │ │ │ │ ├── anchore_grype.json │ │ │ │ └── tensorflow.json │ │ │ ├── tensorflow-grype-hdf.json │ │ │ └── tensorflow-grype-withraw.json │ │ ├── asff/ │ │ │ ├── asff-aws_foundational_security_best_practices_v1.0.0-hdf.json │ │ │ ├── asff-cis_aws-foundations_benchmark_v1.2.0-hdf.json │ │ │ ├── asff-hdf.json │ │ │ ├── example-3-layer-overlay_hdf.json │ │ │ ├── prowler-hdf.json │ │ │ ├── rhel7_V-71931-hdf.json │ │ │ ├── sample_input_report/ │ │ │ │ ├── asff_sample.json │ │ │ │ ├── example-3-layer-overlay_asff.json │ │ │ │ └── rhel7_V-71931_asff.json │ │ │ └── trivy-image_golang-1.12-alpine-hdf.json │ │ ├── attestations/ │ │ │ ├── attestations_jsonFormat.json │ │ │ ├── attestations_xlsxFormat.xlsx │ │ │ ├── attestations_yamlFormat.yaml │ │ │ ├── rhel8_sample_oneOfEachControlStatus.json │ │ │ ├── rhel8_sample_oneOfEachControlStatus_output.json │ │ │ ├── triple_overlay_attested.json │ │ │ ├── triple_overlay_example-attestations.json │ │ │ └── triple_overlay_example-attestations.yml │ │ ├── aws/ │ │ │ └── aws_config_hdf.json │ │ ├── burpsuite/ │ │ │ ├── burpsuite-hdf-withraw.json │ │ │ ├── burpsuite-hdf.json │ │ │ └── sample_input_report/ │ │ │ └── zero.webappsecurity.com.min │ │ ├── checklist/ │ │ │ ├── checklist-RHEL8V1R3-hdf-with-raw.json │ │ │ ├── checklist-RHEL8V1R3-hdf.json │ │ │ ├── converted-rhel7_overrides.ckl │ │ │ ├── metadata.json │ │ │ ├── red_hat_good.ckl │ │ │ ├── red_hat_good_metadata.ckl │ │ │ ├── sample_input_report/ │ │ │ │ ├── ckl_with_invalid_metadata.ckl │ │ │ │ ├── converted-RHEL8V1R3.ckl │ │ │ │ ├── invalid_metadata.json │ │ │ │ ├── small_ckl_overrides.ckl │ │ │ │ └── three_stig_checklist.ckl │ │ │ ├── small_overrides_hdf.json │ │ │ ├── three_stig_checklist-hdf.json │ │ │ └── vSphere8_report.ckl │ │ ├── checkov/ │ │ │ ├── checkov-hdf-withraw.json │ │ │ ├── checkov-hdf.json │ │ │ ├── checkov_sample-hdf.json │ │ │ ├── checkov_synthetic-hdf.json │ │ │ ├── checkov_with_skips-hdf.json │ │ │ └── sample_input_report/ │ │ │ ├── checkov_json.json │ │ │ ├── checkov_sample.json │ │ │ ├── checkov_synthetic.json │ │ │ └── checkov_with_skips.json │ │ ├── conveyor/ │ │ │ ├── conveyor-clamav-hdf.json │ │ │ ├── conveyor-codequality-hdf.json │ │ │ ├── conveyor-hdf.json │ │ │ ├── conveyor-moldy-hdf.json │ │ │ ├── conveyor-stigma-hdf.json │ │ │ └── sample_input_report/ │ │ │ ├── large-results.json │ │ │ └── sample-results.json │ │ ├── csv/ │ │ │ └── input/ │ │ │ ├── Ubuntu.csv │ │ │ └── stig.csv │ │ ├── cyclonedx_sbom/ │ │ │ ├── sample_input_report/ │ │ │ │ ├── dropwizard-no-vulns.json │ │ │ │ ├── dropwizard-vex.json │ │ │ │ ├── dropwizard-vulns.json │ │ │ │ ├── generated-saf-sbom.json │ │ │ │ ├── spdx-to-cyclonedx.json │ │ │ │ ├── syft-scan-alpine-container.json │ │ │ │ └── vex.json │ │ │ ├── sbom-converted-spdx-hdf-withraw.json │ │ │ ├── sbom-converted-spdx-hdf.json │ │ │ ├── sbom-dropwizard-no-vulns-hdf-withraw.json │ │ │ ├── sbom-dropwizard-no-vulns-hdf.json │ │ │ ├── sbom-dropwizard-vex-hdf-withraw.json │ │ │ ├── sbom-dropwizard-vex-hdf.json │ │ │ ├── sbom-dropwizard-vulns-hdf-withraw.json │ │ │ ├── sbom-dropwizard-vulns-hdf.json │ │ │ ├── sbom-saf-hdf-withraw.json │ │ │ ├── sbom-saf-hdf.json │ │ │ ├── sbom-syft-alpine-container-hdf-withraw.json │ │ │ ├── sbom-syft-alpine-container-hdf.json │ │ │ ├── sbom-vex-hdf-withraw.json │ │ │ └── sbom-vex-hdf.json │ │ ├── dbprotect/ │ │ │ ├── dbprotect-check-hdf-withraw.json │ │ │ ├── dbprotect-check-hdf.json │ │ │ ├── dbprotect-findings-hdf-withraw.json │ │ │ ├── dbprotect-findings-hdf.json │ │ │ └── sample_input_report/ │ │ │ ├── DbProtect-Check-Results-Details-XML-Sample.xml │ │ │ └── DbProtect-Findings-Detail-XML-Sample.xml │ │ ├── delta-matching/ │ │ │ ├── al2023-target-mini-profile.json │ │ │ └── rhel9-base-mini-profile.json │ │ ├── dependency_track/ │ │ │ ├── hdf-default-withraw.json │ │ │ ├── hdf-default.json │ │ │ ├── hdf-info-vulnerability.json │ │ │ ├── hdf-no-vulnerabilities.json │ │ │ ├── hdf-optional-attributes.json │ │ │ ├── hdf-with-attributions.json │ │ │ └── sample_input_report/ │ │ │ ├── fpf-default.json │ │ │ ├── fpf-info-vulnerability.json │ │ │ ├── fpf-no-vulnerabilities.json │ │ │ ├── fpf-optional-attributes.json │ │ │ └── fpf-with-attributions.json │ │ ├── fortify/ │ │ │ ├── fortify-hdf-withraw.json │ │ │ ├── fortify-hdf.json │ │ │ └── sample_input_report/ │ │ │ └── fortify_webgoat_results.fvdl │ │ ├── gosec/ │ │ │ ├── go-ethereum-all-unsuppressed-gosec-hdf-withraw.json │ │ │ ├── go-ethereum-all-unsuppressed-gosec-hdf.json │ │ │ ├── go-ethereum-external-unsuppressed-gosec-hdf-withraw.json │ │ │ ├── go-ethereum-external-unsuppressed-gosec-hdf.json │ │ │ ├── grype-gosec-hdf-withraw.json │ │ │ ├── grype-gosec-hdf.json │ │ │ └── sample_input_report/ │ │ │ ├── Go_Ethereum_gosec_results_all_suppressed.json │ │ │ ├── Go_Ethereum_gosec_results_external_suppressed.json │ │ │ └── Grype_gosec_results.json │ │ ├── html/ │ │ │ ├── combined_output.html │ │ │ ├── red_hat_good.html │ │ │ ├── sonarqube-hdf.html │ │ │ └── triple_overlay_profile_example.html │ │ ├── inspec/ │ │ │ └── json/ │ │ │ ├── Ubuntu-18.04-Profile.json │ │ │ ├── profile_and_controls/ │ │ │ │ ├── Windows_Server_2019_v1r3_mini-profile.json │ │ │ │ └── windows_server_2019_v1r3_mini_controls/ │ │ │ │ ├── V-93205.rb │ │ │ │ ├── V-93207.rb │ │ │ │ ├── V-93369.rb │ │ │ │ ├── V-93461.rb │ │ │ │ └── V-93473.rb │ │ │ └── rhel-7-v3r7-mini-sample-profile.json │ │ ├── jfrog_xray/ │ │ │ ├── jfrog-hdf-withraw.json │ │ │ ├── jfrog-hdf.json │ │ │ └── sample_input_report/ │ │ │ └── jfrog_xray_sample.json │ │ ├── msft_secure/ │ │ │ ├── sample_input_report/ │ │ │ │ ├── combined.json │ │ │ │ ├── profiles.json │ │ │ │ └── secureScore.json │ │ │ ├── secure_score-hdf-withraws.json │ │ │ └── secure_score-hdfs.json │ │ ├── nessus/ │ │ │ ├── nessus-hdf-10.0.0.1-withraw.json │ │ │ ├── nessus-hdf-10.0.0.1.json │ │ │ ├── nessus-hdf-10.0.0.2-withraw.json │ │ │ ├── nessus-hdf-10.0.0.2.json │ │ │ ├── nessus-hdf-10.0.0.3-withraw.json │ │ │ ├── nessus-hdf-10.0.0.3.json │ │ │ └── sample_input_report/ │ │ │ └── sample.nessus │ │ ├── netsparker/ │ │ │ ├── netsparker-hdf-withraw.json │ │ │ ├── netsparker-hdf.json │ │ │ └── sample_input_report/ │ │ │ └── sample-netsparker-invicti.xml │ │ ├── neuvector/ │ │ │ ├── neuvector-hdf-mitre-caldera.json │ │ │ ├── neuvector-hdf-mitre-heimdall.json │ │ │ ├── neuvector-hdf-mitre-heimdall2.json │ │ │ ├── neuvector-hdf-mitre-vulcan.json │ │ │ ├── neuvector-hdf-withraw-mitre-caldera.json │ │ │ ├── neuvector-hdf-withraw-mitre-heimdall.json │ │ │ ├── neuvector-hdf-withraw-mitre-heimdall2.json │ │ │ ├── neuvector-hdf-withraw-mitre-vulcan.json │ │ │ └── sample_input_report/ │ │ │ ├── neuvector-mitre-caldera.json │ │ │ ├── neuvector-mitre-heimdall.json │ │ │ ├── neuvector-mitre-heimdall2.json │ │ │ └── neuvector-mitre-vulcan.json │ │ ├── nikto/ │ │ │ ├── nikto-hdf-withraw.json │ │ │ ├── nikto-hdf.json │ │ │ └── sample_input_report/ │ │ │ └── zero.webappsecurity.json │ │ ├── passthrough/ │ │ │ ├── minimal-hdf-passthrough-nonobject.json │ │ │ ├── minimal-hdf-passthrough-object.json │ │ │ └── passthrough-object.json │ │ ├── poam/ │ │ │ └── converted-RHEL8V1R3.ckl-2026-03-03-0034.xlsm │ │ ├── prisma/ │ │ │ ├── localhost.json │ │ │ ├── my-fake-host-1.somewhere.cloud.json │ │ │ ├── my-fake-host-10.somewhere.cloud.json │ │ │ ├── my-fake-host-11.somewhere.cloud.json │ │ │ ├── my-fake-host-12.somewhere.cloud.json │ │ │ ├── my-fake-host-13.somewhere.cloud.json │ │ │ ├── my-fake-host-14.somewhere.cloud.json │ │ │ ├── my-fake-host-15.somewhere.cloud.json │ │ │ ├── my-fake-host-2.somewhere.cloud.json │ │ │ ├── my-fake-host-3.somewhere.cloud.json │ │ │ ├── my-fake-host-4.somewhere.cloud.json │ │ │ ├── my-fake-host-5.somewhere.cloud.json │ │ │ ├── my-fake-host-6.somewhere.cloud.json │ │ │ ├── my-fake-host-7.somewhere.cloud.json │ │ │ ├── my-fake-host-8.somewhere.cloud.json │ │ │ ├── my-fake-host-9.somewhere.cloud.json │ │ │ └── sample_input_report/ │ │ │ └── prismacloud_sample.csv │ │ ├── prowler/ │ │ │ ├── prowler-hdf.json │ │ │ └── sample_input_report/ │ │ │ ├── prowler-sample.asff-json │ │ │ └── prowler_sample.json │ │ ├── sarif/ │ │ │ ├── sample_input_report/ │ │ │ │ └── sarif_input.sarif │ │ │ ├── sarif-hdf-withraw.json │ │ │ └── sarif-hdf.json │ │ ├── scoutsuite/ │ │ │ ├── sample_input_report/ │ │ │ │ └── scoutsuite_sample.js │ │ │ ├── scoutsuite-hdf-withraw.json │ │ │ └── scoutsuite-hdf.json │ │ ├── snyk/ │ │ │ ├── nodejs-goof-local-hdf.json │ │ │ ├── nodejs-goof-remote-hdf.json │ │ │ └── sample_input_report/ │ │ │ ├── nodejs-goof-local.json │ │ │ └── nodejs-goof-remote.json │ │ ├── sonarqube/ │ │ │ ├── sonarqube-branch-hdf.json │ │ │ ├── sonarqube-hdf.json │ │ │ └── sonarqube-pull-request-hdf.json │ │ ├── target/ │ │ │ ├── minimal-hdf-target-nonobject.json │ │ │ ├── minimal-hdf-target-object.json │ │ │ └── target-object.json │ │ ├── thresholds/ │ │ │ ├── red_hat_good.counts.good.yml │ │ │ ├── rhel-8_hardened.counts.bad.noimpactHigh.yml │ │ │ ├── rhel-8_hardened.counts.good.exact.yml │ │ │ ├── triple_overlay_profile_example.json.counts.bad.compliance.yml │ │ │ ├── triple_overlay_profile_example.json.counts.bad.total.yml │ │ │ ├── triple_overlay_profile_example.json.counts.good.yml │ │ │ └── triple_overlay_profile_example.json.counts.totalMinMax.yml │ │ ├── trivy/ │ │ │ ├── sample_input_report/ │ │ │ │ └── trivy-image_golang-1.12-alpine_sample.json │ │ │ └── trivy-image_golang-1.12-alpine-hdf.json │ │ ├── trufflehog/ │ │ │ ├── sample_input_report/ │ │ │ │ ├── trufflehog.json │ │ │ │ ├── trufflehog_docker_example.json │ │ │ │ ├── trufflehog_dup.ndjson │ │ │ │ ├── trufflehog_report_example.json │ │ │ │ └── trufflehog_saf_example.json │ │ │ ├── trufflehog-docker-hdf-withraw.json │ │ │ ├── trufflehog-docker-hdf.json │ │ │ ├── trufflehog-hdf-withraw.json │ │ │ ├── trufflehog-hdf.json │ │ │ ├── trufflehog-ndjson-dup-hdf.json │ │ │ ├── trufflehog-report-example-hdf-withraw.json │ │ │ ├── trufflehog-report-example-hdf.json │ │ │ ├── trufflehog-saf-hdf-withraw.json │ │ │ └── trufflehog-saf-hdf.json │ │ ├── twistlock/ │ │ │ ├── sample_input_report/ │ │ │ │ ├── twistlock-twistcli-coderepo-scan-sample.json │ │ │ │ └── twistlock-twistcli-sample-1.json │ │ │ ├── twistlock-coderepo-hdf-withraw.json │ │ │ ├── twistlock-coderepo-hdf.json │ │ │ ├── twistlock-hdf-withraw.json │ │ │ └── twistlock-hdf.json │ │ ├── utils/ │ │ │ └── ohdf/ │ │ │ └── calculations/ │ │ │ ├── calculateComplianceScoresForExecJSONs.sample │ │ │ ├── calculateSeverityCounts.sample │ │ │ ├── calculateSummariesForExecJSONs.sample │ │ │ ├── calculateTotalCounts.sample │ │ │ └── calculateTotalCountsForSummaries.sample │ │ ├── veracode/ │ │ │ ├── sample_input_report/ │ │ │ │ └── veracode.xml │ │ │ └── veracode-hdf.json │ │ ├── xccdf/ │ │ │ ├── cis/ │ │ │ │ ├── CIS_AlmaLinux_OS_9_Benchmark_v2.0.0-xccdf.xml │ │ │ │ ├── CIS_Amazon_Linux_2_Benchmark_v3.0.0-xccdf.xml │ │ │ │ ├── CIS_Apache_Tomcat_10_Benchmark_v1.1.0-xccdf.xml │ │ │ │ └── CIS_Microsoft_IIS_10_Benchmark_v1.2.1-xccdf.xml │ │ │ └── stigs/ │ │ │ ├── FULL_Windows_Server_2022_V2R1_mini-sample-xccdf.xml │ │ │ ├── U_ASD_STIG_V5R1_Manual-xccdf.xml │ │ │ ├── U_Adobe_ColdFusion_11_STIG_V1R4_Manual-xccdf.xml │ │ │ ├── U_Apache_Tomcat_Application_Server_9_STIG_V2R2_Manual-xccdf.xml │ │ │ ├── U_Apache_Tomcat_Application_Server_9_STIG_V2R3_Manual-xccdf.xml │ │ │ ├── U_Apple_OS_X_10-14_STIG_V2R3_Manual-xccdf.xml │ │ │ ├── U_Apple_OS_X_10-14_STIG_V2R4_Manual-xccdf.xml │ │ │ ├── U_Apple_OS_X_10-15_STIG_V1R4_Manual-xccdf.xml │ │ │ ├── U_Apple_OS_X_10-15_STIG_V1R5_Manual-xccdf.xml │ │ │ ├── U_Apple_macOS_11_STIG_V1R2_Manual-xccdf.xml │ │ │ ├── U_Apple_macOS_11_STIG_V1R3_Manual-xccdf.xml │ │ │ ├── U_Application_Layer_Gateway_V1R2_Manual-xccdf.xml │ │ │ ├── U_Application_Server_SRG_V3R1_Manual-xccdf.xml │ │ │ ├── U_CAN_Ubuntu_18-04_LTS_STIG_V2R3_Manual-xccdf.xml │ │ │ ├── U_CAN_Ubuntu_18-04_LTS_STIG_V2R4_Manual-xccdf.xml │ │ │ ├── U_CAN_Ubuntu_20-04_LTS_STIG_V1R1_Manual-xccdf.xml │ │ │ ├── U_CA_API_Gateway_ALG_STIG_V1R2_Manual-xccdf.xml │ │ │ ├── U_CD_PGSQL_STIG_V1R1_Manual-xccdf.xml │ │ │ ├── U_Central_Log_Server_SRG_V1R4_Manual-xccdf.xml │ │ │ ├── U_Central_Log_Server_SRG_V2R1_Manual-xccdf.xml │ │ │ ├── U_Cisco_IOS-XE_Router_RTR_STIG_V2R2_Manual-xccdf.xml │ │ │ ├── U_Cisco_IOS-XR_Router_RTR_STIG_V2R1_Manual-xccdf.xml │ │ │ ├── U_Cisco_IOS_Router_RTR_STIG_V2R1_Manual-xccdf.xml │ │ │ ├── U_Cisco_IOS_XE_Switch_RTR_STIG_V2R1_Manual-xccdf.xml │ │ │ ├── U_Cisco_NX-OS_Switch_RTR_STIG_V2R1_Manual-xccdf.xml │ │ │ ├── U_Container_Platform_SRG_V1R1_Manual-xccdf.xml │ │ │ ├── U_Container_Platform_SRG_V1R2_Manual-xccdf.xml │ │ │ ├── U_Database_SRG_V3R1_Manual-xccdf.xml │ │ │ ├── U_Docker_Enterprise_2-x_Linux-UNIX_STIG_V2R1_Manual-xccdf.xml │ │ │ ├── U_Domain_Name_System_V2R4_Manual-xccdf.xml │ │ │ ├── U_EDB_PGS_Advanced_Server_STIG_V2R1_Manual-xccdf.xml │ │ │ ├── U_EDB_Postgres_Advanced_Server_v11_on_Windows_V2R1_Manual-xccdf.xml │ │ │ ├── U_F5_BIG-IP_Device_Management_11-x_STIG_V2R1_Manual-xccdf.xml │ │ │ ├── U_F5_BIG-IP_Local_Traffic_Manager_11-x_STIG_V2R1_Manual-xccdf.xml │ │ │ ├── U_General_Purpose_Operating_System_SRG_V1R6_Manual-xccdf.xml │ │ │ ├── U_General_Purpose_Operating_System_SRG_V2R1_Manual-xccdf.xml │ │ │ ├── U_HP_FlexFabric_Switch_NDM_STIG_V1R3_Manual-xccdf.xml │ │ │ ├── U_IBM_AIX_7-x_STIG_V2R2_Manual-xccdf.xml │ │ │ ├── U_IBM_AIX_7-x_STIG_V2R3_Manual-xccdf.xml │ │ │ ├── U_IBM_DB2_V10-5_LUW_STIG_V1R4_Manual-xccdf.xml │ │ │ ├── U_IBM_DataPower_ALG_STIG_V1R1_Manual-xccdf.xml │ │ │ ├── U_IBM_WebSphere_Traditional_V9-x_STIG_V1R1_Manual-xccdf.xml │ │ │ ├── U_IBM_zOS_ACF2_STIG_V8R2_Manual-xccdf.xml │ │ │ ├── U_IBM_zOS_ACF2_STIG_V8R3_Manual-xccdf.xml │ │ │ ├── U_IBM_zOS_RACF_STIG_V8R3_Manual-xccdf.xml │ │ │ ├── U_IBM_zOS_RACF_STIG_V8R4_Manual-xccdf.xml │ │ │ ├── U_IBM_zOS_TSS_STIG_V8R2_Manual-xccdf.xml │ │ │ ├── U_IBM_zOS_TSS_STIG_V8R3_Manual-xccdf.xml │ │ │ ├── U_IB_8-x_DNS_STIG_V1R1_Manual-xccdf.xml │ │ │ ├── U_Juniper_Router_RTR_STIG_V2R2_Manual-xccdf.xml │ │ │ ├── U_Kubernetes_STIG_V1R1_Manual-xccdf.xml │ │ │ ├── U_Kubernetes_STIG_V1R2_Manual-xccdf.xml │ │ │ ├── U_MS_IE11_STIG_V1R19_Manual-xccdf.xml │ │ │ ├── U_MS_Office_365_ProPlus_STIG_V2R2_Manual-xccdf.xml │ │ │ ├── U_MS_Office_365_ProPlus_STIG_V2R3_Manual-xccdf.xml │ │ │ ├── U_MS_Outlook_2010_STIG_V1R13_Manual-xccdf.xml │ │ │ ├── U_MS_Outlook_2013_STIG_V1R13_Manual-xccdf.xml │ │ │ ├── U_MS_SQL_Server_2014_Instance_STIG_V1R10_Manual-xccdf.xml │ │ │ ├── U_MS_SQL_Server_2014_Instance_STIG_V2R1_Manual-xccdf.xml │ │ │ ├── U_MS_SQL_Server_2016_Instance_STIG_V2R3_Manual-xccdf.xml │ │ │ ├── U_MS_SQL_Server_2016_Instance_STIG_V2R4_Manual-xccdf.xml │ │ │ ├── U_MS_Windows_10_STIG_V2R2_Manual-xccdf.xml │ │ │ ├── U_MS_Windows_2012_and_2012_R2_DC_STIG_V3R2_Manual-xccdf.xml │ │ │ ├── U_MS_Windows_2012_and_2012_R2_MS_STIG_V3R2_Manual-xccdf.xml │ │ │ ├── U_MS_Windows_Server_2016_STIG_V2R2_Manual-xccdf.xml │ │ │ ├── U_MS_Windows_Server_2019_STIG_V2R2_Manual-xccdf.xml │ │ │ ├── U_Mainframe_Product_SRG_V1R4_Manual-xccdf.xml │ │ │ ├── U_McAfee_VirusScan88_Local_Client_STIG_V5R16_Manual-xccdf.xml │ │ │ ├── U_McAfee_VirusScan88_Managed_Client_STIG_V5R21_Manual-xccdf.xml │ │ │ ├── U_Microsoft_Windows_2012_Server_DNS_STIG_V2R2_Manual-xccdf.xml │ │ │ ├── U_Microsoft_Windows_2012_Server_DNS_STIG_V2R3_Manual-xccdf.xml │ │ │ ├── U_NDM_SRG_V4R1_Manual-xccdf.xml │ │ │ ├── U_Oracle_Database_11-2g_STIG_V2R1_Manual-xccdf.xml │ │ │ ├── U_Oracle_Database_11g_Installation_STIG_V8R20_Manual-xccdf.xml │ │ │ ├── U_Oracle_Database_11g_Instance_STIG_V8R20_Manual-xccdf.xml │ │ │ ├── U_Oracle_Database_12c_STIG_V2R1_Manual-xccdf.xml │ │ │ ├── U_Oracle_HTTP_Server_12-1-3_STIG_V1R7_Manual-xccdf.xml │ │ │ ├── U_Oracle_Linux_6_STIG_V2R3_Manual-xccdf.xml │ │ │ ├── U_Oracle_Linux_6_STIG_V2R4_Manual-xccdf.xml │ │ │ ├── U_Oracle_Linux_7_V2R3_Manual-xccdf.xml │ │ │ ├── U_Oracle_Linux_7_V2R4_Manual-xccdf.xml │ │ │ ├── U_Oracle_MySQL_8-0_STIG_V1R1_Manual-xccdf.xml │ │ │ ├── U_Oracle_WebLogic_Server_12c_V2R1_Manual-xccdf.xml │ │ │ ├── U_PGS_SQL_9-x_STIG_V2R1_Manual-xccdf.xml │ │ │ ├── U_PGS_SQL_9-x_STIG_V2R2_Manual-xccdf.xml │ │ │ ├── U_RHEL_7_STIG_V2R7_Manual-xccdf.xml │ │ │ ├── U_RHEL_7_STIG_V3R3_Manual-xccdf.xml │ │ │ ├── U_RHEL_7_STIG_V3R4_Manual-xccdf.xml │ │ │ ├── U_RHEL_8_STIG_V1R2_Manual-xccdf.xml │ │ │ ├── U_RHEL_8_STIG_V1R3_Manual-xccdf.xml │ │ │ ├── U_Router_SRG_V4R2_Manual-xccdf.xml │ │ │ ├── U_SLES_12_STIG_V2R3_Manual-xccdf.xml │ │ │ ├── U_SLES_12_STIG_V2R4_Manual-xccdf.xml │ │ │ ├── U_SLES_15_STIG_V1R2_Manual-xccdf.xml │ │ │ ├── U_SLES_15_STIG_V1R3_Manual-xccdf.xml │ │ │ ├── U_SOL_10_SPARC_STIG_V2R2_Manual-xccdf.xml │ │ │ ├── U_SOL_10_x86_STIG_V2R2_Manual-xccdf.xml │ │ │ ├── U_SOL_11_SPARC_STIG_V2R3_Manual-xccdf.xml │ │ │ ├── U_SOL_11_SPARC_STIG_V2R4_Manual-xccdf.xml │ │ │ ├── U_SOL_11_X86_STIG_V2R3_Manual-xccdf.xml │ │ │ ├── U_SOL_11_X86_STIG_V2R4_Manual-xccdf.xml │ │ │ ├── U_SYM_ProxySG_ALG_STIG_V1R3_Manual-xccdf.xml │ │ │ ├── U_Tanium_7-0_STIG_V1R2_Manual-xccdf.xml │ │ │ ├── U_Tanium_7-3_STIG_V2R1_Manual-xccdf.xml │ │ │ ├── U_Traditional_Security_Checklist_V1R3_Manual-xccdf.xml │ │ │ ├── U_Trend_Micro_Deep_Security_9-x_STIG_V1R1_Manual-xccdf.xml │ │ │ ├── U_UEM_Server_SRG_V1R1_Manual-xccdf.xml │ │ │ ├── U_VMW_vRealize_Automation_7-x_SLES_STIG_V1R1_Manual-xccdf.xml │ │ │ ├── U_VMW_vRealize_Automation_7-x_SLES_STIG_V2R1_Manual-xccdf.xml │ │ │ ├── U_VMW_vRealize_Automation_7-x_tc_Server_STIG_V1R1_Manual-xccdf.xml │ │ │ ├── U_VMW_vRealize_Automation_7-x_tc_Server_STIG_V2R1_Manual-xccdf.xml │ │ │ ├── U_VMW_vRealize_Ops_6-x_SLES_STIG_V1R1_Manual-xccdf.xml │ │ │ ├── U_VMW_vRealize_Ops_6-x_SLES_STIG_V2R1_Manual-xccdf.xml │ │ │ ├── U_VMW_vRealize_Ops_6-x_tc_Server_STIG_V1R1_Manual-xccdf.xml │ │ │ ├── U_VMW_vSphere_6-7_Photon_OS_STIG_V1R1_Manual-xccdf.xml │ │ │ ├── U_VPN_SRG_V2R3_Manual-xccdf.xml │ │ │ ├── U_Video_Services_Policy_STIG_V1R11_Manual-xccdf.xml │ │ │ ├── U_Voice_Video_Services_Policy_STIG_V3R17_Manual-xccdf.xml │ │ │ ├── U_Web_Server_V2R3_Manual-xccdf.xml │ │ │ ├── Windows_Server_2019_V3R2_xccdf.xml │ │ │ ├── Windows_Server_2022_V2R1_mini-sample-xccdf.xml │ │ │ └── rhel-7-v3r8-mini-sample-xxcdf.xml │ │ ├── xccdf_results/ │ │ │ ├── sample_input_report/ │ │ │ │ ├── xccdf-results-openscap-rhel7.xml │ │ │ │ ├── xccdf-results-openscap-rhel8.xml │ │ │ │ ├── xccdf-results-scc-rhel7.xml │ │ │ │ └── xccdf-results-scc-rhel8.xml │ │ │ ├── xccdf-openscap-rhel7-hdf-withraw.json │ │ │ ├── xccdf-openscap-rhel7-hdf.json │ │ │ ├── xccdf-openscap-rhel8-hdf-withraw.json │ │ │ ├── xccdf-openscap-rhel8-hdf.json │ │ │ ├── xccdf-scc-rhel7-hdf-withraw.json │ │ │ ├── xccdf-scc-rhel7-hdf.json │ │ │ ├── xccdf-scc-rhel8-hdf-withraw.json │ │ │ └── xccdf-scc-rhel8-hdf.json │ │ └── zap/ │ │ ├── sample_input_report/ │ │ │ ├── webgoat.json │ │ │ └── zero.webappsecurity.json │ │ ├── zap-webappsecurity-hdf-withraw.json │ │ ├── zap-webappsecurity-hdf.json │ │ ├── zap-webgoat-hdf-withraw.json │ │ └── zap-webgoat-hdf.json │ ├── tsconfig.json │ └── utils/ │ ├── __tests__/ │ │ ├── cross_vendor_integration.test.ts │ │ ├── delta_matching.test.ts │ │ ├── global.test.ts │ │ └── logging.test.ts │ └── ohdf/ │ ├── __tests__/ │ │ └── output_generator.test.ts │ ├── calculations.test.ts │ └── data_loader.test.ts ├── tsconfig.json └── vitest.config.ts
SYMBOL INDEX (609 symbols across 133 files)
FILE: src/commands/attest/apply.ts
class ApplyAttestation (line 11) | class ApplyAttestation extends BaseCommand<typeof ApplyAttestation> {
method run (line 26) | async run() {
FILE: src/commands/attest/create.ts
constant MAX_SEARCH_RESULTS (line 13) | const MAX_SEARCH_RESULTS = 5;
class CreateAttestations (line 16) | class CreateAttestations extends BaseCommand<typeof CreateAttestations> {
method promptForever (line 32) | promptForever(promptValue: string): string {
method getStatus (line 41) | getStatus(): 'passed' | 'failed' {
method promptForAttestation (line 56) | promptForAttestation(id: string): Attestation {
method run (line 67) | async run() {
FILE: src/commands/convert/anchoregrype2hdf.ts
class AnchoreGrype2HDF (line 7) | class AnchoreGrype2HDF extends BaseCommand<typeof AnchoreGrype2HDF> {
method run (line 34) | async run() {
FILE: src/commands/convert/asff2hdf.ts
constant API_MAX_RESULTS (line 22) | const API_MAX_RESULTS = 100;
class ASFF2HDF (line 24) | class ASFF2HDF extends BaseCommand<typeof ASFF2HDF> {
method run (line 103) | async run() {
FILE: src/commands/convert/aws_config2hdf.ts
class AWSConfig2HDF (line 8) | class AWSConfig2HDF extends BaseCommand<typeof AWSConfig2HDF> {
method ensureRefs (line 59) | ensureRefs(output: ExecJSON.Execution): ExecJSON.Execution {
method run (line 81) | async run() {
FILE: src/commands/convert/burpsuite2hdf.ts
class Burpsuite2HDF (line 7) | class Burpsuite2HDF extends BaseCommand<typeof Burpsuite2HDF> {
method run (line 34) | async run() {
FILE: src/commands/convert/checkov2hdf.ts
class Checkov2HDF (line 7) | class Checkov2HDF extends BaseCommand<typeof Checkov2HDF> {
method run (line 34) | async run() {
FILE: src/commands/convert/ckl2hdf.ts
class CKL2HDF (line 7) | class CKL2HDF extends BaseCommand<typeof CKL2HDF> {
method run (line 34) | async run() {
FILE: src/commands/convert/ckl2poam.ts
constant STARTING_ROW (line 32) | const STARTING_ROW = 8;
class CKL2POAM (line 34) | class CKL2POAM extends BaseCommand<typeof CKL2POAM> {
method run (line 79) | async run() {
FILE: src/commands/convert/conveyor2hdf.ts
class Conveyor2HDF (line 7) | class Conveyor2HDF extends BaseCommand<typeof Conveyor2HDF> {
method run (line 29) | async run() {
FILE: src/commands/convert/cyclonedx_sbom2hdf.ts
class CycloneDXSBOM2HDF (line 7) | class CycloneDXSBOM2HDF extends BaseCommand<typeof CycloneDXSBOM2HDF> {
method run (line 34) | async run() {
FILE: src/commands/convert/dbprotect2hdf.ts
class DBProtect2HDF (line 7) | class DBProtect2HDF extends BaseCommand<typeof DBProtect2HDF> {
method run (line 34) | async run() {
FILE: src/commands/convert/dependency_track2hdf.ts
class DependencyTrack2HDF (line 7) | class DependencyTrack2HDF extends BaseCommand<typeof DependencyTrack2HDF> {
method run (line 20) | async run() {
FILE: src/commands/convert/fortify2hdf.ts
class Fortify2HDF (line 7) | class Fortify2HDF extends BaseCommand<typeof Fortify2HDF> {
method run (line 36) | async run() {
FILE: src/commands/convert/gosec2hdf.ts
class Gosec2HDF (line 7) | class Gosec2HDF extends BaseCommand<typeof Gosec2HDF> {
method run (line 20) | async run() {
FILE: src/commands/convert/hdf2asff.ts
class HDF2ASFF (line 16) | class HDF2ASFF extends BaseCommand<typeof HDF2ASFF> {
method run (line 88) | async run() {
FILE: src/commands/convert/hdf2caat.ts
class HDF2CAAT (line 7) | class HDF2CAAT extends BaseCommand<typeof HDF2CAAT> {
method run (line 30) | async run() {
FILE: src/commands/convert/hdf2ckl.ts
class HDF2CKL (line 14) | class HDF2CKL extends Command {
method run (line 219) | async run() {
method catch (line 321) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/convert/hdf2condensed.ts
class HDF2Condensed (line 15) | class HDF2Condensed extends BaseCommand<typeof HDF2Condensed> {
method run (line 37) | async run() {
FILE: src/commands/convert/hdf2csv.ts
class HDF2CSV (line 16) | class HDF2CSV extends BaseCommand<typeof HDF2CSV> {
method run (line 75) | async run() {
method requiredFlagsProvided (line 142) | requiredFlagsProvided(flags: { input: any; output: any }): boolean {
method convertRows (line 172) | private convertRows(evaluation: ContextualizedEvaluation, filename: st...
method saveCSV (line 191) | private async saveCSV(filename: fs.PathLike | fs.promises.FileHandle, ...
method convertToCSV (line 218) | private convertToCSV(data: stringify.Input, options: stringify.Options...
method getFlags (line 245) | private async getFlags(): Promise<any> {
method validFileFlags (line 342) | private validFileFlags(input: string, output: string): boolean {
FILE: src/commands/convert/hdf2html.ts
class HDF2HTML (line 6) | class HDF2HTML extends Command {
method run (line 22) | async run() {
FILE: src/commands/convert/hdf2splunk.ts
class HDF2Splunk (line 8) | class HDF2Splunk extends BaseCommand<typeof HDF2Splunk> {
method run (line 76) | async run() {
FILE: src/commands/convert/hdf2xccdf.ts
class HDF2XCCDF (line 8) | class HDF2XCCDF extends BaseCommand<typeof HDF2XCCDF> {
method run (line 29) | async run() {
FILE: src/commands/convert/index.ts
function getInputFilename (line 37) | function getInputFilename(): string {
class Convert (line 49) | class Convert extends BaseCommand<typeof Convert> {
method getFlagsForInputFile (line 71) | static getFlagsForInputFile(filePath: string) {
method run (line 103) | async run() {
FILE: src/commands/convert/ionchannel2hdf.ts
class IonChannel2HDF (line 13) | class IonChannel2HDF extends BaseCommand<typeof IonChannel2HDF> {
method run (line 76) | async run() {
FILE: src/commands/convert/jfrog_xray2hdf.ts
class JfrogXray2HDF (line 7) | class JfrogXray2HDF extends BaseCommand<typeof JfrogXray2HDF> {
method run (line 34) | async run() {
FILE: src/commands/convert/msft_secure2hdf.ts
function processInputs (line 21) | function processInputs(
class MsftSecure2HDF (line 49) | class MsftSecure2HDF extends BaseCommand<typeof MsftSecure2HDF> {
method run (line 144) | async run() {
FILE: src/commands/convert/nessus2hdf.ts
class Nessus2HDF (line 8) | class Nessus2HDF extends BaseCommand<typeof Nessus2HDF> {
method run (line 37) | async run() {
FILE: src/commands/convert/netsparker2hdf.ts
class Netsparker2HDF (line 7) | class Netsparker2HDF extends BaseCommand<typeof Netsparker2HDF> {
method run (line 35) | async run() {
FILE: src/commands/convert/neuvector2hdf.ts
class NeuVector2HDF (line 7) | class NeuVector2HDF extends BaseCommand<typeof NeuVector2HDF> {
method run (line 34) | async run() {
FILE: src/commands/convert/nikto2hdf.ts
class Nikto2HDF (line 7) | class Nikto2HDF extends BaseCommand<typeof Nikto2HDF> {
method run (line 35) | async run() {
FILE: src/commands/convert/prisma2hdf.ts
class Prisma2HDF (line 9) | class Prisma2HDF extends BaseCommand<typeof Prisma2HDF> {
method run (line 31) | async run() {
FILE: src/commands/convert/prowler2hdf.ts
class Prowler2HDF (line 9) | class Prowler2HDF extends BaseCommand<typeof Prowler2HDF> {
method run (line 31) | async run() {
FILE: src/commands/convert/sarif2hdf.ts
class Sarif2HDF (line 7) | class Sarif2HDF extends BaseCommand<typeof Sarif2HDF> {
method run (line 40) | async run() {
FILE: src/commands/convert/scoutsuite2hdf.ts
class Scoutsuite2HDF (line 7) | class Scoutsuite2HDF extends BaseCommand<typeof Scoutsuite2HDF> {
method run (line 35) | async run() {
FILE: src/commands/convert/snyk2hdf.ts
class Snyk2HDF (line 8) | class Snyk2HDF extends BaseCommand<typeof Snyk2HDF> {
method run (line 31) | async run() {
FILE: src/commands/convert/sonarqube2hdf.ts
class Sonarqube2HDF (line 7) | class Sonarqube2HDF extends BaseCommand<typeof Sonarqube2HDF> {
method run (line 74) | async run() {
FILE: src/commands/convert/splunk2hdf.ts
class Splunk2HDF (line 11) | class Splunk2HDF extends BaseCommand<typeof Splunk2HDF> {
method searchExecutions (line 80) | async searchExecutions(
method run (line 90) | async run() {
FILE: src/commands/convert/trivy2hdf.ts
class Trivy2HDF (line 9) | class Trivy2HDF extends BaseCommand<typeof Trivy2HDF> {
method run (line 31) | async run() {
FILE: src/commands/convert/trufflehog2hdf.ts
class Trufflehog2HDF (line 7) | class Trufflehog2HDF extends BaseCommand<typeof Trufflehog2HDF> {
method run (line 34) | async run() {
FILE: src/commands/convert/twistlock2hdf.ts
class Twistlock2HDF (line 7) | class Twistlock2HDF extends BaseCommand<typeof Twistlock2HDF> {
method run (line 34) | async run() {
FILE: src/commands/convert/veracode2hdf.ts
class Veracode2HDF (line 7) | class Veracode2HDF extends BaseCommand<typeof Veracode2HDF> {
method run (line 29) | async run() {
FILE: src/commands/convert/xccdf_results2hdf.ts
class XCCDFResults2HDF (line 7) | class XCCDFResults2HDF extends BaseCommand<typeof XCCDFResults2HDF> {
method run (line 34) | async run() {
FILE: src/commands/convert/zap2hdf.ts
class Zap2HDF (line 7) | class Zap2HDF extends BaseCommand<typeof Zap2HDF> {
method run (line 39) | async run() {
FILE: src/commands/emasser/configure.ts
class EmasserBuildConfig (line 5) | class EmasserBuildConfig extends Command {
method run (line 36) | async run(): Promise<void> {
FILE: src/commands/emasser/delete/artifacts.ts
constant CMD_HELP (line 8) | const CMD_HELP = 'saf emasser delete artifacts -h or --help';
class EmasserDeleteArtifacts (line 9) | class EmasserDeleteArtifacts extends Command {
method run (line 21) | async run(): Promise<void> {
method catch (line 36) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/delete/cloud_resources.ts
constant CMD_HELP (line 8) | const CMD_HELP = 'saf emasser delete cloud_resources -h or --help';
class EmasserDeleteCloudResources (line 9) | class EmasserDeleteCloudResources extends Command {
method run (line 21) | async run(): Promise<void> {
method catch (line 37) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/delete/container_scans.ts
constant CMD_HELP (line 8) | const CMD_HELP = 'saf emasser delete container_scans -h or --help';
class EmasserContainerScans (line 9) | class EmasserContainerScans extends Command {
method run (line 21) | async run(): Promise<void> {
method catch (line 37) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/delete/hardware_baseline.ts
constant CMD_HELP (line 8) | const CMD_HELP = 'saf emasser delete hardware_baseline -h or --help';
class EmasserDeleteHardwareBaseline (line 9) | class EmasserDeleteHardwareBaseline extends Command {
method run (line 21) | async run(): Promise<void> {
method catch (line 37) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/delete/milestones.ts
constant CMD_HELP (line 8) | const CMD_HELP = 'saf emasser delete milestones -h or --help';
class EmasserDeleteMilestones (line 9) | class EmasserDeleteMilestones extends Command {
method run (line 21) | async run(): Promise<void> {
method catch (line 37) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/delete/poams.ts
constant CMD_HELP (line 8) | const CMD_HELP = 'saf emasser delete poams -h or --help';
class EmasserDeletePoams (line 9) | class EmasserDeletePoams extends Command {
method run (line 21) | async run(): Promise<void> {
method catch (line 37) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/delete/software_baseline.ts
constant CMD_HELP (line 8) | const CMD_HELP = 'saf emasser delete software_baseline -h or --help';
class EmasserDeleteSoftwareBaseline (line 9) | class EmasserDeleteSoftwareBaseline extends Command {
method run (line 21) | async run(): Promise<void> {
method catch (line 37) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/get/artifacts.ts
type ApiResponse (line 17) | type ApiResponse = {
class EmasserGetArtifacts (line 26) | class EmasserGetArtifacts extends Command {
method run (line 48) | async run(): Promise<void> {
method catch (line 91) | protected catch(error: unknown): Promise<void> {
FILE: src/commands/emasser/get/cac.ts
class EmasserGetCac (line 8) | class EmasserGetCac extends Command {
method run (line 20) | async run(): Promise<void> {
method catch (line 34) | protected catch(error: unknown): Promise<void> {
FILE: src/commands/emasser/get/cmmc.ts
class EmasserGetCmmc (line 8) | class EmasserGetCmmc extends Command {
method run (line 20) | async run(): Promise<void> {
method catch (line 34) | protected catch(error: unknown): Promise<void> {
FILE: src/commands/emasser/get/controls.ts
class EmasserGetControls (line 8) | class EmasserGetControls extends Command {
method run (line 20) | async run(): Promise<void> {
method catch (line 34) | protected catch(error: unknown): Promise<void> {
FILE: src/commands/emasser/get/dashboards.ts
class EmasserGetDashboards (line 45) | class EmasserGetDashboards extends Command {
method run (line 151) | async run(): Promise<void> {
method catch (line 903) | protected catch(error: unknown): Promise<void> {
FILE: src/commands/emasser/get/hardware.ts
class EmasserGetHardwareBaseline (line 8) | class EmasserGetHardwareBaseline extends Command {
method run (line 38) | async run(): Promise<void> {
method catch (line 56) | protected catch(error: unknown): Promise<void> {
FILE: src/commands/emasser/get/milestones.ts
class EmasserGetMilestones (line 15) | class EmasserGetMilestones extends Command {
method run (line 37) | async run(): Promise<void> {
method catch (line 63) | protected catch(error: unknown): Promise<void> {
FILE: src/commands/emasser/get/pac.ts
class EmasserGetPac (line 8) | class EmasserGetPac extends Command {
method run (line 20) | async run(): Promise<void> {
method catch (line 34) | protected catch(error: unknown): Promise<void> {
FILE: src/commands/emasser/get/poams.ts
class EmasserGetPoams (line 15) | class EmasserGetPoams extends Command {
method run (line 37) | async run(): Promise<void> {
method catch (line 63) | protected catch(error: unknown): Promise<void> {
FILE: src/commands/emasser/get/roles.ts
class EmasserGetRoles (line 15) | class EmasserGetRoles extends Command {
method run (line 37) | async run(): Promise<void> {
method catch (line 63) | protected catch(error: unknown): Promise<void> {
FILE: src/commands/emasser/get/software.ts
class EmasserGetSoftwareBaseline (line 8) | class EmasserGetSoftwareBaseline extends Command {
method run (line 38) | async run(): Promise<void> {
method catch (line 56) | protected catch(error: unknown): Promise<void> {
FILE: src/commands/emasser/get/system.ts
class EmasserGetSystem (line 8) | class EmasserGetSystem extends Command {
method run (line 20) | async run(): Promise<void> {
method catch (line 34) | protected catch(error: unknown): Promise<void> {
FILE: src/commands/emasser/get/systems.ts
class EmasserGetSystems (line 8) | class EmasserGetSystems extends Command {
method run (line 20) | async run(): Promise<void> {
method catch (line 34) | protected catch(error: unknown): Promise<void> {
FILE: src/commands/emasser/get/test_connection.ts
class EmasserGetTestConnection (line 8) | class EmasserGetTestConnection extends Command {
method run (line 19) | async run(): Promise<void> {
method catch (line 31) | protected catch(error: unknown): Promise<void> {
FILE: src/commands/emasser/get/test_results.ts
class EmasserGetTestResults (line 8) | class EmasserGetTestResults extends Command {
method run (line 20) | async run(): Promise<void> {
method catch (line 34) | protected catch(error: unknown): Promise<void> {
FILE: src/commands/emasser/get/workflow_definitions.ts
class EmasserGetWorkflowDefinitions (line 8) | class EmasserGetWorkflowDefinitions extends Command {
method run (line 20) | async run(): Promise<void> {
FILE: src/commands/emasser/get/workflow_instances.ts
class EmasserGetWorkflowInstances (line 15) | class EmasserGetWorkflowInstances extends Command {
method run (line 37) | async run(): Promise<void> {
method catch (line 63) | protected catch(error: unknown): Promise<void> {
FILE: src/commands/emasser/hello.ts
class EmasserSayHello (line 5) | class EmasserSayHello extends Command {
method run (line 8) | run(): Promise<void> {
FILE: src/commands/emasser/post/artifacts.ts
constant CMD_HELP (line 12) | const CMD_HELP = 'saf emasser post artifacts -h or --help';
class EmasserPostArtifacts (line 13) | class EmasserPostArtifacts extends Command {
method run (line 41) | async run(): Promise<void> {
method catch (line 93) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/post/cac.ts
constant CMD_HELP (line 9) | const CMD_HELP = 'saf emasser post cac -h or --help';
class EmasserPostCac (line 10) | class EmasserPostCac extends Command {
method run (line 22) | async run(): Promise<void> {
method catch (line 42) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/post/cloud_resources.ts
type CloudResource (line 28) | type CloudResource = {
type Tags (line 50) | type Tags = Record<string, string>;
type ComplianceResults (line 52) | type ComplianceResults = {
function getAllJsonExamples (line 73) | function getAllJsonExamples(): string {
function assertParamExists (line 89) | function assertParamExists(object: string, value: string | boolean | und...
function addRequiredFieldsToRequestBody (line 106) | function addRequiredFieldsToRequestBody(dataObj: CloudResource): CloudRe...
function addOptionalFields (line 170) | function addOptionalFields(bodyObject: CloudResource, dataObj: CloudReso...
function isValidCloudResource (line 238) | function isValidCloudResource(obj: unknown): obj is CloudResource {
constant CMD_HELP (line 246) | const CMD_HELP = 'saf emasser post cloud_resources -h or --help';
class EmasserPostCloudResources (line 247) | class EmasserPostCloudResources extends Command {
method run (line 268) | async run(): Promise<void> {
method catch (line 332) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/post/container_scans.ts
type ContainerResource (line 25) | type ContainerResource = {
type Tags (line 42) | type Tags = Record<string, string>;
type Benchmarks (line 47) | type Benchmarks = {
type Results (line 60) | type Results = {
type StatusEnum (line 94) | type StatusEnum = typeof StatusEnum[keyof typeof StatusEnum];
function getAllJsonExamples (line 103) | function getAllJsonExamples(): string {
function assertParamExists (line 120) | function assertParamExists(object: string, value: string | boolean | num...
function addRequiredFieldsToRequestBody (line 138) | function addRequiredFieldsToRequestBody(dataObj: ContainerResource): Con...
function addOptionalFields (line 213) | function addOptionalFields(bodyObject: ContainerResource, dataObj: Conta...
function isValidContainerResource (line 290) | function isValidContainerResource(obj: unknown): obj is ContainerResource {
constant CMD_HELP (line 303) | const CMD_HELP = 'saf emasser post container_scans -h or --help';
class EmasserContainerScans (line 304) | class EmasserContainerScans extends Command {
method run (line 325) | async run(): Promise<void> {
method catch (line 390) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/post/device_scans.ts
constant CMD_HELP (line 11) | const CMD_HELP = 'saf emasser post device_scans -h or --help';
class EmasserPostDeviceScans (line 12) | class EmasserPostDeviceScans extends Command {
method run (line 43) | async run(): Promise<void> {
method catch (line 89) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/post/hardware_baseline.ts
type Hardware (line 40) | type Hardware = {
function getAllJsonExamples (line 73) | function getAllJsonExamples(): Record<string, unknown> {
function assertParamExists (line 88) | function assertParamExists(object: string, value: string | undefined | n...
function addRequiredFieldsToRequestBody (line 106) | function addRequiredFieldsToRequestBody(dataObj: Hardware): Hardware {
function addConditionalFields (line 129) | function addConditionalFields(bodyObject: Hardware, dataObj: Hardware): ...
function addOptionalFields (line 149) | function addOptionalFields(bodyObject: Hardware, dataObj: Hardware): void {
function generateBodyObj (line 213) | function generateBodyObj(dataObject: Hardware): Hardware {
function isHardware (line 233) | function isHardware(obj: unknown): obj is Hardware {
constant CMD_HELP (line 247) | const CMD_HELP = 'saf emasser post hardware_baseline -h or --help';
class EmasserHardwareBaseline (line 248) | class EmasserHardwareBaseline extends Command {
method run (line 273) | async run(): Promise<void> {
method catch (line 314) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/post/milestones.ts
constant CMD_HELP (line 9) | const CMD_HELP = 'saf emasser post milestones -h or --help';
class EmasserPostMilestones (line 10) | class EmasserPostMilestones extends Command {
method run (line 24) | async run(): Promise<void> {
method catch (line 45) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/post/pac.ts
constant CMD_HELP (line 9) | const CMD_HELP = 'saf emasser post pac -h or --help';
class EmasserPostPac (line 10) | class EmasserPostPac extends Command {
method run (line 22) | async run(): Promise<void> {
method catch (line 43) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/post/poams.ts
type Poams (line 58) | type Poams = {
function getAllJsonExamples (line 122) | function getAllJsonExamples(): string {
function assertParamExists (line 140) | function assertParamExists(object: string, value: string | undefined | n...
function addRequiredFieldsToRequestBody (line 158) | function addRequiredFieldsToRequestBody(dataObj: Poams): Poams {
function addConditionalFields (line 194) | function addConditionalFields(bodyObject: Poams, dataObj: Poams): void {
function addOptionalFields (line 222) | function addOptionalFields(bodyObject: Poams, dataObj: Poams): void {
function processBusinessLogic (line 363) | function processBusinessLogic(bodyObject: Poams, dataObj: Poams): void {
function generateBodyObj (line 470) | function generateBodyObj(dataObject: Poams): Poams {
constant CMD_HELP (line 484) | const CMD_HELP = 'saf emasser post poams -h or --help';
class EmasserPostPoams (line 485) | class EmasserPostPoams extends Command {
method run (line 512) | async run(): Promise<void> {
method catch (line 553) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/post/register.ts
class EmasserPostRegister (line 8) | class EmasserPostRegister extends Command {
method run (line 19) | async run(): Promise<void> {
FILE: src/commands/emasser/post/software_baseline.ts
type Software (line 52) | type Software = {
function getAllJsonExamples (line 104) | function getAllJsonExamples(): string {
function assertParamExists (line 121) | function assertParamExists(object: string, value: string | undefined | n...
function addRequiredFieldsToRequestBody (line 139) | function addRequiredFieldsToRequestBody(dataObj: Software): Software {
function addConditionalFields (line 166) | function addConditionalFields(bodyObject: Software, dataObj: Software): ...
function addOptionalFields (line 178) | function addOptionalFields(bodyObject: Software, dataObj: Software): void {
function generateBodyObj (line 319) | function generateBodyObj(dataObject: Software): Software {
constant CMD_HELP (line 333) | const CMD_HELP = 'saf emasser post software_baseline -h or --help';
class EmasserSoftwareBaseline (line 334) | class EmasserSoftwareBaseline extends Command {
method run (line 359) | async run(): Promise<void> {
method catch (line 400) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/post/static_code_scans.ts
function getAllJsonExamples (line 26) | function getAllJsonExamples(action: string): string {
function assertParamExists (line 55) | function assertParamExists(object: string, value: string | boolean | num...
function addApplicationToRequestBody (line 69) | function addApplicationToRequestBody(dataObj: StaticCodeRequest): Static...
function addApplicationFindingsFields (line 105) | function addApplicationFindingsFields(bodyObject: StaticCodeRequest, dat...
constant CMD_HELP (line 147) | const CMD_HELP = 'saf emasser post static_code_scans -h or --help';
class EmasserPostStaticCodeScans (line 148) | class EmasserPostStaticCodeScans extends Command {
method run (line 177) | async run(): Promise<void> {
method catch (line 249) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/post/test_results.ts
constant CMD_HELP (line 9) | const CMD_HELP = 'saf emasser post test_results -h or --help';
class EmasserPostTestResults (line 10) | class EmasserPostTestResults extends Command {
method run (line 23) | async run(): Promise<void> {
method catch (line 46) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/put/artifacts.ts
function getAllJsonExamples (line 12) | function getAllJsonExamples(): Record<string, unknown> {
function assertParamExists (line 19) | function assertParamExists(object: string, value: string | number | bool...
function addRequiredFieldsToRequestBody (line 26) | function addRequiredFieldsToRequestBody(dataObj: Artifacts): Artifacts {
function addOptionalFields (line 47) | function addOptionalFields(bodyObject: Artifacts, dataObj: Artifacts): v...
function generateBodyObj (line 81) | function generateBodyObj(dataObject: Artifacts): Artifacts {
constant CMD_HELP (line 93) | const CMD_HELP = 'saf emasser put artifacts -h or --help';
class EmasserPutArtifacts (line 94) | class EmasserPutArtifacts extends Command {
method run (line 115) | async run(): Promise<void> {
method catch (line 164) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/put/controls.ts
type Controls (line 11) | type Controls = {
function getAllJsonExamples (line 46) | function getAllJsonExamples(): Record<string, unknown> {
function assertParamExists (line 54) | function assertParamExists(object: string, value: string | number | unde...
function addRequiredFieldsToRequestBody (line 61) | function addRequiredFieldsToRequestBody(dataObj: Controls): Controls {
function addConditionalFields (line 84) | function addConditionalFields(bodyObject: Controls, dataObj: Controls): ...
function addOptionalFields (line 118) | function addOptionalFields(bodyObject: Controls, dataObj: Controls): void {
function processBusinessLogic (line 176) | function processBusinessLogic(bodyObject: Controls, dataObj: Controls): ...
function generateBodyObj (line 286) | function generateBodyObj(dataObject: Controls): Controls {
constant CMD_HELP (line 300) | const CMD_HELP = 'saf emasser put controls -h or --help';
class EmasserPutControls (line 301) | class EmasserPutControls extends Command {
method run (line 324) | async run(): Promise<void> {
method catch (line 372) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/put/hardware_baseline.ts
type Hardware (line 42) | type Hardware = {
function getAllJsonExamples (line 66) | function getAllJsonExamples(): Record<string, unknown> {
function assertParamExists (line 81) | function assertParamExists(object: string, value: string | undefined | n...
function addRequiredFieldsToRequestBody (line 99) | function addRequiredFieldsToRequestBody(dataObj: Hardware): Hardware {
function addConditionalFields (line 124) | function addConditionalFields(bodyObject: Hardware, dataObj: Hardware): ...
function addOptionalFields (line 144) | function addOptionalFields(bodyObject: Hardware, dataObj: Hardware): void {
function generateBodyObj (line 205) | function generateBodyObj(dataObject: Hardware): Hardware {
constant CMD_HELP (line 219) | const CMD_HELP = 'saf emasser post hardware_baseline -h or --help';
class EmasserHardwareBaseline (line 220) | class EmasserHardwareBaseline extends Command {
method run (line 245) | async run(): Promise<void> {
method catch (line 294) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/put/milestones.ts
constant CMD_HELP (line 9) | const CMD_HELP = 'saf emasser put milestones -h or --help';
class EmasserPutMilestones (line 10) | class EmasserPutMilestones extends Command {
method run (line 22) | async run(): Promise<void> {
method catch (line 44) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/put/poams.ts
type Poams (line 61) | type Poams = {
function getAllJsonExamples (line 117) | function getAllJsonExamples(): Record<string, unknown> {
function assertParamExists (line 133) | function assertParamExists(object: string, value: string | number | unde...
function addRequiredFieldsToRequestBody (line 151) | function addRequiredFieldsToRequestBody(dataObj: Poams): Poams {
function addConditionalFields (line 189) | function addConditionalFields(bodyObject: Poams, dataObj: Poams): void {
function addOptionalFields (line 218) | function addOptionalFields(bodyObject: Poams, dataObj: Poams): void {
function processBusinessLogic (line 364) | function processBusinessLogic(bodyObject: Poams, dataObj: Poams): void {
function generateBodyObj (line 498) | function generateBodyObj(dataObject: Poams): Poams {
constant CMD_HELP (line 512) | const CMD_HELP = 'saf emasser put poams -h or --help';
class EmasserPutPoams (line 513) | class EmasserPutPoams extends Command {
method run (line 538) | async run(): Promise<void> {
method catch (line 587) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/put/software_baseline.ts
type Software (line 61) | type Software = {
function getAllJsonExamples (line 115) | function getAllJsonExamples(): Record<string, unknown> {
function assertParamExists (line 130) | function assertParamExists(object: string, value: string | undefined | n...
function addRequiredFieldsToRequestBody (line 148) | function addRequiredFieldsToRequestBody(dataObj: Software): Software {
function addConditionalFields (line 177) | function addConditionalFields(bodyObject: Software, dataObj: Software): ...
function addOptionalFields (line 189) | function addOptionalFields(bodyObject: Software, dataObj: Software): void {
function generateBodyObj (line 330) | function generateBodyObj(dataObject: Software): Software {
constant CMD_HELP (line 344) | const CMD_HELP = 'saf emasser put software_baseline -h or --help';
class EmasserSoftwareBaseline (line 345) | class EmasserSoftwareBaseline extends Command {
method run (line 370) | async run(): Promise<void> {
method catch (line 419) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
FILE: src/commands/emasser/version.ts
class EmasserGetVersion (line 4) | class EmasserGetVersion extends Command {
method run (line 9) | run(): Promise<void> {
FILE: src/commands/generate/ckl_metadata.ts
class GenerateCKLMetadata (line 20) | class GenerateCKLMetadata extends BaseCommand<typeof GenerateCKLMetadata> {
method run (line 48) | async run() {
method getFlags (line 91) | private async getFlags(): Promise<unknown> {
method getCklMetaData (line 151) | private async getCklMetaData(): Promise<unknown> {
FILE: src/commands/generate/delta.ts
class GenerateDelta (line 41) | class GenerateDelta extends BaseCommand<typeof GenerateDelta> {
method run (line 126) | async run() {
method mapControls (line 630) | mapControls(oldProfile: Profile, newProfile: Profile): object {
method logMatchMethod (line 733) | private static logMatchMethod(log: Logger, link: LinkRecord): void {
method tickMatchCounter (line 773) | private static tickMatchCounter(link: LinkRecord): void {
method getMappedStatisticsValidation (line 790) | getMappedStatisticsValidation(totalMappedControls: number, statValidat...
method requiredFlagsProvided (line 807) | requiredFlagsProvided(flags: any): boolean { // skipcq: JS-0105
method getXccdfContent (line 855) | async getXccdfContent(xccdfType: string, xccdfInput: string): Promise<...
method updateTitle (line 925) | updateTitle(str: string): string { // skipcq: JS-0105
method createMappedDirectory (line 949) | createMappedDirectory(controlsDir: string): string { // skipcq: JS-0105
method logThis (line 968) | logThis(logMsg: string, logLevel: string) { // skipcq: JS-0105
method getFlags (line 1028) | private async getFlags(): Promise<any> {
method isXccdfFile (line 1272) | private isXccdfFile(xccdfXmlFile: string): boolean {
method saveLogs (line 1321) | private saveLogs(errorMsg: string) {
method sleep (line 1329) | private sleep(ms: number) {
FILE: src/commands/generate/inspec_metadata.ts
class GenerateInSpecMetadata (line 8) | class GenerateInSpecMetadata extends BaseCommand<typeof GenerateInSpecMe...
method run (line 19) | async run() {
FILE: src/commands/generate/inspec_profile.ts
class InspecProfile (line 13) | class InspecProfile extends BaseCommand<typeof InspecProfile> {
method run (line 75) | async run() {
function getDISAReadmeContent (line 245) | function getDISAReadmeContent(_xmlDoc: any): InspecReadme {
function getCISReadmeContent (line 291) | function getCISReadmeContent(_xmlDoc: any): InspecReadme {
function generateReadme (line 323) | function generateReadme(contentObj: InspecReadme, outDir: string, logger...
function generateYaml (line 630) | function generateYaml(profile: Profile, outDir: string, logger: Logger) {
function generateLicense (line 662) | function generateLicense(outDir: string, logger: Logger) {
function generateNotice (line 687) | function generateNotice(outDir: string, logger: Logger) {
function generateRubocopYml (line 711) | function generateRubocopYml(outDir: string, logger: Logger) {
function generateGemRc (line 891) | function generateGemRc(outDir: string, logger: Logger) {
function generateGemFile (line 904) | function generateGemFile(outDir: string, logger: Logger) {
function generateRakeFile (line 942) | function generateRakeFile(outDir: string, logger: Logger) {
function generateGitIgnoreFile (line 978) | function generateGitIgnoreFile(outDir: string, logger: Logger) {
FILE: src/commands/generate/spreadsheet2inspec_stub.ts
class Spreadsheet2HDF (line 17) | class Spreadsheet2HDF extends BaseCommand<typeof Spreadsheet2HDF> {
method matchReferences (line 36) | matchReferences(control: Partial<InSpecControl>): Partial<InSpecContro...
method matchImpactFromSeverityIfImpactNotSet (line 50) | matchImpactFromSeverityIfImpactNotSet(control: Partial<InSpecControl>)...
method matchCISControls (line 59) | matchCISControls(control: Partial<InSpecControl>, flags: Record<string...
method extractCCIsFromText (line 112) | extractCCIsFromText(control: Partial<InSpecControl>): Partial<InSpecCo...
method run (line 129) | async run() {
FILE: src/commands/generate/threshold.ts
class GenerateThreshold (line 10) | class GenerateThreshold extends BaseCommand<typeof GenerateThreshold> {
method run (line 26) | async run() {
FILE: src/commands/generate/update_controls4delta.ts
class GenerateUpdateControls (line 45) | class GenerateUpdateControls extends BaseCommand<typeof GenerateUpdateCo...
method run (line 101) | async run(): Promise<any> {
function isXccdfFile (line 507) | function isXccdfFile(xccdfXmlFile: string, logger: Logger): boolean {
function getUpdatedControl (line 543) | function getUpdatedControl(path: fs.PathOrFileDescriptor, currentControl...
function saveControl (line 553) | function saveControl(filePath: string, newXCCDFControlNumber: string,
FILE: src/commands/harden/harden.ts
class Harden (line 3) | class Harden extends Command {
method run (line 12) | run() {
FILE: src/commands/scan/scan.ts
class Scan (line 3) | class Scan extends Command {
method run (line 12) | run() {
FILE: src/commands/supplement/passthrough/read.ts
class ReadPassthrough (line 6) | class ReadPassthrough extends BaseCommand<typeof ReadPassthrough> {
method run (line 18) | async run() {
FILE: src/commands/supplement/passthrough/write.ts
class WritePassthrough (line 6) | class WritePassthrough extends BaseCommand<typeof WritePassthrough> {
method run (line 31) | async run() {
FILE: src/commands/supplement/target/read.ts
class ReadTarget (line 6) | class ReadTarget extends BaseCommand<typeof ReadTarget> {
method run (line 18) | async run() {
FILE: src/commands/supplement/target/write.ts
class WriteTarget (line 6) | class WriteTarget extends BaseCommand<typeof WriteTarget> {
method run (line 31) | async run() {
FILE: src/commands/validate/threshold.ts
class Threshold (line 22) | class Threshold extends BaseCommand<typeof Threshold> {
method run (line 51) | async run() { // skipcq: JS-R1005
FILE: src/commands/view/heimdall.ts
class Heimdall (line 8) | class Heimdall extends Command {
method run (line 23) | async run() {
FILE: src/commands/view/summary.ts
constant VIEW_SUMMARY (line 8) | const VIEW_SUMMARY = 'view summary:';
constant IO_GROUP (line 11) | const IO_GROUP = 'I/O';
constant FORMATTING_GROUP (line 14) | const FORMATTING_GROUP = 'formatting';
constant DEFAULT_LOG_LEVEL (line 17) | const DEFAULT_LOG_LEVEL = 'info';
constant FORMAT_OPTIONS (line 20) | const FORMAT_OPTIONS = ['json', 'yaml', 'markdown'];
type CommandFlags (line 33) | type CommandFlags = {
class Summary (line 57) | class Summary extends Command {
method run (line 134) | async run() {
FILE: src/types/csv.d.ts
type CSVControl (line 1) | type CSVControl = {
type ControlSetRow (line 19) | type ControlSetRow = Record<string, string>;
type ControlSetRows (line 21) | type ControlSetRows = ControlSetRow[];
FILE: src/types/inspec.d.ts
type InSpecControl (line 1) | type InSpecControl = {
type InSpecMetaData (line 38) | type InSpecMetaData = {
type InspecReadme (line 46) | type InspecReadme = {
FILE: src/types/splunk-sdk-no-env/index.d.ts
type SplunkConfig (line 2) | type SplunkConfig = {
type jobTrackCallbacks (line 17) | type jobTrackCallbacks = {
class Http (line 25) | class Http {
class Logger (line 29) | class Logger {
class Indexs (line 33) | class Indexs {
class Index (line 37) | class Index {
class Jobs (line 47) | class Jobs {
class Job (line 57) | class Job {
class Service (line 73) | class Service {
FILE: src/types/stig.d.ts
type STIG (line 1) | type STIG = {
type CHECKLIST (line 4) | type CHECKLIST = {
type Asset (line 8) | type Asset = {
type STIGs (line 21) | type STIGs = {
type STIGHolder (line 24) | type STIGHolder = {
type STIGInfo (line 28) | type STIGInfo = {
type SIData (line 31) | type SIData = {
type Vulnerability (line 36) | type Vulnerability = {
type STIGAttributes (line 70) | type STIGAttributes = {
FILE: src/types/threshold.d.ts
type ControlStatusHash (line 4) | type ControlStatusHash = Record<ControlStatus | 'Waived', number>;
type StatusHash (line 6) | type StatusHash = ControlStatusHash & {
type ControlIDThresholdValues (line 13) | type ControlIDThresholdValues = Record<string, Record<string, string[]>>;
type ThresholdValues (line 15) | type ThresholdValues = {
FILE: src/utils/ckl2poam.ts
function extractSTIGUrl (line 7) | function extractSTIGUrl(findingDetails: string): string {
function cklSeverityToPOAMSeverity (line 23) | function cklSeverityToPOAMSeverity(severity: string): string {
function cklSeverityToRelevanceOfThreat (line 48) | function cklSeverityToRelevanceOfThreat() {
function cklSeverityToLikelihood (line 52) | function cklSeverityToLikelihood(severity: string) {
function cklSeverityToImpact (line 73) | function cklSeverityToImpact(severity: string) {
function cklSeverityToResidualRiskLevel (line 94) | function cklSeverityToResidualRiskLevel(severity: string) {
function createCVD (line 115) | function createCVD(vulnerability: Vulnerability): string {
function convertToRawSeverity (line 123) | function convertToRawSeverity(severity: string) {
function cleanStatus (line 144) | function cleanStatus(status: string) {
function replaceSpecialCharacters (line 160) | function replaceSpecialCharacters(text: string): string {
function cleanComments (line 164) | function cleanComments(comments: string): string {
function combineComments (line 168) | function combineComments(vulnerability: Vulnerability, host: string) {
function extractSolution (line 176) | function extractSolution(findingDetails: string): string | undefined {
function cci2nist (line 194) | function cci2nist(cci: string) {
FILE: src/utils/csv.ts
function descriptionsToString (line 24) | function descriptionsToString(
function segmentsToString (line 54) | function segmentsToString(segments: HDFControlSegment[] | undefined): st...
function convertRow (line 73) | function convertRow(
FILE: src/utils/delta_matching.ts
constant COMPLIANCE_MODALS (line 23) | const COMPLIANCE_MODALS = new Set([
function tokensBeforeModal (line 27) | function tokensBeforeModal(title: string): string[] {
function tokenizeSet (line 39) | function tokenizeSet(s: string): Set<string> {
type ControlLike (line 52) | type ControlLike = {
function extractSrgId (line 67) | function extractSrgId(control: ControlLike): string | null {
function safeTitle (line 71) | function safeTitle(title: string | null | undefined): string {
function extractCcis (line 80) | function extractCcis(control: ControlLike): Set<string> {
function tokenJaccard (line 92) | function tokenJaccard(a: string, b: string): number {
function cciJaccard (line 113) | function cciJaccard(a: Set<string>, b: Set<string>): number {
function buildSrgIndex (line 134) | function buildSrgIndex(
type MatchMethod (line 170) | type MatchMethod
type LinkRecord (line 176) | type LinkRecord = {
type ProfileLike (line 186) | type ProfileLike = {
constant FUSE_ACCEPT_THRESHOLD (line 199) | const FUSE_ACCEPT_THRESHOLD = 0.45;
constant TIER2_MISMATCH_THRESHOLD (line 207) | const TIER2_MISMATCH_THRESHOLD = 0.5;
constant TIER3_MISMATCH_THRESHOLD (line 215) | const TIER3_MISMATCH_THRESHOLD = 0.9;
constant TIER2_COMPOSITE_CCI_WEIGHT (line 224) | const TIER2_COMPOSITE_CCI_WEIGHT = 0.7;
constant TIER2_COMPOSITE_TITLE_WEIGHT (line 225) | const TIER2_COMPOSITE_TITLE_WEIGHT = 0.3;
function computePotentialMismatch (line 232) | function computePotentialMismatch(
type DeltaDiff (line 256) | type DeltaDiff = {
type DeltaJsonPayload (line 284) | type DeltaJsonPayload = DeltaDiff & { links: LinkRecord[] };
function buildDeltaJsonPayload (line 292) | function buildDeltaJsonPayload({
type SearchRecord (line 302) | type SearchRecord = { originalId: string; title: string; gtitle: string };
type FuseSearcher (line 308) | type FuseSearcher = {
type TierContext (line 312) | type TierContext = {
type ScoredCandidate (line 319) | type ScoredCandidate = { idx: number; composite: number; cci: number };
function claimOrRelate (line 325) | function claimOrRelate(
function makeLink (line 340) | function makeLink(args: {
function makeNoMatch (line 364) | function makeNoMatch(newControl: ControlLike, srg: string | null): LinkR...
function tier1DeterministicMatch (line 380) | function tier1DeterministicMatch(
function tier2CciTiebreak (line 410) | function tier2CciTiebreak(
function tier3FuseFallback (line 471) | function tier3FuseFallback(
function applyRequirementFirstPipeline (line 511) | function applyRequirementFirstPipeline(
function normalizeTitle (line 583) | function normalizeTitle(title: string, prefix: string): string {
function autoDetectPrefix (line 605) | function autoDetectPrefix(titles: string[], threshold = 0.5): string {
FILE: src/utils/emasser/api_config.ts
function printHelpMessage (line 5) | function printHelpMessage(showLocation: boolean) {
class ApiConfig (line 39) | class ApiConfig {
method constructor (line 57) | constructor() {
method getRequiredEnv (line 124) | getRequiredEnv(key: string): string {
method getOptionalEnv (line 155) | getOptionalEnv<T>(key: string, defaultValue: T): T {
FILE: src/utils/emasser/api_connection.ts
class ApiConnection (line 20) | class ApiConnection {
method constructor (line 25) | constructor() {
FILE: src/utils/emasser/generate_config.ts
constant PROMPT_MESSAGE (line 6) | const PROMPT_MESSAGE = [
constant PROMPT_NAMES_REQUIRED (line 23) | const PROMPT_NAMES_REQUIRED = [
constant PROMPT_NAMES_OPTIONAL (line 36) | const PROMPT_NAMES_OPTIONAL = [
constant OPTIONAL_DEFAULT_VALUES (line 48) | const OPTIONAL_DEFAULT_VALUES = [
function generateNewdotEnv (line 75) | function generateNewdotEnv() {
function processPrompt (line 107) | async function processPrompt() {
function updateKeyValuePairs (line 336) | function updateKeyValuePairs(filePath: fse.PathOrFileDescriptor, updates...
function isNumeric (line 389) | function isNumeric(value: unknown): boolean {
function generateConfig (line 401) | async function generateConfig() {
FILE: src/utils/emasser/init_connection.ts
class InitConnections (line 39) | class InitConnections {
method constructor (line 44) | constructor(conf: ApiConfig) {
FILE: src/utils/emasser/output_error.ts
function outputError (line 19) | function outputError(data: object): string {
FILE: src/utils/emasser/output_formatter.ts
function removeNullsFromObject (line 10) | function removeNullsFromObject(dataObject: object): object {
function convertEpochToDateTime (line 32) | function convertEpochToDateTime(dataObject: object): object {
function outputFormat (line 81) | function outputFormat(data: object, doConversion = true): string {
FILE: src/utils/emasser/utilities.ts
type CliArgs (line 15) | type CliArgs = {
type FlagOptions (line 26) | type FlagOptions = {
function getArgs (line 96) | function getArgs(argv: string[], endpointValue?: string): CliArgs {
function getFlagsForEndpoint (line 123) | function getFlagsForEndpoint(argv: string[]): FlagOptions { // skipcq: J...
function getDescriptionForEndpoint (line 495) | function getDescriptionForEndpoint(argv: string[], endpoint: string): st...
function getExamplesForEndpoint (line 915) | function getExamplesForEndpoint(argv: string[], endpoint?: string): stri...
function getJsonExamples (line 1364) | function getJsonExamples(endpoint?: string): string[] {
function saveFile (line 1752) | function saveFile(dir: string, filename: string, data: any): void {
function printHelpMsg (line 1775) | function printHelpMsg(msg: string) {
function printRedMsg (line 1784) | function printRedMsg(msg: string) {
function displayError (line 1798) | function displayError(error: unknown, endpoint: string) {
FILE: src/utils/global.ts
type SpreadsheetTypes (line 12) | type SpreadsheetTypes = 'cis' | 'disa' | 'general';
function checkSuffix (line 16) | function checkSuffix(input: string, suffix = '.json') {
function resolveCincAuditor (line 36) | function resolveCincAuditor(): string {
function resolveSafeChild (line 89) | function resolveSafeChild(baseDir: string, ...parts: string[]): string {
function basename (line 112) | function basename(inputPath: string): string {
function dataURLtoU8Array (line 141) | function dataURLtoU8Array(dataURL: string): Uint8Array {
function getInstalledPath (line 167) | function getInstalledPath(moduleName: string): string {
function arrayNeededPaths (line 193) | function arrayNeededPaths(typeOfPath: string, values: string | string[])...
function extractValueViaPathOrNumber (line 226) | function extractValueViaPathOrNumber(typeOfPathOrNumber: string, pathOrN...
type ExtendedContextualizedEvaluation (line 243) | type ExtendedContextualizedEvaluation = {
function getProfileInfo (line 269) | function getProfileInfo(evaluation: ExtendedContextualizedEvaluation, fi...
function getDescription (line 327) | function getDescription(
function checkInput (line 363) | function checkInput(guessOptions: { data: string; filename: string }, de...
function getErrorMessage (line 382) | function getErrorMessage(error: unknown): string {
function downloadFile (line 401) | async function downloadFile(url: string | undefined, outputPath: string)...
function extractFileFromZip (line 439) | function extractFileFromZip(zipPath: string, fileName: string): [Buffer ...
function getJsonMetaDataExamples (line 473) | function getJsonMetaDataExamples(endpoint?: string): string[] {
FILE: src/utils/logging.ts
type Summary (line 16) | type Summary = {
type WinstonLoggerOptions (line 26) | type WinstonLoggerOptions = {
function createWinstonLogger (line 94) | function createWinstonLogger(options: WinstonLoggerOptions = {}): Logger {
function getHDFSummary (line 130) | function getHDFSummary(hdf: ExecJSON.Execution): string {
FILE: src/utils/oclif/base_command.ts
type CommandFlags (line 4) | type CommandFlags<T extends typeof Command> = Interfaces.InferredFlags<t...
type CommandArgs (line 5) | type CommandArgs<T extends typeof Command> = Interfaces.InferredArgs<T['...
method init (line 46) | public async init(): Promise<void> {
method catch (line 59) | protected catch(err: Error & { exitCode?: number }): Promise<void> {
method finally (line 69) | protected finally(_: Error | undefined): Promise<any> {
FILE: src/utils/oclif/help/help.ts
class MyHelpClass (line 26) | class MyHelpClass extends Help {
method showCommandHelp (line 27) | public showCommandHelp(command: Command.Loadable): Promise<void> {
method logModify (line 73) | protected logModify(argNamesMap: Map<string, string>, ...args: string[...
method log (line 83) | protected log(...args: string[]): void {
class Stream (line 91) | class Stream {
method constructor (line 94) | constructor(channel: 'stdout' | 'stderr') {
method write (line 98) | public write(data: string): boolean {
FILE: src/utils/ohdf/calculations.ts
function calculateSummariesForExecJSONs (line 18) | function calculateSummariesForExecJSONs(execJSONs: Record<string, Contex...
function calculateComplianceScoresForExecJSONs (line 38) | function calculateComplianceScoresForExecJSONs(execJSONs: Record<string,...
function calculateTotalCountsForSummaries (line 58) | function calculateTotalCountsForSummaries(summaries: Record<string, Reco...
function calculateSeverityCounts (line 83) | function calculateSeverityCounts(summary: Record<string, Record<string, ...
function calculateTotalCounts (line 100) | function calculateTotalCounts(summary: Record<string, Record<string, num...
FILE: src/utils/ohdf/data_loader.ts
function loadExecJSONs (line 12) | function loadExecJSONs(files: string[]): Record<string, ContextualizedEv...
FILE: src/utils/ohdf/output_generator.ts
constant ROW_ORDER (line 17) | const ROW_ORDER: RowType[] = ['total', 'critical', 'high', 'medium', 'lo...
constant COLUMN_ORDER (line 18) | const COLUMN_ORDER: ColumnType[] = ['passed', 'failed', 'skipped', 'no_i...
constant COLUMN_EMOJI (line 20) | const COLUMN_EMOJI: Record<ColumnType, string> = {
function printAndWriteOutput (line 50) | function printAndWriteOutput(args: PrintAndWriteOutputArgs): void {
function createPrintableSummary (line 98) | function createPrintableSummary(
function extractResultSets (line 125) | function extractResultSets(execJSONs: Record<string, ContextualizedEvalu...
function generateValue (line 147) | function generateValue(item: PrintableSummary, column: string, key: stri...
function generateMarkdownTableRow (line 173) | function generateMarkdownTableRow(row: string, item: PrintableSummary): ...
function convertToMarkdown (line 187) | function convertToMarkdown(data: DataOrArray, titleTables: boolean): str...
function prettyPrintRowTitle (line 201) | function prettyPrintRowTitle(title: string): string {
function prettyPrintColumnTitle (line 216) | function prettyPrintColumnTitle(title: string): string {
function generateMarkdownTable (line 243) | function generateMarkdownTable(item: Data | PrintableSummary, titleTable...
FILE: src/utils/ohdf/types.ts
type PrintableSummary (line 8) | type PrintableSummary = {
type Data (line 27) | type Data = {
type DataOrArray (line 44) | type DataOrArray = Data | Data[] | PrintableSummary | PrintableSummary[];
type RowType (line 50) | type RowType = 'total' | 'critical' | 'high' | 'medium' | 'low';
type ColumnType (line 56) | type ColumnType = 'compliance' | 'passed' | 'failed' | 'skipped' | 'no_i...
type PrintAndWriteOutputArgs (line 67) | type PrintAndWriteOutputArgs = {
FILE: src/utils/threshold.ts
function extractStatusCounts (line 58) | function extractStatusCounts(profile: ContextualizedProfile, severity?: ...
function calculateCompliance (line 97) | function calculateCompliance(statusHash: StatusHash): number {
function exitNonZeroIfTrue (line 118) | function exitNonZeroIfTrue(condition: boolean, reason?: string) {
function renameStatusName (line 126) | function renameStatusName(statusName: string): string {
function reverseStatusName (line 154) | function reverseStatusName(statusName: string): 'passed' | 'failed' | 's...
function getControlIdMap (line 182) | function getControlIdMap(profile: ContextualizedProfile, thresholds?: Th...
function getDescriptionContentsOrUndefined (line 196) | function getDescriptionContentsOrUndefined(
function cklControlStatus (line 215) | function cklControlStatus(control: ContextualizedControl, for_summary?: ...
function controlFindingDetails (line 236) | function controlFindingDetails(control: { message: string[] }, controlCK...
function extractControlSummariesBySeverity (line 261) | function extractControlSummariesBySeverity(profile: ContextualizedProfil...
function flattenProfileSummary (line 371) | function flattenProfileSummary(threshold: Record<string, Record<string, ...
function unflattenThreshold (line 395) | function unflattenThreshold(threshold: Record<string, number>): Threshol...
FILE: src/utils/xccdf2inspec.ts
function wrap (line 5) | function wrap(s: string, lineLength = 80): string {
function convertEncodedXmlIntoJson (line 25) | function convertEncodedXmlIntoJson(encodedXml: string): unknown {
function severityStringToImpact (line 34) | function severityStringToImpact(string: string): number {
function impactNumberToSeverityString (line 58) | function impactNumberToSeverityString(impact: number): string {
function inspecControlToRubyCode (line 83) | function inspecControlToRubyCode(control: InSpecControl, lineLength?: nu...
FILE: test/commands/emasser/mock.server.ts
class InitMockServer (line 6) | class InitMockServer {
method constructor (line 12) | constructor() {
FILE: test/commands/utils.ts
function omitHDFChangingFields (line 4) | function omitHDFChangingFields(
function omitChecklistChangingFields (line 31) | function omitChecklistChangingFields(input: string) {
function omitHtmlChangingFields (line 37) | function omitHtmlChangingFields(input: string) {
function normalizeNewLines (line 42) | function normalizeNewLines(input: string): string {
Copy disabled (too large)
Download .json
Condensed preview — 635 files, each showing path, character count, and a content snippet. Download the .json file for the full structured content (118,399K chars).
[
{
"path": ".deepsource.toml",
"chars": 96,
"preview": "version = 1\r\n\r\ntest_patterns = [\"test/**\"]\r\n\r\n[[analyzers]]\r\nname = \"javascript\"\r\nenabled = true"
},
{
"path": ".editorconfig",
"chars": 171,
"preview": "root = true\n\n[*]\nindent_style = space\nindent_size = 2\ncharset = utf-8\ntrim_trailing_whitespace = true\ninsert_final_newli"
},
{
"path": ".env-example",
"chars": 1514,
"preview": "# -----------------------------------------------------------------------------\n# Required environment variables\nEMASSER"
},
{
"path": ".github/dependabot.yml",
"chars": 488,
"preview": "version: 2\nupdates:\n\n # Maintain dependencies for npm\n - package-ecosystem: \"npm\"\n directory: \"/\"\n schedule:\n "
},
{
"path": ".github/mergify.yml",
"chars": 479,
"preview": "queue_rules:\n - name: default # mergify/configuration-deprecated-update\n queue_conditions:\n - label=ready-to-me"
},
{
"path": ".github/release-drafter.yml",
"chars": 239,
"preview": "name-template: \"$NEXT_PATCH_VERSION\"\ntag-template: \"$NEXT_PATCH_VERSION\"\ncategories:\n - title: \"Dependency Updates\"\n "
},
{
"path": ".github/workflows/anchore-syft.yml",
"chars": 1243,
"preview": "# This workflow uses actions that are not certified by GitHub.\n# They are provided by a third-party and are governed by\n"
},
{
"path": ".github/workflows/auto-approve-and-merge.yml",
"chars": 629,
"preview": "name: Auto approve and Merge Dependabot PRs\n\non:\n pull_request_target:\n types: [labeled]\n\npermissions:\n pull-reques"
},
{
"path": ".github/workflows/build-macos.yml",
"chars": 1007,
"preview": "name: Build macOS Installer\n\non:\n push:\n branches: [ main ]\n pull_request:\n branches: [ main ]\n\npermissions:\n c"
},
{
"path": ".github/workflows/build-rpm.yml",
"chars": 1935,
"preview": "name: Build SAF-CLI RPM Installers\n\non:\n push:\n branches: [ main ]\n pull_request:\n branches: [ main ]\n workflow"
},
{
"path": ".github/workflows/build-windows-linux.yml",
"chars": 2215,
"preview": "name: Build SAF-CLI Windows/Linux Installers\n\non:\n push:\n branches: [ main ]\n pull_request:\n branches: [ main ]\n"
},
{
"path": ".github/workflows/bump-brew.yml",
"chars": 902,
"preview": "name: Bump Homebrew formula\n\non:\n workflow_run:\n workflows: [\"Push SAF-CLI to NPM and GPR\"]\n types:\n - compl"
},
{
"path": ".github/workflows/draft-release.yml",
"chars": 517,
"preview": "name: Draft Release\n\non:\n push:\n branches:\n - main\n\npermissions:\n contents: write # required to update the dra"
},
{
"path": ".github/workflows/e2e-ci.yml",
"chars": 2662,
"preview": "name: Run SAF-CLI E2E Tests\n\non:\n push:\n branches: [ main ]\n pull_request:\n branches: [ main ]\n\npermissions:\n c"
},
{
"path": ".github/workflows/linter.yml",
"chars": 476,
"preview": "name: Lint SAF-CLI\n\non:\n push:\n branches: [ main ]\n pull_request:\n branches: [ main ]\n\npermissions:\n contents: "
},
{
"path": ".github/workflows/push-to-docker-main.yml",
"chars": 2884,
"preview": "name: Push SAF CLI to Docker Hub on every merge to master and tag as latest\n\non:\n push:\n branches: [ main ]\n\npermiss"
},
{
"path": ".github/workflows/push-to-docker.yml",
"chars": 3532,
"preview": "name: Push SAF CLI to Docker Hub on every release\n\non:\n release:\n types: [published]\n workflow_dispatch:\n inputs"
},
{
"path": ".github/workflows/push-to-npm-gpr.yml",
"chars": 1309,
"preview": "name: Push SAF-CLI to NPM and GPR\non:\n release:\n types: [published]\n workflow_dispatch:\n\npermissions:\n id-token: w"
},
{
"path": ".github/workflows/test-docker-image.yml",
"chars": 932,
"preview": "name: Build and Test SAF CLI Docker Image on every Pull Request or Push to Main\n\non:\n push:\n branches: [ main ]\n pu"
},
{
"path": ".gitignore",
"chars": 327,
"preview": "generatedMD.md\n*-debug.log\n*-error.log\n/.nyc_output\n/dist\n/lib\n/tmp\n/bin/deepsource\n/test/logs\n/test/sample_data/inspec/"
},
{
"path": ".nvmrc",
"chars": 8,
"preview": "v22.0.0\n"
},
{
"path": ".vscode/launch.json",
"chars": 705,
"preview": "{\n \"version\": \"0.2.0\",\n \"configurations\": [\n {\n \"type\": \"node\",\n \"request\": \"launch\",\n \"name\": \"Debu"
},
{
"path": ".vscode/settings.json",
"chars": 310,
"preview": "{\n \"sonarlint.connectedMode.project\": {\n \"connectionId\": \"SAF\",\n \"projectKey\": \"mitre_saf\"\n },\n \""
},
{
"path": "CNAME",
"chars": 17,
"preview": "saf-cli.mitre.org"
},
{
"path": "Dockerfile",
"chars": 1028,
"preview": "ARG BASE_CONTAINER=node:22-alpine\n\nFROM $BASE_CONTAINER AS builder\n\nLABEL name=\"SAF\" \\\n vendor=\"The MITRE Corporati"
},
{
"path": "LICENSE.md",
"chars": 2129,
"preview": "# License\n\nCopyright © 2025 The MITRE Corporation.\n\nApproved for Public Release; Distribution Unlimited. Case Number 18-"
},
{
"path": "README.md",
"chars": 95679,
"preview": "# Security Automation Framework CLI\n\nThe MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings t"
},
{
"path": "VERSION",
"chars": 6,
"preview": "1.6.0\n"
},
{
"path": "_config.yml",
"chars": 27,
"preview": "theme: jekyll-theme-cayman\n"
},
{
"path": "bin/run",
"chars": 143,
"preview": "#!/usr/bin/env node\n\nconst oclif = require('@oclif/core')\n\noclif.run().then(require('@oclif/core/flush')).catch(require("
},
{
"path": "bin/run.cmd",
"chars": 31,
"preview": "@echo off\n\nnode \"%~dp0\\run\" %*\n"
},
{
"path": "docs/contributors-guide.md",
"chars": 4456,
"preview": "# MITRE SAF Development, Testing and Contribution Guide\n\nThe MITRE saf-cli is an OCLIF application developed with TypeSc"
},
{
"path": "docs/emasser/index.md",
"chars": 141030,
"preview": "# SAF CLI eMASSer Features and Capabilities\n\n## Environment Variables\nTo facilitate setting the required environment var"
},
{
"path": "eslint.config.js",
"chars": 6379,
"preview": "import { defineConfig } from 'eslint/config';\nimport js from '@eslint/js';\nimport stylistic from '@stylistic/eslint-plug"
},
{
"path": "oclif-theme.json",
"chars": 602,
"preview": "{\n \"bin\": \"yellow\",\n \"command\": \"yellow\",\n \"commandSummary\": \"green\",\n \"dollarSign\": \"yellow\",\n \"flag\": \""
},
{
"path": "pack-hdf-converters.bat",
"chars": 1447,
"preview": "ECHO OFF\n\nSET CYPRESS_INSTALL_BINARY=0\nSET PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true\n\nSET original_dir=%cd%\nECHO %original_d"
},
{
"path": "pack-hdf-converters.sh",
"chars": 885,
"preview": "#!/bin/bash\n\nset -o errexit # abort on nonzero exitstatus\nset -o nounset # abort on unbound variable\nset -o pipefail"
},
{
"path": "pack-heimdall-lite.bat",
"chars": 1414,
"preview": "ECHO OFF\n\nSET CYPRESS_INSTALL_BINARY=0\nSET PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true\n\nSET original_dir=%cd%\nECHO %original_d"
},
{
"path": "pack-heimdall-lite.sh",
"chars": 872,
"preview": "#!/bin/bash\n\nset -o errexit # abort on nonzero exitstatus\nset -o nounset # abort on unbound variable\nset -o pipefail"
},
{
"path": "pack-inspec-objects.bat",
"chars": 1290,
"preview": "ECHO OFF\n\nSET original_dir=%cd%\nECHO %original_dir%\n\nIF DEFINED npm_config_inspec_objects (\n CD %npm_config_inspec_obje"
},
{
"path": "pack-inspec-objects.sh",
"chars": 795,
"preview": "#!/bin/bash\n\nset -o errexit # abort on nonzero exitstatus\nset -o nounset # abort on unbound variable\nset -o pipefail"
},
{
"path": "pack-inspecjs.bat",
"chars": 1381,
"preview": "ECHO OFF\n\nSET CYPRESS_INSTALL_BINARY=0\nSET PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true\n\nSET original_dir=%cd%\nECHO %original_d"
},
{
"path": "pack-inspecjs.sh",
"chars": 855,
"preview": "#!/bin/bash\n\nset -o errexit # abort on nonzero exitstatus\nset -o nounset # abort on unbound variable\nset -o pipefail"
},
{
"path": "package.json",
"chars": 7575,
"preview": "{\n \"name\": \"@mitre/saf\",\n \"description\": \"The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) b"
},
{
"path": "release-prep.ps1",
"chars": 9886,
"preview": "#-----------------------------------------------------------------------------#\n# S U P P O R T I N G F U"
},
{
"path": "release-prep.sh",
"chars": 9154,
"preview": "#!/bin/bash\n\n#-----------------------------------------------------------------------------#\n# S U P P O R"
},
{
"path": "saf-cli.code-workspace",
"chars": 143,
"preview": "{\n\t\"folders\": [\n\t\t{\n\t\t\t\"name\": \"SAF CLI\",\n\t\t\t\"path\": \"./\"\n\t\t},\n\t\t{\n\t\t\t\"name\": \"Commands\",\n\t\t\t\"path\": \"./src/commands\"\n\t\t"
},
{
"path": "saf.spec",
"chars": 1066,
"preview": "%define _rpmfilename %%{ARCH}/%%{NAME}-v%%{VERSION}-%%{ARCH}.rpm\n\n%define name saf\n%define release 1\n\nName: %{name}\nVers"
},
{
"path": "src/commands/attest/apply.ts",
"chars": 3449,
"preview": "import fs from 'fs';\nimport path from 'path';\nimport { Flags } from '@oclif/core';\nimport _ from 'lodash';\nimport type {"
},
{
"path": "src/commands/attest/create.ts",
"chars": 5183,
"preview": "import fs from 'fs';\nimport { Flags } from '@oclif/core';\nimport type { Attestation } from '@mitre/hdf-converters';\nimpo"
},
{
"path": "src/commands/convert/anchoregrype2hdf.ts",
"chars": 1534,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { AnchoreGrypeMapper as Mapper, INPUT_TYPES } from '@mi"
},
{
"path": "src/commands/convert/asff2hdf.ts",
"chars": 10161,
"preview": "import fs from 'fs';\nimport path from 'path';\nimport {\n type AwsSecurityFindingFilters,\n type DescribeStandardsControl"
},
{
"path": "src/commands/convert/aws_config2hdf.ts",
"chars": 3305,
"preview": "import fs from 'fs';\nimport { Flags } from '@oclif/core';\nimport { AwsConfigMapper as Mapper } from '@mitre/hdf-converte"
},
{
"path": "src/commands/convert/burpsuite2hdf.ts",
"chars": 1535,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { BurpSuiteResults as Mapper, INPUT_TYPES } from '@mitr"
},
{
"path": "src/commands/convert/checkov2hdf.ts",
"chars": 1506,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { CheckovMapper as Mapper, INPUT_TYPES } from '@mitre/h"
},
{
"path": "src/commands/convert/ckl2hdf.ts",
"chars": 1625,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { ChecklistResults as Mapper, INPUT_TYPES } from '@mitr"
},
{
"path": "src/commands/convert/ckl2poam.ts",
"chars": 11197,
"preview": "import { mkdir, readFile } from 'fs/promises';\nimport path from 'path';\nimport { Flags } from '@oclif/core';\nimport { XM"
},
{
"path": "src/commands/convert/conveyor2hdf.ts",
"chars": 1558,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { ConveyorResults as Mapper, INPUT_TYPES } from '@mitre"
},
{
"path": "src/commands/convert/cyclonedx_sbom2hdf.ts",
"chars": 1575,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { CycloneDXSBOMResults as Mapper, INPUT_TYPES } from '@"
},
{
"path": "src/commands/convert/dbprotect2hdf.ts",
"chars": 1643,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { DBProtectMapper as Mapper, INPUT_TYPES } from '@mitre"
},
{
"path": "src/commands/convert/dependency_track2hdf.ts",
"chars": 1411,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { DependencyTrackMapper as Mapper, INPUT_TYPES } from '"
},
{
"path": "src/commands/convert/fortify2hdf.ts",
"chars": 1682,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { FortifyResults as Mapper, INPUT_TYPES } from '@mitre/"
},
{
"path": "src/commands/convert/gosec2hdf.ts",
"chars": 1433,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { GosecMapper as Mapper, INPUT_TYPES } from '@mitre/hdf"
},
{
"path": "src/commands/convert/hdf2asff.ts",
"chars": 7771,
"preview": "import fs from 'fs';\nimport https from 'https';\nimport path from 'path';\nimport {\n type AwsSecurityFinding,\n SecurityH"
},
{
"path": "src/commands/convert/hdf2caat.ts",
"chars": 1325,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { FromHDFToCAATMapper as Mapper } from '@mitre/hdf-conv"
},
{
"path": "src/commands/convert/hdf2ckl.ts",
"chars": 10842,
"preview": "import fs from 'fs';\nimport {\n Assettype,\n type ChecklistMetadata,\n ChecklistResults as Mapper,\n Role,\n Techarea,\n "
},
{
"path": "src/commands/convert/hdf2condensed.ts",
"chars": 2759,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { convertFileContextual, type ContextualizedProfile } f"
},
{
"path": "src/commands/convert/hdf2csv.ts",
"chars": 14508,
"preview": "import fs, { promises as fse } from 'fs';\nimport path from 'path';\nimport { checkbox, input, select } from '@inquirer/pr"
},
{
"path": "src/commands/convert/hdf2html.ts",
"chars": 1563,
"preview": "import fs from 'fs';\nimport path from 'path';\nimport { FileExportTypes, FromHDFToHTMLMapper as Mapper } from '@mitre/hdf"
},
{
"path": "src/commands/convert/hdf2splunk.ts",
"chars": 3588,
"preview": "import { Flags } from '@oclif/core';\nimport { FromHDFToSplunkMapper } from '@mitre/hdf-converters';\nimport { basename } "
},
{
"path": "src/commands/convert/hdf2xccdf.ts",
"chars": 1202,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { FromHDFToXCCDFMapper as Mapper } from '@mitre/hdf-con"
},
{
"path": "src/commands/convert/index.ts",
"chars": 11219,
"preview": "import fs from 'fs';\nimport _ from 'lodash';\nimport path from 'path';\nimport {\n AnchoreGrypeMapper,\n ASFFResults,\n Bu"
},
{
"path": "src/commands/convert/ionchannel2hdf.ts",
"chars": 5934,
"preview": "import { INPUT_TYPES, IonChannelAPIMapper, IonChannelMapper } from '@mitre/hdf-converters';\nimport { Flags } from '@ocli"
},
{
"path": "src/commands/convert/jfrog_xray2hdf.ts",
"chars": 1557,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { INPUT_TYPES, JfrogXrayMapper as Mapper } from '@mitre"
},
{
"path": "src/commands/convert/msft_secure2hdf.ts",
"chars": 7919,
"preview": "import fs from 'fs';\nimport https from 'https';\nimport { ClientSecretCredential } from '@azure/identity';\nimport {\n Cli"
},
{
"path": "src/commands/convert/nessus2hdf.ts",
"chars": 2079,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { INPUT_TYPES, NessusResults as Mapper } from '@mitre/h"
},
{
"path": "src/commands/convert/netsparker2hdf.ts",
"chars": 1678,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { INPUT_TYPES, NetsparkerResults as Mapper } from '@mit"
},
{
"path": "src/commands/convert/neuvector2hdf.ts",
"chars": 1522,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { INPUT_TYPES, NeuVectorMapper as Mapper } from '@mitre"
},
{
"path": "src/commands/convert/nikto2hdf.ts",
"chars": 1589,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { INPUT_TYPES, NiktoMapper as Mapper } from '@mitre/hdf"
},
{
"path": "src/commands/convert/prisma2hdf.ts",
"chars": 1478,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { PrismaMapper as Mapper } from '@mitre/hdf-converters'"
},
{
"path": "src/commands/convert/prowler2hdf.ts",
"chars": 1737,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { ASFFResults as Mapper, INPUT_TYPES } from '@mitre/hdf"
},
{
"path": "src/commands/convert/sarif2hdf.ts",
"chars": 1798,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { INPUT_TYPES, SarifMapper as Mapper } from '@mitre/hdf"
},
{
"path": "src/commands/convert/scoutsuite2hdf.ts",
"chars": 1681,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { INPUT_TYPES, ScoutsuiteMapper as Mapper } from '@mitr"
},
{
"path": "src/commands/convert/snyk2hdf.ts",
"chars": 1840,
"preview": "import fs from 'fs';\nimport { INPUT_TYPES, SnykResults as Mapper } from '@mitre/hdf-converters';\nimport { Flags } from '"
},
{
"path": "src/commands/convert/sonarqube2hdf.ts",
"chars": 3264,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { SonarqubeResults as Mapper } from '@mitre/hdf-convert"
},
{
"path": "src/commands/convert/splunk2hdf.ts",
"chars": 5773,
"preview": "import { Flags } from '@oclif/core';\nimport { SplunkMapper } from '@mitre/hdf-converters';\nimport { table } from 'table'"
},
{
"path": "src/commands/convert/trivy2hdf.ts",
"chars": 2020,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport { ASFFResults as Mapper, INPUT_TYPES } from '@mitre/hdf"
},
{
"path": "src/commands/convert/trufflehog2hdf.ts",
"chars": 1539,
"preview": "import fs from 'fs';\nimport { INPUT_TYPES, TrufflehogResults as Mapper } from '@mitre/hdf-converters';\nimport { Flags } "
},
{
"path": "src/commands/convert/twistlock2hdf.ts",
"chars": 1542,
"preview": "import fs from 'fs';\nimport { INPUT_TYPES, TwistlockResults as Mapper } from '@mitre/hdf-converters';\nimport { Flags } f"
},
{
"path": "src/commands/convert/veracode2hdf.ts",
"chars": 1346,
"preview": "import fs from 'fs';\nimport { INPUT_TYPES, VeracodeMapper as Mapper } from '@mitre/hdf-converters';\nimport { Flags } fro"
},
{
"path": "src/commands/convert/xccdf_results2hdf.ts",
"chars": 1604,
"preview": "import fs from 'fs';\nimport { INPUT_TYPES, XCCDFResultsResults as Mapper } from '@mitre/hdf-converters';\nimport { Flags "
},
{
"path": "src/commands/convert/zap2hdf.ts",
"chars": 1720,
"preview": "import fs from 'fs';\nimport { INPUT_TYPES, ZapResults as Mapper } from '@mitre/hdf-converters';\nimport { Flags } from '@"
},
{
"path": "src/commands/emasser/configure.ts",
"chars": 3010,
"preview": "import colors from 'colors';\nimport { Command } from '@oclif/core';\nimport { generateConfig } from '../../utils/emasser/"
},
{
"path": "src/commands/emasser/delete/artifacts.ts",
"chars": 1974,
"preview": "import { ArtifactsApi } from '@mitre/emass_client';\nimport { Command, Flags } from '@oclif/core';\nimport { colorize } fr"
},
{
"path": "src/commands/emasser/delete/cloud_resources.ts",
"chars": 2065,
"preview": "import { CloudResourceResultsApi } from '@mitre/emass_client';\nimport { Command, Flags } from '@oclif/core';\nimport { co"
},
{
"path": "src/commands/emasser/delete/container_scans.ts",
"chars": 2078,
"preview": "import { ContainerScanResultsApi } from '@mitre/emass_client';\nimport { Command, Flags } from '@oclif/core';\nimport { co"
},
{
"path": "src/commands/emasser/delete/hardware_baseline.ts",
"chars": 2070,
"preview": "import { HardwareBaselineApi } from '@mitre/emass_client';\nimport { Command, Flags } from '@oclif/core';\nimport { colori"
},
{
"path": "src/commands/emasser/delete/milestones.ts",
"chars": 2062,
"preview": "import { MilestonesApi } from '@mitre/emass_client';\nimport { Command, Flags } from '@oclif/core';\nimport { colorize } f"
},
{
"path": "src/commands/emasser/delete/poams.ts",
"chars": 1925,
"preview": "import { POAMApi } from '@mitre/emass_client';\nimport { Command, Flags } from '@oclif/core';\nimport { colorize } from 'j"
},
{
"path": "src/commands/emasser/delete/software_baseline.ts",
"chars": 2070,
"preview": "import { SoftwareBaselineApi } from '@mitre/emass_client';\nimport { Command, Flags } from '@oclif/core';\nimport { colori"
},
{
"path": "src/commands/emasser/get/artifacts.ts",
"chars": 4424,
"preview": "import { ArtifactsApi, ArtifactsExportApi } from '@mitre/emass_client';\nimport { Args, Command, Flags } from '@oclif/cor"
},
{
"path": "src/commands/emasser/get/cac.ts",
"chars": 1629,
"preview": "import { colorize } from 'json-colorizer';\nimport { CACApi } from '@mitre/emass_client';\nimport { Command, Flags } from "
},
{
"path": "src/commands/emasser/get/cmmc.ts",
"chars": 1633,
"preview": "import { CMMCAssessmentsApi } from '@mitre/emass_client';\nimport { Command, Flags } from '@oclif/core';\nimport { coloriz"
},
{
"path": "src/commands/emasser/get/controls.ts",
"chars": 1696,
"preview": "import { ControlsApi } from '@mitre/emass_client';\nimport { Command, Flags } from '@oclif/core';\nimport { colorize } fro"
},
{
"path": "src/commands/emasser/get/dashboards.ts",
"chars": 44097,
"preview": "import {\n VASystemDashboardsApi,\n VAOMBFISMADashboardApi,\n SystemPOAMDashboardsApi,\n SystemStatusDashboardApi,\n Sys"
},
{
"path": "src/commands/emasser/get/hardware.ts",
"chars": 2927,
"preview": "import { HardwareBaselineApi } from '@mitre/emass_client';\nimport { Args, Command, Flags } from '@oclif/core';\nimport { "
},
{
"path": "src/commands/emasser/get/milestones.ts",
"chars": 3230,
"preview": "import { MilestonesApi } from '@mitre/emass_client';\nimport { Args, Command, Flags } from '@oclif/core';\nimport { colori"
},
{
"path": "src/commands/emasser/get/pac.ts",
"chars": 1605,
"preview": "import { PACApi } from '@mitre/emass_client';\nimport { Command, Flags } from '@oclif/core';\nimport { colorize } from 'js"
},
{
"path": "src/commands/emasser/get/poams.ts",
"chars": 3091,
"preview": "import { POAMApi } from '@mitre/emass_client';\nimport { Args, Command, Flags } from '@oclif/core';\nimport { colorize } f"
},
{
"path": "src/commands/emasser/get/roles.ts",
"chars": 3020,
"preview": "import { SystemRolesApi } from '@mitre/emass_client';\nimport { Args, Command, Flags } from '@oclif/core';\nimport { color"
},
{
"path": "src/commands/emasser/get/software.ts",
"chars": 2918,
"preview": "import { SoftwareBaselineApi } from '@mitre/emass_client';\nimport { Args, Command, Flags } from '@oclif/core';\nimport { "
},
{
"path": "src/commands/emasser/get/system.ts",
"chars": 1674,
"preview": "import { SystemsApi } from '@mitre/emass_client';\nimport { Command, Flags } from '@oclif/core';\nimport { colorize } from"
},
{
"path": "src/commands/emasser/get/systems.ts",
"chars": 1755,
"preview": "import { SystemsApi } from '@mitre/emass_client';\nimport { Command, Flags } from '@oclif/core';\nimport { colorize } from"
},
{
"path": "src/commands/emasser/get/test_connection.ts",
"chars": 1557,
"preview": "import { TestApi } from '@mitre/emass_client';\nimport { Command, Flags } from '@oclif/core';\nimport { colorize } from 'j"
},
{
"path": "src/commands/emasser/get/test_results.ts",
"chars": 1740,
"preview": "import { TestResultsApi } from '@mitre/emass_client';\nimport { Command, Flags } from '@oclif/core';\nimport { colorize } "
},
{
"path": "src/commands/emasser/get/workflow_definitions.ts",
"chars": 1430,
"preview": "import { WorkflowDefinitionsApi } from '@mitre/emass_client';\nimport { Command, Flags } from '@oclif/core';\nimport { col"
},
{
"path": "src/commands/emasser/get/workflow_instances.ts",
"chars": 3234,
"preview": "import { WorkflowInstancesApi } from '@mitre/emass_client';\nimport { Args, Command, Flags } from '@oclif/core';\nimport {"
},
{
"path": "src/commands/emasser/hello.ts",
"chars": 580,
"preview": "import { Command } from '@oclif/core';\nimport { name, version } from '@mitre/emass_client/package.json';\nimport os from "
},
{
"path": "src/commands/emasser/post/artifacts.ts",
"chars": 4241,
"preview": "import fs from 'fs';\nimport os from 'os';\nimport path from 'path';\nimport { Command, Flags } from '@oclif/core';\nimport "
},
{
"path": "src/commands/emasser/post/cac.ts",
"chars": 1981,
"preview": "import { CACApi } from '@mitre/emass_client';\nimport type { CacGet as CAC } from '@mitre/emass_client/dist/api';\nimport "
},
{
"path": "src/commands/emasser/post/cloud_resources.ts",
"chars": 12819,
"preview": "import fs from 'fs';\nimport { readFile } from 'fs/promises';\nimport { CloudResourceResultsApi } from '@mitre/emass_clien"
},
{
"path": "src/commands/emasser/post/container_scans.ts",
"chars": 15177,
"preview": "import fs from 'fs';\nimport { readFile } from 'fs/promises';\nimport { ContainerScanResultsApi } from '@mitre/emass_clien"
},
{
"path": "src/commands/emasser/post/device_scans.ts",
"chars": 5196,
"preview": "import fs from 'fs';\nimport path from 'path';\nimport { DeviceScanResultsApi } from '@mitre/emass_client';\nimport { Comma"
},
{
"path": "src/commands/emasser/post/hardware_baseline.ts",
"chars": 11780,
"preview": "import fs from 'fs';\nimport { readFile } from 'fs/promises';\nimport { HardwareBaselineApi } from '@mitre/emass_client';\n"
},
{
"path": "src/commands/emasser/post/milestones.ts",
"chars": 2387,
"preview": "import { MilestonesApi } from '@mitre/emass_client';\nimport type { MilestonesGet as Milestones } from '@mitre/emass_clie"
},
{
"path": "src/commands/emasser/post/pac.ts",
"chars": 2041,
"preview": "import { PACApi } from '@mitre/emass_client';\nimport type { PacGet as PAC } from '@mitre/emass_client/dist/api';\nimport "
},
{
"path": "src/commands/emasser/post/poams.ts",
"chars": 24702,
"preview": "import fs from 'fs';\nimport { readFile } from 'fs/promises';\nimport { POAMApi } from '@mitre/emass_client';\nimport type "
},
{
"path": "src/commands/emasser/post/register.ts",
"chars": 1407,
"preview": "import { RegistrationApi } from '@mitre/emass_client';\nimport { Command, Flags } from '@oclif/core';\nimport { colorize }"
},
{
"path": "src/commands/emasser/post/software_baseline.ts",
"chars": 16055,
"preview": "import fs from 'fs';\nimport { readFile } from 'fs/promises';\nimport { SoftwareBaselineApi } from '@mitre/emass_client';\n"
},
{
"path": "src/commands/emasser/post/static_code_scans.ts",
"chars": 10813,
"preview": "import fs from 'fs';\nimport { readFile } from 'fs/promises';\nimport { StaticCodeScansApi } from '@mitre/emass_client';\ni"
},
{
"path": "src/commands/emasser/post/test_results.ts",
"chars": 2423,
"preview": "import { TestResultsApi } from '@mitre/emass_client';\nimport type { TestResultsGet as TestResult } from '@mitre/emass_cl"
},
{
"path": "src/commands/emasser/put/artifacts.ts",
"chars": 6407,
"preview": "import fs from 'fs';\nimport { readFile } from 'fs/promises';\nimport { ArtifactsApi } from '@mitre/emass_client';\nimport "
},
{
"path": "src/commands/emasser/put/controls.ts",
"chars": 15034,
"preview": "import fs from 'fs';\nimport { readFile } from 'fs/promises';\nimport { ControlsApi } from '@mitre/emass_client';\nimport {"
},
{
"path": "src/commands/emasser/put/hardware_baseline.ts",
"chars": 11429,
"preview": "import fs from 'fs';\nimport { readFile } from 'fs/promises';\nimport { HardwareBaselineApi } from '@mitre/emass_client';\n"
},
{
"path": "src/commands/emasser/put/milestones.ts",
"chars": 2270,
"preview": "import { MilestonesApi } from '@mitre/emass_client';\nimport type { MilestonesGet as Milestones } from '@mitre/emass_clie"
},
{
"path": "src/commands/emasser/put/poams.ts",
"chars": 25983,
"preview": "import fs from 'fs';\nimport { readFile } from 'fs/promises';\nimport { POAMApi } from '@mitre/emass_client';\nimport type "
},
{
"path": "src/commands/emasser/put/software_baseline.ts",
"chars": 16276,
"preview": "import fs from 'fs';\nimport { readFile } from 'fs/promises';\nimport { colorize } from 'json-colorizer';\nimport { Softwar"
},
{
"path": "src/commands/emasser/version.ts",
"chars": 440,
"preview": "import { Command } from '@oclif/core';\nimport { name, version } from '@mitre/emass_client/package.json';\n\nexport default"
},
{
"path": "src/commands/generate/ckl_metadata.ts",
"chars": 11574,
"preview": "import fs from 'fs';\nimport { hostname } from 'os';\nimport path from 'path';\nimport { input, confirm, select, number } f"
},
{
"path": "src/commands/generate/delta.ts",
"chars": 62746,
"preview": "import { execFileSync } from 'child_process';\nimport { EventEmitter } from 'events';\nimport fs, { copyFileSync } from 'f"
},
{
"path": "src/commands/generate/inspec_metadata.ts",
"chars": 1408,
"preview": "import { Flags } from '@oclif/core';\nimport fs from 'fs';\nimport promptSync from 'prompt-sync';\nimport { BaseCommand } f"
},
{
"path": "src/commands/generate/inspec_profile.ts",
"chars": 40822,
"preview": "import fs from 'fs';\nimport path from 'path';\nimport { processOVAL, processXCCDF, type Profile } from '@mitre/inspec-obj"
},
{
"path": "src/commands/generate/spreadsheet2inspec_stub.ts",
"chars": 14812,
"preview": "import fs from 'fs';\nimport path from 'path';\nimport { CciNistMappingData } from '@mitre/hdf-converters';\nimport { Flags"
},
{
"path": "src/commands/generate/threshold.ts",
"chars": 3732,
"preview": "import fs from 'fs';\nimport { Flags } from '@oclif/core';\nimport { convertFileContextual, type ContextualizedProfile } f"
},
{
"path": "src/commands/generate/update_controls4delta.ts",
"chars": 27455,
"preview": "import { execFileSync } from 'child_process';\nimport fs from 'fs';\nimport { readdir } from 'fs/promises';\nimport path fr"
},
{
"path": "src/commands/harden/harden.ts",
"chars": 474,
"preview": "import { Command, Flags } from '@oclif/core';\n\nexport default class Harden extends Command {\n static readonly aliases ="
},
{
"path": "src/commands/scan/scan.ts",
"chars": 470,
"preview": "import { Command, Flags } from '@oclif/core';\n\nexport default class Scan extends Command {\n static readonly aliases = ["
},
{
"path": "src/commands/supplement/passthrough/read.ts",
"chars": 1279,
"preview": "import fs from 'fs';\nimport { Flags } from '@oclif/core';\nimport type { ExecJSON } from 'inspecjs';\nimport { BaseCommand"
},
{
"path": "src/commands/supplement/passthrough/write.ts",
"chars": 2855,
"preview": "import fs from 'fs';\nimport { Flags } from '@oclif/core';\nimport type { ExecJSON } from 'inspecjs';\nimport { BaseCommand"
},
{
"path": "src/commands/supplement/target/read.ts",
"chars": 1219,
"preview": "import fs from 'fs';\nimport type { ExecJSON } from 'inspecjs';\nimport { Flags } from '@oclif/core';\nimport { BaseCommand"
},
{
"path": "src/commands/supplement/target/write.ts",
"chars": 2676,
"preview": "import fs from 'fs';\nimport { Flags } from '@oclif/core';\nimport type { ExecJSON } from 'inspecjs';\nimport { BaseCommand"
},
{
"path": "src/commands/validate/threshold.ts",
"chars": 9879,
"preview": "import fs from 'fs';\nimport { Flags } from '@oclif/core';\nimport { expect } from 'chai';\nimport { convertFileContextual,"
},
{
"path": "src/commands/view/heimdall.ts",
"chars": 3856,
"preview": "import fs from 'fs';\nimport path from 'path';\nimport { Command, Flags } from '@oclif/core';\nimport express, { type Reque"
},
{
"path": "src/commands/view/summary.ts",
"chars": 8317,
"preview": "import { Command, Flags } from '@oclif/core';\nimport { createWinstonLogger } from '../../utils/logging';\nimport { calcul"
},
{
"path": "src/index.ts",
"chars": 35,
"preview": "export { run } from '@oclif/core';\n"
},
{
"path": "src/resources/cis2nist.json",
"chars": 3218,
"preview": "{\n \"1\": \"CM-8\",\n \"1.1\": \"CM-8 (3)\",\n \"1.2\": \"CM-8 (3)\",\n \"1.3\": \"IA-3 (3)\",\n \"1.4\": \"CM-8 (2)\",\n \"1.5\""
},
{
"path": "src/resources/files.json",
"chars": 148097,
"preview": "{\n \"cis.mapping.yml\": {\n \"type\": \"string\",\n \"data\": \"id:\\n - ID\\n - \\\"recommendation #\\\"\\ntitle:\\n -"
},
{
"path": "src/types/accurate-search/index.d.ts",
"chars": 34,
"preview": "declare module 'accurate-search';\n"
},
{
"path": "src/types/csv.d.ts",
"chars": 412,
"preview": "export type CSVControl = {\n V_ID: string;\n Severity: string;\n CCI: string;\n Version: string;\n Title: string;\n Desc"
},
{
"path": "src/types/emass_client/index.d.ts",
"chars": 38,
"preview": "declare module '@mitre/emass_client';\n"
},
{
"path": "src/types/fuse/index.d.ts",
"chars": 25,
"preview": "declare module 'fuse.js'\n"
},
{
"path": "src/types/inspec.d.ts",
"chars": 1432,
"preview": "export type InSpecControl = {\n id: string;\n title: string;\n desc: string;\n descs: Record<string, string>;\n ref?: st"
},
{
"path": "src/types/splunk-sdk-no-env/index.d.ts",
"chars": 1829,
"preview": "declare module '@mitre/splunk-sdk-no-env' {\n export type SplunkConfig = {\n scheme: string;\n host: string;\n por"
},
{
"path": "src/types/stig.d.ts",
"chars": 1759,
"preview": "export type STIG = {\n CHECKLIST: CHECKLIST;\n};\nexport type CHECKLIST = {\n ASSET?: Asset[] | null;\n STIGS?: STIGs[] | "
},
{
"path": "src/types/threshold.d.ts",
"chars": 2292,
"preview": "import type { ControlStatus } from 'inspecjs';\n\n// The hash that we will generally be working with herein\nexport type Co"
},
{
"path": "src/types/xlsx_populate.d.ts",
"chars": 31,
"preview": "declare module 'xlsx-populate'\n"
},
{
"path": "src/utils/ckl2poam.ts",
"chars": 4468,
"preview": "import { CciNistMappingData } from '@mitre/hdf-converters';\nimport promptSync from 'prompt-sync';\nimport type { Vulnerab"
},
{
"path": "src/utils/csv.ts",
"chars": 4750,
"preview": "import type { ContextualizedControl, ExecJSON, HDFControlSegment } from 'inspecjs';\nimport _ from 'lodash';\nimport type "
},
{
"path": "src/utils/delta_matching.ts",
"chars": 20615,
"preview": "import Fuse from 'fuse.js';\n\n/**\n * Helpers for requirement-first delta matching.\n *\n * Cross-vendor STIG deltas (RHEL9 "
},
{
"path": "src/utils/emasser/api_config.ts",
"chars": 7899,
"preview": "import fs from 'fs';\nimport dotenv from 'dotenv';\nimport { printHelpMsg, printRedMsg } from './utilities';\n\nfunction pri"
},
{
"path": "src/utils/emasser/api_connection.ts",
"chars": 995,
"preview": "import type { Configuration } from '@mitre/emass_client/dist/configuration';\nimport type { AxiosInstance } from 'axios';"
},
{
"path": "src/utils/emasser/generate_config.ts",
"chars": 15638,
"preview": "import { input, confirm, password, select } from '@inquirer/prompts';\nimport colors from 'colors';\nimport dotenv from 'd"
},
{
"path": "src/utils/emasser/init_connection.ts",
"chars": 3498,
"preview": "import fs from 'fs';\nimport https from 'https';\nimport { Configuration } from '@mitre/emass_client/dist/configuration';\n"
},
{
"path": "src/utils/emasser/output_error.ts",
"chars": 1390,
"preview": "import _ from 'lodash';\n\n/**\n * Generates a formatted error message from the provided data object.\n *\n * @param data - T"
},
{
"path": "src/utils/emasser/output_formatter.ts",
"chars": 9950,
"preview": "import _ from 'lodash';\nimport { ApiConfig } from './api_config';\n\n/**\n * Removes all properties with null values from t"
},
{
"path": "src/utils/emasser/utilities.ts",
"chars": 78370,
"preview": "import fs from 'fs';\nimport path from 'path';\nimport { Flags } from '@oclif/core';\nimport type { BooleanFlag, OptionFlag"
},
{
"path": "src/utils/global.ts",
"chars": 21720,
"preview": "import { execFileSync } from 'node:child_process';\nimport fs from 'node:fs';\nimport path from 'node:path';\nimport { fing"
},
{
"path": "src/utils/logging.ts",
"chars": 5758,
"preview": "import { contextualizeEvaluation, type ContextualizedControl, type ExecJSON } from 'inspecjs';\nimport _ from 'lodash';\ni"
},
{
"path": "src/utils/oclif/base_command.ts",
"chars": 2653,
"preview": "import type { Interfaces } from '@oclif/core';\nimport { Command, Flags } from '@oclif/core';\n\nexport type CommandFlags<T"
},
{
"path": "src/utils/oclif/help/help.ts",
"chars": 3667,
"preview": "import { format } from 'util';\nimport { type Command, Help } from '@oclif/core';\nimport _ from 'lodash';\n\n/*\n Override "
},
{
"path": "src/utils/oclif/hooks/command_not_found.ts",
"chars": 1023,
"preview": "import type { Hook } from '@oclif/core';\n\n/**\n * Hook that is triggered when an \"oclif\" command is not found.\n *\n * @par"
},
{
"path": "src/utils/ohdf/calculations.ts",
"chars": 5376,
"preview": "import type { ContextualizedEvaluation, ContextualizedProfile } from 'inspecjs';\nimport _ from 'lodash';\nimport { create"
},
{
"path": "src/utils/ohdf/data_loader.ts",
"chars": 862,
"preview": "import fs from 'fs';\nimport { convertFileContextual, type ContextualizedEvaluation } from 'inspecjs';\nimport { createWin"
},
{
"path": "src/utils/ohdf/output_generator.ts",
"chars": 11467,
"preview": "import fs from 'fs';\nimport type { ContextualizedEvaluation } from 'inspecjs';\nimport _ from 'lodash';\nimport { getMarkd"
},
{
"path": "src/utils/ohdf/types.ts",
"chars": 3310,
"preview": "/**\n * Represents a summary that can be printed to the console or written to a file.\n * @property {string} profileName -"
},
{
"path": "src/utils/threshold.ts",
"chars": 13211,
"preview": "import type { ContextualizedControl, ContextualizedProfile, ControlStatus, ExecJSON, Severity } from 'inspecjs';\nimport "
},
{
"path": "src/utils/xccdf2inspec.ts",
"chars": 4472,
"preview": "import { XMLParser } from 'fast-xml-parser';\nimport type { InSpecControl } from '../types/inspec';\n\n// Breaks lines down"
},
{
"path": "test/commands/attest/apply.test.ts",
"chars": 3935,
"preview": "import { runCommand } from '@oclif/test';\nimport fs from 'fs';\nimport path from 'path';\nimport tmp from 'tmp';\nimport { "
},
{
"path": "test/commands/convert/anchoregrype2hdf.test.ts",
"chars": 4760,
"preview": "import { runCommand } from '@oclif/test';\nimport fs from 'fs';\nimport path from 'path';\nimport tmp from 'tmp';\nimport { "
},
{
"path": "test/commands/convert/burpsuite2hdf.test.ts",
"chars": 2317,
"preview": "import { runCommand } from '@oclif/test';\nimport fs from 'fs';\nimport path from 'path';\nimport tmp from 'tmp';\nimport { "
},
{
"path": "test/commands/convert/checkov2hdf.test.ts",
"chars": 3749,
"preview": "import { runCommand } from '@oclif/test';\nimport fs from 'fs';\nimport path from 'path';\nimport tmp from 'tmp';\nimport { "
},
{
"path": "test/commands/convert/ckl2hdf.test.ts",
"chars": 4017,
"preview": "import { runCommand } from '@oclif/test';\nimport fs from 'fs';\nimport path from 'path';\nimport tmp from 'tmp';\nimport { "
},
{
"path": "test/commands/convert/ckl2poam.test.ts",
"chars": 1414,
"preview": "import { runCommand } from '@oclif/test';\nimport { readdir, stat } from 'fs/promises';\nimport path from 'path';\nimport t"
},
{
"path": "test/commands/convert/cyclonedx_sbom2hdf.test.ts",
"chars": 9378,
"preview": "import { runCommand } from '@oclif/test';\nimport fs from 'fs';\nimport path from 'path';\nimport tmp from 'tmp';\nimport { "
},
{
"path": "test/commands/convert/dbprotect2hdf.spec.ts",
"chars": 2951,
"preview": "import { runCommand } from '@oclif/test';\nimport fs from 'fs';\nimport path from 'path';\nimport tmp from 'tmp';\nimport { "
},
{
"path": "test/commands/convert/dependency_track2hdf.test.ts",
"chars": 5005,
"preview": "import { runCommand } from '@oclif/test';\nimport fs from 'fs';\nimport path from 'path';\nimport tmp from 'tmp';\nimport { "
},
{
"path": "test/commands/convert/fortify2hdf.test.ts",
"chars": 1580,
"preview": "import { runCommand } from '@oclif/test';\nimport fs from 'fs';\nimport path from 'path';\nimport tmp from 'tmp';\nimport { "
},
{
"path": "test/commands/convert/gosec2hdf.test.ts",
"chars": 4150,
"preview": "import { runCommand } from '@oclif/test';\nimport fs from 'fs';\nimport path from 'path';\nimport tmp from 'tmp';\nimport { "
},
{
"path": "test/commands/convert/hdf2caat.test.ts",
"chars": 1593,
"preview": "import { runCommand } from '@oclif/test';\nimport * as XLSX from '@e965/xlsx';\nimport fs from 'fs';\nimport path from 'pat"
},
{
"path": "test/commands/convert/hdf2ckl.test.ts",
"chars": 5120,
"preview": "import { runCommand } from '@oclif/test';\nimport fs from 'fs';\nimport path from 'path';\nimport tmp from 'tmp';\nimport { "
}
]
// ... and 435 more files (download for full content)
About this extraction
This page contains the full source code of the mitre/saf GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 635 files (418.7 MB), approximately 27.4M tokens, and a symbol index with 609 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.