{"id":50310865,"url":"https://github.com/djadmin/fort","last_synced_at":"2026-06-11T17:00:43.362Z","repository":{"id":360659876,"uuid":"1245511471","full_name":"djadmin/fort","owner":"djadmin","description":"macOS CLI: endpoint security audit + SOC 2 readiness reports","archived":false,"fork":false,"pushed_at":"2026-06-03T13:07:44.000Z","size":900,"stargazers_count":9,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-04T04:30:15.996Z","etag":null,"topics":["cli","compliance","devops","endpoint-security","golang","hardening","iso27001","macos","security","soc2"],"latest_commit_sha":null,"homepage":"https://djadmin.github.io/fort","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/djadmin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-21T09:37:46.000Z","updated_at":"2026-06-03T13:08:40.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/djadmin/fort","commit_stats":null,"previous_names":["djadmin/fort"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/djadmin/fort","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/djadmin%2Ffort","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/djadmin%2Ffort/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/djadmin%2Ffort/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/djadmin%2Ffort/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/djadmin","download_url":"https://codeload.github.com/djadmin/fort/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/djadmin%2Ffort/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34208761,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-11T02:00:06.485Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","compliance","devops","endpoint-security","golang","hardening","iso27001","macos","security","soc2"],"created_at":"2026-05-28T21:00:27.094Z","updated_at":"2026-06-11T17:00:43.356Z","avatar_url":"https://github.com/djadmin.png","language":"Go","funding_links":[],"categories":["Security","macOS Security"],"sub_categories":["HTTP Clients"],"readme":"# fort\n\n**Know your Mac's security posture, fix the gaps, and keep it locked down. One command.**\n\n[![CI](https://github.com/djadmin/fort/actions/workflows/ci.yml/badge.svg)](https://github.com/djadmin/fort/actions)\n[![Release](https://img.shields.io/github/v/release/djadmin/fort?label=latest)](https://github.com/djadmin/fort/releases)\n[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)\n[![macOS 12+](https://img.shields.io/badge/macOS-12%2B-lightgrey)](https://github.com/djadmin/fort)\n\n`fort` runs 15+ security checks on your Mac, fixes what it safely can, and writes an auditor-ready report. No agent, no signup, no MDM enrollment. Just a single binary.\n\nGood for anyone who wants to harden their Mac. Essential for teams preparing for SOC 2 or ISO 27001.\n\n**[djadmin.github.io/fort](https://djadmin.github.io/fort)**\n\n\u003cimg src=\"docs/fort-cli.png\" width=\"49%\" alt=\"fort runs a full security audit and shows where you stand\"\u003e \u003cimg src=\"docs/fort-fix-cli.png\" width=\"49%\" alt=\"fort --fix reviews each change before applying it\"\u003e\n\n`fort` audits every control and shows where you stand. `fort --fix` reviews each change, then applies, after you confirm.\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003eWatch a full run\u003c/b\u003e\u003c/summary\u003e\u003cbr\u003e\n\u003cimg src=\"docs/fort-demo.gif\" width=\"760\" alt=\"fort auditing a Mac in one command\"\u003e\n\u003c/details\u003e\n\n## Install\n\n**Homebrew** _(recommended)_\n```bash\nbrew install djadmin/tap/fort\n```\n\n**Direct download (macOS, Apple Silicon + Intel)**\n```bash\ncurl -fsSL https://github.com/djadmin/fort/releases/latest/download/fort_darwin_all.tar.gz | tar xz \u0026\u0026 sudo mv fort /usr/local/bin/\n```\n\n**Go**\n```bash\ngo install github.com/djadmin/fort/cmd/fort@latest\n```\n\n**Build from source**\n```bash\ngit clone https://github.com/djadmin/fort.git\ncd fort \u0026\u0026 make install\n```\n\n**Update**\n```bash\nbrew upgrade djadmin/tap/fort\n```\n\n## Usage\n\n```bash\nfort                          # audit your Mac\nfort --dry-run                # preview what --fix would change; nothing is applied\nfort --fix                    # audit, show confirmation prompt, apply selected fixes\nfort --fix --yes              # skip prompt; for scripts, MDM push, or cron\nfort --json                   # structured JSON output for automation\nfort --report                 # write fort-report-YYYY-MM-DD.html (print to PDF)\nfort --only filevault,firewall  # run only the specified checks (comma-separated IDs)\n```\n\nExit codes: `0` all pass · `1` any fail · `2` any warn\n\n## Safe by design\n\n- **The audit makes no network calls.** `fort` reads local system state and exits. Nothing is uploaded, no account, no telemetry.\n- **No black box.** Every check prints the exact command it ran and its raw output, in the terminal, the JSON, and the HTML report. Verify it instead of trusting it.\n- **`--fix` always asks first.** It shows each change and prompts `[y/N]` before applying. Use `--dry-run` to preview without touching anything, or `--yes` to skip the prompt when you mean to (automation, cron, MDM).\n- **One MIT-licensed Go binary.** No agent, no background process, nothing installed system-wide. Read the source.\n\n## What it checks\n\n15+ macOS checks across five groups, each mapped to SOC 2, ISO 27001, NIST CSF, and CIS v8:\n\n| Group | Checks |\n|-------|--------|\n| Core security | password manager, FileVault, screen lock, antivirus / EDR |\n| System hardening | firewall, Gatekeeper, SIP, SSH |\n| Access controls | local admin rights, guest account, automatic login, Touch ID for sudo |\n| Exposure reduction | sharing services, AirDrop |\n| Patching | automatic OS updates, OS patch status |\n\nThe exact set grows over time. Run `fort` to see every check on your machine, and the [changelog](CHANGELOG.md) for what's new.\n\n## JSON output\n\n```json\n{\n  \"tool\": \"fort\", \"version\": \"0.3.0\", \"hostname\": \"alice-mbp\",\n  \"os_version\": \"15.5\", \"timestamp\": \"2026-06-09T10:00:00Z\",\n  \"summary\": { \"total\": 16, \"pass\": 12, \"fail\": 2, \"warn\": 2, \"score\": \"12/16\" },\n  \"policies\": [{ \"id\": \"filevault\", \"status\": \"pass\", \"current\": \"on\",\n    \"evidence\": \"$ fdesetup status\\nFileVault is On.\",\n    \"frameworks\": { \"SOC 2\": [\"CC6.1\", \"CC6.7\"], \"ISO 27001\": [\"A.8.3\"] } }]\n}\n```\n\n`fort --report` writes a self-contained HTML evidence report: machine identity, serial number, OS version, timestamp, per-check results with the exact commands run and their verbatim output, and framework control references. Opens locally or prints to PDF. See a [sample report](https://djadmin.github.io/fort/sample-report.html).\n\n## Contributing\n\nPRs welcome. To add a check:\n\n1. Create `internal/checks/yourcheck_darwin.go` and implement the `Check` interface\n2. Register in `internal/checks/registry_darwin.go`\n3. Add framework mappings in `internal/checks/frameworks.go`\n4. Run `go test ./...`; existing tests enforce interface contracts\n\n## Support\n\nIf fort saves you time, please **[star it on GitHub](https://github.com/djadmin/fort)**. It is the easiest way to support the project and helps other people find it.\n\n## License\n\n[MIT](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdjadmin%2Ffort","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdjadmin%2Ffort","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdjadmin%2Ffort/lists"}