{"id":13717562,"url":"https://github.com/mitre/saf","last_synced_at":"2025-05-15T20:03:44.878Z","repository":{"id":37051290,"uuid":"433123706","full_name":"mitre/saf","owner":"mitre","description":"The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines","archived":false,"fork":false,"pushed_at":"2025-05-14T00:35:55.000Z","size":71478,"stargazers_count":150,"open_issues_count":122,"forks_count":40,"subscribers_count":20,"default_branch":"main","last_synced_at":"2025-05-14T02:30:48.852Z","etag":null,"topics":["compliance","devsecops","json","mitre","mitre-corporation","mitre-saf","security","security-automation","security-automation-framework"],"latest_commit_sha":null,"homepage":"https://saf-cli.mitre.org","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mitre.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-11-29T16:50:20.000Z","updated_at":"2025-05-14T00:35:52.000Z","dependencies_parsed_at":"2023-09-26T07:00:43.010Z","dependency_job_id":"e6d97fc4-4381-4e61-80a6-fb8f40328f3b","html_url":"https://github.com/mitre/saf","commit_stats":{"total_commits":937,"total_committers":26,"mean_commits":36.03846153846154,"dds":0.5453575240128068,"last_synced_commit":"d099460c7b2c20255a320f9c27161e27be6785e9"},"previous_names":[],"tags_count":100,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mitre%2Fsaf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mitre%2Fsaf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mitre%2Fsaf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mitre%2Fsaf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mitre","download_url":"https://codeload.github.com/mitre/saf/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254101549,"owners_count":22014902,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["compliance","devsecops","json","mitre","mitre-corporation","mitre-saf","security","security-automation","security-automation-framework"],"created_at":"2024-08-03T00:01:24.092Z","updated_at":"2025-05-15T20:03:42.569Z","avatar_url":"https://github.com/mitre.png","language":"TypeScript","funding_links":[],"categories":["Dependency intelligence","security"],"sub_categories":["Vulnerability information exchange"],"readme":"# Security Automation Framework CLI\n\nThe MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines\n\nThe SAF CLI is the successor to [Heimdall Tools](https://github.com/mitre/heimdall_tools) and [InSpec Tools](https://github.com/mitre/inspec_tools).\n\n## Terminology\n\n- [\"Heimdall\"](https://github.com/mitre/heimdall2) - A visualizer for all security result data\n- [\"OASIS Heimdall Data Format (OHDF) - aka HDF\"](https://saf.mitre.org/#/normalize) - A common data format to preserve and transform security data\n\n\u003e[!NOTE]\n\u003e All mention of HDF in this document refers to the OHDF.\n\n## Installation\n\n * [Via NPM](#installation-via-npm)\n * [Update via NPM](#update-via-npm)\n * [Via Brew](#installation-via-brew)\n * [Update via Brew](#update-via-brew)\n * [Via Docker](#installation-via-docker)\n * [Update via Docker](#update-via-docker)\n * [Via Windows Installer](#installation-via-windows-installer)\n * [Update via Windows Installer](#update-via-windows-installer)\n\n## Developers \nFor detailed information about development, testing , and contributing to the SAF project refer to [MITRE SAF Development](https://github.com/mitre/saf/blob/main/docs/contributors-guide.md)\n\n## Usage\n\n### Attest HDF Data\n\n * [Attest](#attest)\n * [Create Attestations](#create-attestations)\n * [Apply Attestations](#apply-attestations)\n\n### [Get Help with Convert Command](#convert-command)\n\n### Convert HDF to Other Formats\n\n * [Convert From HDF](#convert-from-hdf)\n * [HDF to ASFF](#hdf-to-asff)\n * [HDF to Splunk](#hdf-to-splunk)\n * [HDF to XCCDF Results](#hdf-to-xccdf-results)\n * [HDF to Checklist](#hdf-to-checklist)\n * [HDF to CSV](#hdf-to-csv)\n * [HDF to Condensed JSON](#hdf-to-condensed-json)\n\n### Convert Other Formats to HDF\n\n * [Convert To HDF](#convert-to-hdf)\n * [Anchore Grype to HDF](#anchore-grype-to-hdf)\n * [ASFF to HDF](#asff-to-hdf)\n * [AWS Config to HDF](#aws-config-to-hdf)\n * [Burp Suite to HDF](#burp-suite-to-hdf)\n * [CKL to POA\u0026amp;M](#ckl-to-poam)\n * [CycloneDX SBOM to HDF](#cyclonedx-sbom-to-hdf)\n * [DBProtect to HDF](#dbprotect-to-hdf)\n * [Dependency-Track to HDF](#dependency-track-to-hdf)\n * [Fortify to HDF](#fortify-to-hdf)\n * [gosec to HDF](#gosec-to-hdf)\n * [Ion Channel 2 HDF](#ion-channel-2-hdf)\n * [JFrog Xray to HDF](#jfrog-xray-to-hdf)\n * [Tenable Nessus to HDF](#tenable-nessus-to-hdf)\n * [Microsoft Secure Score to HDF](#msft_secure-to-hdf)\n * [Netsparker to HDF](#netsparker-to-hdf)\n * [NeuVector to HDF](#neuvector-to-hdf)\n * [Nikto to HDF](#nikto-to-hdf)\n * [Prisma to HDF](#prisma-to-hdf)\n * [Prowler to HDF](#prowler-to-hdf)\n * [Sarif to HDF](#sarif-to-hdf)\n * [Scoutsuite to HDF](#scoutsuite-to-hdf)\n * [Snyk to HDF](#snyk-to-hdf)\n * [SonarQube to HDF](#sonarqube-to-hdf)\n * [Splunk to HDF](#splunk-to-hdf)\n * [Trivy to HDF](#trivy-to-hdf)\n * [Trufflehog to HDF](#trufflehog-to-hdf)\n * [Twistlock to HDF](#twistlock-to-hdf)\n * [Veracode to HDF](#veracode-to-hdf)\n * [XCCDF Results to HDF](#xccdf-results-to-hdf)\n * [OWASP ZAP to HDF](#owasp-zap-to-hdf)\n\n### eMASSer Client\n\n * [eMASSer API CLI](#emasser-api-cli)\n\n### View HDF Summaries and Data\n\n * [View](#view)\n * [Heimdall](#heimdall)\n * [Summary](#summary)\n\n### Validate HDF Thresholds\n\n * [Validate](#validate)\n * [Thresholds](#thresholds)\n\n### Generate Data Reports and More\n\n * [Generate](#generate)\n * [Delta](#delta)\n * [Delta Supporting Commands](#delta-supporting-options) \n * [CKL Templates](#ckl-templates)\n * [InSpec Metadata](#inspec-metadata)\n * [Inspec Profile](#inspec-profile)\n * [Thresholds](#thresholds-1)\n * [Spreadsheet (csv/xlsx) to InSpec](#spreadsheet-csvxlsx-to-inspec)\n * [DoD Stub vs CIS Stub Formatting](#dod-stub-vs-cis-stub-formatting)\n * [Mapping Files](#mapping-files)\n\n### Enhance and Supplement HDF Data\n\n * [Supplement](#supplement)\n * [Passthrough](#passthrough)\n * [Read](#read)\n * [Write](#write)\n * [Target](#target)\n * [Read](#read-1)\n * [Write](#write-1)\n\n### License and Authors\n\n* [License and Author](#license-and-author)\n\n---\n\n## Installation\n\n___\n\n### Installation via NPM\n\nThe SAF CLI can be installed and kept up to date using `npm`, which is included with most versions of [NodeJS](https://nodejs.org/en/).\n\n```bash\nnpm install -g @mitre/saf\n```\n\n\n#### Update via NPM\n\nTo update the SAF CLI with `npm`:\n\n```bash\nnpm update -g @mitre/saf\n```\n[top](#installation)\n\n---\n\n### Installation via Brew\n\nThe SAF CLI can be installed and kept up to date using `brew`.\n\n```\nbrew install mitre/saf/saf-cli\n```\n\n\n#### Update via Brew\n\nTo update the SAF CLI with `brew`:\n\n```\nbrew upgrade mitre/saf/saf-cli\n```\n[top](#installation)\n\n---\n\n### Installation via Docker\n\n**On Linux and Mac:**\n\nThe docker command below can be used to run the SAF CLI one time, where `arguments` contains the command and flags you want to run. For ex: `--version` or `view summary -i hdf-results.json`.\n```\ndocker run -it -v$(pwd):/share mitre/saf \u003carguments\u003e\n```\n\nTo run the SAF CLI with a persistent shell for one or more commands, use the following, then run each full command. For ex: `saf --version` or `saf view summary -i hdf-results.json`. You can change the entrypoint you wish to use. For example, run with `--entrypoint sh` to open in a shell terminal. If the specified entrypoint is not found, try using the path such as `--entrypoint /bin/bash`.\n\n```\ndocker run --rm -it --entrypoint bash -v$(pwd):/share mitre/saf\n```\n\n**On Windows:**\n\nThe docker command below can be used to run the SAF CLI one time, where `arguments` contains the command and flags you want to run. For ex: `--version` or `view summary -i hdf-results.json`.\n\n```\ndocker run -it -v%cd%:/share mitre/saf \u003carguments\u003e\n```\n\nTo run the SAF CLI with a persistent shell for one or more commands, use the following, then run each full command. For ex: `saf --version` or `saf view summary -i hdf-results.json`. You can change the entrypoint you wish to use. For example, run with `--entrypoint sh` to open in a shell terminal. If the specified entrypoint is not found, try using the path such as `--entrypoint /bin/bash`.\n\n```\ndocker run --rm -it --entrypoint sh -v%cd%:/share mitre/saf\n```\n\n**NOTE:**\n\nRemember to use Docker CLI flags as necessary to run the various subcommands.\n\nFor example, to run the `emasser configure` subcommand, you need to pass in a volume that contains your certificates and where you can store the resultant .env. Furthermore, you need to pass in flags for enabling the pseudo-TTY and interactivity.\n\n```\ndocker run -it -v \"$(pwd)\":/share mitre/saf emasser configure\n```\n\nOther commands might not require the `-i` or `-t` flags and instead only need a bind-mounted volume, such as a file based `convert`.\n\n```\ndocker run --rm -v \"$(pwd)\":/share mitre/saf convert -i test/sample_data/trivy/sample_input_report/trivy-image_golang-1.12-alpine_sample.json -o test.json\n```\n\nOther flags exist to open up network ports or pass through environment variables so make sure to use whichever ones are required to successfully run a command.\n\n\n#### Update via Docker\n\nTo update the SAF CLI with `docker`:\n\n```bash\ndocker pull mitre/saf:latest\n```\n[top](#installation)\n\n---\n\n### Installation via Windows Installer\n\nTo install the latest release of the SAF CLI on Windows, download and run the most recent installer for your system architecture from the [Releases](https://github.com/mitre/saf/releases) 🌬️ page.\n\n#### Update via Windows Installer\n\nTo update the SAF CLI on Windows, uninstall any existing version from your system and then download and run the most recent installer for your system architecture from the [Releases](https://github.com/mitre/saf/releases) 🌬️ page.\n\n[top](#installation)\n## Usage\n---\n\n### Attest\n\nAttest to 'Not Reviewed' controls: sometimes requirements can’t be tested automatically by security tools and hence require manual review, whereby someone interviews people and/or examines a system to confirm (i.e., attest as to) whether the control requirements have been satisfied.\n\n#### Create Attestations\n```\nattest create Create attestation files for use with `saf attest apply`\n\nUSAGE\n $ saf attest create -o \u003cattestation-file\u003e [-i \u003chdf-json\u003e -t \u003cjson | xlsx | yml | yaml\u003e]\n\nFLAGS\n -i, --input=\u003cvalue\u003e (optional) An input HDF file to search for controls\n -o, --output=\u003cvalue\u003e (required) The output filename\n -t, --format=\u003coption\u003e [default: json] (optional) The output file type\n \u003coptions: json|xlsx|yml|yaml\u003e\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\nEXAMPLES\n $ saf attest create -o attestation.json -i hdf.json\n\n $ saf attest create -o attestation.xlsx -t xlsx\n```\n[top](#usage)\n#### Apply Attestations\n```\nattest apply Apply one or more attestation files to one or more HDF results sets\n\nUSAGE\n $ saf attest apply -i \u003cinput-hdf-json\u003e... \u003cattestation\u003e... -o \u003coutput-hdf-path\u003e\n\nFLAGS\n -i, --input=\u003cvalue\u003e... (required) Your input HDF and Attestation file(s)\n -o, --output=\u003cvalue\u003e (required) Output file or folder (for multiple executions)\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\nEXAMPLES\n $ saf attest apply -i hdf.json attestation.json -o new-hdf.json\n\n $ saf attest apply -i hdf1.json hdf2.json attestation.xlsx -o outputDir\n```\n[top](#usage)\n### Convert Command\n\nTranslating your data to and from Heimdall Data Format (HDF) is done using the `saf convert` command.\n\nWant to Recommend or Help Develop a Converter? See [how to get started](https://github.com/mitre/saf/wiki/How-to-recommend-development-of-a-mapper) πŸ“°\n\n[top](#get-help-with-convert-command)\n### Convert From HDF\n\n[top](#convert-other-formats-to-hdf)\n#### Anchore Grype to HDF\n```\nconvert anchoregrype2hdf Translate a Anchore Grype output file into an HDF results set\n\n USAGE\n $ saf convert anchoregrype2hdf -i \u003canchoregrype-json\u003e -o \u003chdf-scan-results-json\u003e [-h] [-w]\n\n FLAGS\n -i, --input=\u003canchoregrype-json\u003e (required) Input Anchore Grype file\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n -w, --includeRaw Include raw data from the input Anchore Grype file\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf convert anchoregrype2hdf -i anchoregrype.json -o output-hdf-name.json\n```\n[top](#convert-hdf-to-other-formats)\n#### HDF to ASFF\n\n***Note:*** Uploading findings into AWS Security hub requires configuration of the AWS CLI, see πŸ‘‰ [the AWS documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html) or configuration of environment variables via Docker.\n\n```\nconvert hdf2asff Translate a Heimdall Data Format JSON file into\n AWS Security Findings Format JSON file(s) and/or\n upload to AWS Security Hub\n USAGE\n $ saf convert hdf2asff -a \u003caccount-id\u003e -r \u003cregion\u003e -i \u003chdf-scan-results-json\u003e -t \u003ctarget\u003e [-h] [-R] (-u [-I -C \u003ccertificate\u003e] | [-o \u003casff-output-folder\u003e])\n\n FLAGS\n -C, --certificate=\u003ccertificate\u003e Trusted signing certificate file\n -I, --insecure Disable SSL verification, this is insecure.\n -R, --specifyRegionAttribute Manually specify the top-level `Region` attribute - SecurityHub\n populates this attribute automatically and prohibits one from\n updating it using `BatchImportFindings` or `BatchUpdateFindings`\n -i, --input=\u003chdf-scan-results-json\u003e (required) Input HDF JSON File\n -o, --output=\u003casff-output-folder\u003e Output ASFF JSON Folder\n -r, --region=\u003cregion\u003e (required) SecurityHub Region\n -t, --target=\u003ctarget\u003e (required) Unique name for target to track findings across time\n -u, --upload Upload findings to AWS Security Hub\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n Send output to local file system\n $ saf convert hdf2asff -i rhel7-scan_02032022A.json -a 123456789 -r us-east-1 -t rhel7_example_host -o rhel7.asff\n Upload findings to AWS Security Hub\n $ saf convert hdf2asff -i rds_mysql_i123456789scan_03042022A.json -a 987654321 -r us-west-1 -t Instance_i123456789 -u\n Upload findings to AWS Security Hub and Send output to local file system\n $ saf convert hdf2asff -i snyk_acme_project5_hdf_04052022A.json -a 2143658798 -r us-east-1 -t acme_project5 -o snyk_acme_project5 -u\n```\n[top](#convert-hdf-to-other-formats)\n#### HDF to Splunk\n\n**Notice**: HDF to Splunk requires configuration on the Splunk server. See πŸ‘‰ [Splunk Configuration](https://github.com/mitre/saf/wiki/Splunk-Configuration).\n\n```\nconvert hdf2splunk Translate and upload a Heimdall Data Format JSON file into a Splunk server\n\n USAGE\n $ saf convert hdf2splunk -i \u003chdf-scan-results-json\u003e -H \u003chost\u003e -I \u003cindex\u003e [-h] [-P \u003cport\u003e] [-s http|https] [-u \u003cusername\u003e | -t \u003ctoken\u003e] [-p \u003cpassword\u003e] [-L info|warn|debug|verbose]\n\n FLAGS\n -H, --host=\u003chost\u003e (required) Splunk Hostname or IP\n -I, --index=\u003cindex\u003e (required) Splunk index to import HDF data into\n -P, --port=\u003cport\u003e [default: 8089] Splunk management port (also known as the Universal Forwarder port)\n -i, --input=\u003chdf-scan-results-json\u003e (required) Input HDF file\n -p, --password=\u003cpassword\u003e Your Splunk password\n -s, --scheme=\u003coption\u003e [default: https] HTTP Scheme used for communication with splunk\n \u003coptions: http|https\u003e\n -t, --token=\u003ctoken\u003e Your Splunk API Token\n -u, --username=\u003cusername\u003e Your Splunk username\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n User name/password Authentication\n $ saf convert hdf2splunk -i rhel7-results.json -H 127.0.0.1 -u admin -p Valid_password! -I hdf\n Token Authentication\n $ saf convert hdf2splunk -i rhel7-results.json -H 127.0.0.1 -t your.splunk.token -I hdf\n```\n\nFor HDF Splunk Schema documentation visit πŸ‘‰ [Heimdall converter schemas](https://github.com/mitre/heimdall2/blob/master/libs/hdf-converters/src/converters-from-hdf/splunk/Schemas.md#schemas)\n\n**Previewing HDF Data Within Splunk:**\n\nAn example of a full raw search query:\n```sql\nindex=\"\u003c\u003cYOUR INDEX\u003e\u003e\" meta.subtype=control | stats values(meta.filename) values(meta.filetype) list(meta.profile_sha256) values(meta.hdf_splunk_schema) first(meta.status) list(meta.status) list(meta.is_baseline) values(title) last(code) list(code) values(desc) values(descriptions.*) values(id) values(impact) list(refs{}.*) list(results{}.*) list(source_location{}.*) values(tags.*) by meta.guid id\n| join meta.guid\n [search index=\"\u003c\u003cYOUR INDEX\u003e\u003e\" meta.subtype=header | stats values(meta.filename) values(meta.filetype) values(meta.hdf_splunk_schema) list(statistics.duration) list(platform.*) list(version) by meta.guid]\n| join meta.guid\n [search index=\"\u003c\u003cYOUR INDEX\u003e\u003e\" meta.subtype=profile | stats values(meta.filename) values(meta.filetype) values(meta.hdf_splunk_schema) list(meta.profile_sha256) list(meta.is_baseline) last(summary) list(summary) list(sha256) list(supports{}.*) last(name) list(name) list(copyright) list(maintainer) list(copyright_email) last(version) list(version) list(license) list(title) list(parent_profile) list(depends{}.*) list(controls{}.*) list(attributes{}.*) list(status) by meta.guid]\n\n```\nAn example of a formatted table search query:\n```sql\nindex=\"\u003c\u003cYOUR INDEX\u003e\u003e\" meta.subtype=control | stats values(meta.filename) values(meta.filetype) list(meta.profile_sha256) values(meta.hdf_splunk_schema) first(meta.status) list(meta.status) list(meta.is_baseline) values(title) last(code) list(code) values(desc) values(descriptions.*) values(id) values(impact) list(refs{}.*) list(results{}.*) list(source_location{}.*) values(tags.*) by meta.guid id\n| join meta.guid\n [search index=\"\u003c\u003cYOUR INDEX\u003e\u003e\" meta.subtype=header | stats values(meta.filename) values(meta.filetype) values(meta.hdf_splunk_schema) list(statistics.duration) list(platform.*) list(version) by meta.guid]\n| join meta.guid\n [search index=\"\u003c\u003cYOUR INDEX\u003e\u003e\" meta.subtype=profile | stats values(meta.filename) values(meta.filetype) values(meta.hdf_splunk_schema) list(meta.profile_sha256) list(meta.is_baseline) last(summary) list(summary) list(sha256) list(supports{}.*) last(name) list(name) list(copyright) list(maintainer) list(copyright_email) last(version) list(version) list(license) list(title) list(parent_profile) list(depends{}.*) list(controls{}.*) list(attributes{}.*) list(status) by meta.guid]\n| rename values(meta.filename) AS \"Results Set\", values(meta.filetype) AS \"Scan Type\", list(statistics.duration) AS \"Scan Duration\", first(meta.status) AS \"Control Status\", list(results{}.status) AS \"Test(s) Status\", id AS \"ID\", values(title) AS \"Title\", values(desc) AS \"Description\", values(impact) AS \"Impact\", last(code) AS Code, values(descriptions.check) AS \"Check\", values(descriptions.fix) AS \"Fix\", values(tags.cci{}) AS \"CCI IDs\", list(results{}.code_desc) AS \"Results Description\", list(results{}.skip_message) AS \"Results Skip Message (if applicable)\", values(tags.nist{}) AS \"NIST SP 800-53 Controls\", last(name) AS \"Scan (Profile) Name\", last(summary) AS \"Scan (Profile) Summary\", last(version) AS \"Scan (Profile) Version\"\n| table meta.guid \"Results Set\" \"Scan Type\" \"Scan (Profile) Name\" ID \"NIST SP 800-53 Controls\" Title \"Control Status\" \"Test(s) Status\" \"Results Description\" \"Results Skip Message (if applicable)\" Description Impact Severity Check Fix \"CCI IDs\" Code \"Scan Duration\" \"Scan (Profile) Summary\" \"Scan (Profile) Version\"\n```\n[top](#convert-hdf-to-other-formats)\n#### HDF to XCCDF Results\n```\nconvert hdf2xccdf Translate an HDF file into an XCCDF XML\n\n USAGE\n $ saf convert hdf2xccdf -i \u003chdf-scan-results-json\u003e -o \u003coutput-xccdf-xml\u003e [-h]\n\n FLAGS\n -i, --input=\u003chdf-scan-results-json\u003e (required) Input HDF file\n -o, --output=\u003coutput-xccdf-xml\u003e (required) Output XCCDF XML File\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf convert hdf2xccdf -i hdf_input.json -o xccdf-results.xml\n```\n[top](#convert-hdf-to-other-formats)\n#### HDF to Checklist\n```\nconvert hdf2ckl Translate a Heimdall Data Format JSON file into a\n DISA checklist file\n\n USAGE\n $ saf convert hdf2ckl -i \u003chdf-scan-results-json\u003e -o \u003coutput-ckl\u003e [-h] [-m \u003cmetadata\u003e] [--profilename \u003cvalue\u003e] [--profiletitle \u003cvalue\u003e] [--version \u003cvalue\u003e] [--releasenumber \u003cvalue\u003e] [--releasedate \u003cvalue\u003e] [--marking \u003cvalue\u003e] [-H \u003cvalue\u003e] [-I \u003cvalue\u003e] [-M \u003cvalue\u003e] [-F \u003cvalue\u003e] [--targetcomment \u003cvalue\u003e] [--role Domain Controller|Member Server|None|Workstation] [--assettype Computing|Non-Computing] [--techarea |Application Review|Boundary Security|CDS Admin Review|CDS Technical Review|Database Review|Domain Name System (DNS)|Exchange Server|Host Based System Security (HBSS)|Internal Network|Mobility|Other Review|Releasable Networks (REL)|Releaseable Networks (REL)|Traditional Security|UNIX OS|VVOIP Review|Web Review|Windows OS] [--stigguid \u003cvalue\u003e] [--targetkey \u003cvalue\u003e] [--webdbsite \u003cvalue\u003e --webordatabase] [--webdbinstance \u003cvalue\u003e ] [--vulidmapping gid|id]\n\n FLAGS\n -h, --help Show CLI help.\n -i, --input=\u003cvalue\u003e (required) Input HDF file\n -o, --output=\u003cvalue\u003e (required) Output CKL file\n\n CHECKLIST METADATA FLAGS\n -F, --fqdn=\u003cvalue\u003e Fully Qualified Domain Name\n -H, --hostname=\u003cvalue\u003e The name assigned to the asset within the network\n -I, --ip=\u003cvalue\u003e IP address\n -M, --mac=\u003cvalue\u003e MAC address\n -m, --metadata=\u003cvalue\u003e Metadata JSON file, generate one with \"saf generate ckl_metadata\"\n --assettype=\u003coption\u003e The category or classification of the asset\n \u003coptions: Computing|Non-Computing\u003e\n --marking=\u003cvalue\u003e A security classification or designation of the asset, indicating its sensitivity level\n --profilename=\u003cvalue\u003e Profile name\n --profiletitle=\u003cvalue\u003e Profile title\n --releasedate=\u003cvalue\u003e Profile release date\n --releasenumber=\u003cvalue\u003e Profile release number\n --role=\u003coption\u003e The primary function or role of the asset within the network or organization\n \u003coptions: Domain Controller|Member Server|None|Workstation\u003e\n --stigguid=\u003cvalue\u003e A unique identifier associated with the STIG for the asset\n --targetcomment=\u003cvalue\u003e Additional comments or notes about the asset\n --targetkey=\u003cvalue\u003e A unique key or identifier for the asset within the checklist or inventory system\n --techarea=\u003coption\u003e The technical area or domain to which the asset belongs\n \u003coptions: |Application Review|Boundary Security|CDS Admin Review|CDS Technical Review|Database Review|Domain Name System (DNS)|Exchange Server|Host Based System Security (HBSS)|Internal Network|Mobility|Other Review|Releasable Networks (REL)|Releaseable Networks (REL)|Traditional Security|UNIX OS|VVOIP Review|Web Review|Windows OS\u003e\n --version=\u003cvalue\u003e Profile version number\n --vulidmapping=\u003coption\u003e Which type of control identifier to map to the checklist ID\n \u003coptions: gid|id\u003e\n --webdbinstance=\u003cvalue\u003e The specific instance of the web application or database running on the server\n --webdbsite=\u003cvalue\u003e The specific site or application hosted on the web or database server\n --webordatabase Indicates whether the STIG is primarily for either a web or database server\n\n DESCRIPTION\n Translate a Heimdall Data Format JSON file into a DISA checklist file\n\n EXAMPLES\n $ saf convert hdf2ckl -i rhel7-results.json -o rhel7.ckl --fqdn reverseproxy.example.org --hostname reverseproxy --ip 10.0.0.3 --mac 12:34:56:78:90:AB\n\n $ saf convert hdf2ckl -i rhel8-results.json -o rhel8.ckl -m rhel8-metadata.json\n```\n[top](#convert-hdf-to-other-formats)\n#### HDF to CSV\n```\nconvert hdf2csv Translate a Heimdall Data Format JSON file into a\n Comma Separated Values (CSV) file\n\n USAGE\n $ saf convert hdf2csv -i \u003chdf-scan-results-json\u003e -o \u003coutput-csv\u003e [-h] [-f \u003ccsv-fields\u003e] [-t]\n\n FLAGS\n -f, --fields=\u003ccsv-fields\u003e [default: All Fields] Fields to include in output CSV, separated by commas\n -i, --input=\u003chdf-scan-results-json\u003e (required) Input HDF file\n -o, --output=\u003coutput-csv\u003e (required) Output CSV file\n -t, --noTruncate Don't truncate fields longer than 32,767 characters (the cell limit in Excel)\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n Running the CLI interactively\n $ saf convert hdf2csv --interactive\n Providing flags at the command line\n $ saf convert hdf2csv -i rhel7-results.json -o rhel7.csv --fields \"Results Set,Status,ID,Title,Severity\"\n```\n[top](#convert-hdf-to-other-formats)\n#### HDF to Condensed JSON\n```\nconvert hdf2condensed Condensed format used by some community members\n to pre-process data for elasticsearch and custom dashboards\n\n USAGE\n $ saf convert hdf2condensed -i \u003chdf-scan-results-json\u003e -o \u003ccondensed-json\u003e [-h]\n\n FLAGS\n -i, --input=\u003chdf-scan-results-json\u003e (required) Input HDF file\n -o, --output=\u003ccondensed-json\u003e (required) Output condensed JSON file\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf convert hdf2condensed -i rhel7-results.json -o rhel7-condensed.json\n```\n[top](#convert-hdf-to-other-formats)\n\n---\n### Convert To HDF\n\n#### ASFF to HDF\n\nOutput|Use|Command\n---|---|---\nASFF json|All the findings that will be fed into the mapper|aws securityhub get-findings \u003e asff.json\nAWS SecurityHub enabled standards json|Get all the enabled standards so you can get their identifiers|aws securityhub get-enabled-standards \u003e asff_standards.json\nAWS SecurityHub standard controls json|Get all the controls for a standard that will be fed into the mapper|aws securityhub describe-standards-controls --standards-subscription-arn \"arn:aws:securityhub:us-east-1:123456789123:subscription/cis-aws-foundations-benchmark/v/1.2.0\" \u003e asff_cis_standard.json\n\n```\nconvert asff2hdf Translate a AWS Security Finding Format JSON into a\n Heimdall Data Format JSON file(s)\n USAGE\n $ saf convert asff2hdf -o \u003chdf-output-folder\u003e [-h] (-i \u003casff-json\u003e [--securityhub \u003cstandard-json\u003e]... | -a -r \u003cregion\u003e [-I | -C \u003ccertificate\u003e] [-t \u003ctarget\u003e]) [-L info|warn|debug|verbose]\n\n FLAGS\n -C, --certificate=\u003ccertificate\u003e Trusted signing certificate file\n -I, --insecure Disable SSL verification, this is insecure\n -H, --securityHub=\u003cstandard-json\u003e Additional input files to provide context that an ASFF file needs\n such as the CIS AWS Foundations or AWS Foundational Security Best\n Practices documents (in ASFF compliant JSON form) \n -a, --aws Pull findings from AWS Security Hub\n -i, --input=\u003casff-json\u003e (required if not using AWS) Input ASFF JSON file\n -o, --output=\u003chdf-output-folder\u003e (required) Output HDF JSON folder\n -r, --region=\u003cregion\u003e Security Hub region to pull findings from\n -t, --target=\u003ctarget\u003e... Target ID(s) to pull from Security Hub (maximum 10), leave blank for non-HDF findings\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n Using ASFF JSON file\n $ saf convert asff2hdf -i asff-findings.json -o output-folder-name\n Using ASFF JSON file with additional input files\n $ saf convert asff2hdf -i asff-findings.json --securityhub \u003cstandard-1-json\u003e ... --securityhub \u003cstandard-n-json\u003e -o output-folder-name\n Using AWS to pull ASFF JSON findings\n $ saf convert asff2hdf --aws -o out -r us-west-2 --target rhel7\n```\n[top](#convert-other-formats-to-hdf)\n#### AWS Config to HDF\n\n***Note:*** Pulling AWS Config results data requires configuration of the AWS CLI, see πŸ‘‰ [the AWS documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html) or configuration of environment variables via Docker.\n\n```\nconvert aws_config2hdf Pull Configuration findings from AWS Config and convert\n into a Heimdall Data Format JSON file\n USAGE\n $ saf convert aws_config2hdf -r \u003cregion\u003e -o \u003chdf-scan-results-json\u003e [-h] [-a \u003caccess-key-id\u003e] [-s \u003csecret-access-key\u003e] [-t \u003csession-token\u003e] [-i]\n\n FLAGS\n -a, --accessKeyId=\u003caccess-key-id\u003e Access key ID\n -i, --insecure Disable SSL verification, this is insecure.\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n -r, --region=\u003cregion\u003e (required) Region to pull findings from\n -s, --secretAccessKey=\u003csecret-access-key\u003e Secret access key\n -t, --sessionToken=\u003csession-token\u003e Session token\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf convert aws_config2hdf -a ABCDEFGHIJKLMNOPQRSTUV -s +4NOT39A48REAL93SECRET934 -r us-east-1 -o output-hdf-name.json\n```\n[top](#convert-other-formats-to-hdf)\n#### Burp Suite to HDF\n```\nconvert burpsuite2hdf Translate a BurpSuite Pro XML file into a Heimdall\n Data Format JSON file\n USAGE\n $ saf convert burpsuite2hdf -i \u003cburpsuite-xml\u003e -o \u003chdf-scan-results-json\u003e [-h] [-w]\n\n FLAGS\n -i, --input=\u003cburpsuite-xml\u003e (required) Input Burpsuite Pro XML File\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n -w, --includeRaw Include raw input file in HDF JSON file\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf convert burpsuite2hdf -i burpsuite_results.xml -o output-hdf-name.json\n```\n[top](#convert-other-formats-to-hdf)\n#### CKL to POA\u0026M\n\nNote: The included CCI to NIST Mappings are the extracted from NIST.gov, for mappings specific to eMASS use [this](https://github.com/mitre/ckl2POAM/blob/main/resources/cci2nist.json) file instead).\n\n```\nconvert ckl2POAM Translate DISA Checklist CKL file(s) to POA\u0026M files\n\n USAGE\n $ saf convert ckl2POAM -i \u003cdisa-checklist\u003e -o \u003cpoam-output-folder\u003e [-h] [-O \u003coffice/org\u003e] [-d \u003cdevice-name\u003e] [-s \u003cnum-rows\u003e]\n\n FLAGS\n -O, --officeOrg=\u003coffice/org\u003e Default value for Office/org (prompts for each file if not set)\n -d, --deviceName=\u003cdevice-name\u003e Name of target device (prompts for each file if not set)\n -i, --input=\u003cdisa-checklist\u003e... (required) Path to the DISA Checklist File(s)\n -o, --output=\u003cpoam-output-folder\u003e (required) Path to output PO\u0026M File(s)\n -s, --rowsToSkip=\u003cnum-rows\u003e [default: 4] Rows to leave between POA\u0026M Items for milestones\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n ALIASES\n $ saf convert ckl2poam\n\n EXAMPLES\n $ saf convert ckl2POAM -i checklist_file.ckl -o output-folder -d abcdefg -s 2\n```\n\n[top](#convert-other-formats-to-hdf)\n#### CycloneDX SBOM to HDF\n\nNote: Currently, only the CycloneDX SBOM, VEX, and HBOM formats are officially supported in the CycloneDX SBOM convert command (formats like SaaSBOM are NOT supported and will result in errors). To convert other non-CycloneDX SBOM formats, first convert your current SBOM data file into the CycloneDX SBOM data format with [their provided utility](https://github.com/CycloneDX/cyclonedx-cli) and then convert the CycloneDX SBOM file to OHDF with the `saf convert cyclonedx_sbom2hdf` command.\n\nEX) To convert SPDX SBOM format to CycloneDX SBOM format using the [CycloneDX CLI](https://github.com/CycloneDX/cyclonedx-cli), you can perform the following:\n\n```\ncyclonedx-cli convert --input-file spdx-sbom.json --output-file cyclonedx-sbom.json --input-format spdxjson --output-format json\n```\n\nAnd then use that resulting CycloneDX SBOM file to convert to OHDF.\n\n```\nconvert cyclonedx_sbom2hdf Translate a CycloneDX SBOM report into an HDF results set\n\n USAGE\n $ saf convert cyclonedx_sbom2hdf -i \u003ccyclonedx_sbom-json\u003e -o \u003chdf-scan-results-json\u003e [-h] [-w]\n\n FLAGS\n -i, --input=\u003ccyclonedx_sbom-json\u003e (required) Input CycloneDX SBOM File\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n -w, --includeRaw Include raw input file in HDF JSON file\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf convert cyclonedx_sbom2hdf -i cyclonedx_sbom.json -o output-hdf-name.json\n```\n\n[top](#convert-other-formats-to-hdf)\n#### DBProtect to HDF\n```\nconvert dbprotect2hdf Translate a DBProtect report in \"Check Results\n Details\" XML format into a Heimdall Data Format JSON file\n USAGE\n $ saf convert dbprotect2hdf -i \u003cdbprotect-xml\u003e -o \u003chdf-scan-results-json\u003e [-h] [-w]\n\n FLAGS\n -i, --input=\u003cdbprotect-xml\u003e (required) 'Check Results Details' XML File\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n -w, --includeRaw Include raw input file in HDF JSON file\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n \n EXAMPLES\n $ saf convert dbprotect2hdf -i check_results_details_report.xml -o output-hdf-name.json\n```\n\n[top](#convert-other-formats-to-hdf)\n##### Dependency-Track to HDF\n```\nconvert dependency_track2hdf Translate a Dependency-Track results JSON\n file into a Heimdall Data Format JSON file\n USAGE\n $ saf convert dependency_track2hdf -i \u003cdt-fpf-json\u003e -o \u003chdf-scan-results-json\u003e [-h] [-w]\n\n FLAGS\n -h, --help Show CLI help.\n -i, --input=\u003cvalue\u003e (required) Input Dependency-Track FPF file\n -o, --output=\u003cvalue\u003e (required) Output HDF file\n -w, --with-raw\n\n GLOBAL FLAGS\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n saf convert dependency_track2hdf -i dt-fpf.json -o output-hdf-name.json\n```\n\n[top](#convert-other-formats-to-hdf)\n#### Fortify to HDF\n```\nconvert fortify2hdf Translate a Fortify results FVDL file into a Heimdall\n Data Format JSON file; the FVDL file is an XML that can be\n extracted from the Fortify FPR project file using standard\n file compression tools\n USAGE\n $ saf convert fortify2hdf -i \u003cfortify-fvdl\u003e -o \u003chdf-scan-results-json\u003e [-h] [-w]\n\n FLAGS\n -i, --input=\u003cfortify-fvdl\u003e (required) Input FVDL File\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n -w, --includeRaw Include raw input file in HDF JSON file\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf convert fortify2hdf -i audit.fvdl -o output-hdf-name.json\n```\n\n[top](#convert-other-formats-to-hdf)\n#### gosec to HDF\n```\nconvert gosec2hdf Translate a gosec (Golang Security Checker) results file\n into a Heimdall Data Format JSON file\n USAGE\n $ saf convert gosec2hdf -i \u003cgosec-json\u003e -o \u003chdf-scan-results-json\u003e [-h] [-w]\n\n FLAGS\n -h, --help Show CLI help.\n -i, --input=\u003cvalue\u003e (required) Input gosec Results JSON File\n -o, --output=\u003cvalue\u003e (required) Output HDF JSON File\n -w, --includeRaw Include raw input file in HDF JSON file\n\n GLOBAL FLAGS\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf convert gosec2hdf -i gosec_results.json -o output-hdf-name.json\n```\n\n[top](#convert-other-formats-to-hdf)\n#### Ion Channel 2 HDF\n```\nconvert ionchannel2hdf Pull and translate SBOM data from Ion Channel\n into Heimdall Data Format\n USAGE\n $ saf convert ionchannel2hdf -o \u003chdf-output-folder\u003e [-h] (-i \u003cionchannel-json\u003e | -a \u003capi-key\u003e -t \u003cteam-name\u003e [--raw ] [-p \u003cproject\u003e] [-A ]) [-L info|warn|debug|verbose]\n\n FLAGS\n -A, --allProjects Pull all projects available within your team\n -L, --logLevel=\u003coption\u003e [default: info]\n \u003coptions: info|warn|debug|verbose\u003e\n -a, --apiKey=\u003capi-key\u003e API Key from Ion Channel user settings\n -i, --input=\u003cionchannel-json\u003e... Input IonChannel JSON file\n -o, --output=\u003chdf-output-folder\u003e (required) Output JSON folder\n -p, --project=\u003cproject\u003e... The name of the project(s) you would like to pull\n -t, --teamName=\u003cteam-name\u003e Your team name that contains the project(s) you would like to pull data from\n --raw Output Ion Channel raw data\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n Using Input IonChannel JSON file\n $ saf convert ionchannel2hdf -o output-folder-name -i ion-channel-file.json\n Using IonChannel API Key (pull one project)\n $ saf convert ionchannel2hdf -o output-folder-name -a ion-channel-apikey -t team-name -p project-name-to-pull --raw\n Using IonChannel API Key (pull all project)\n $ saf convert ionchannel2hdf -o output-folder-name -a ion-channel-apikey -t team-name -A --raw\n\n```\n\n[top](#convert-other-formats-to-hdf)\n#### JFrog Xray to HDF\n```\nconvert jfrog_xray2hdf Translate a JFrog Xray results JSON file into a\n Heimdall Data Format JSON file\n USAGE\n $ saf convert jfrog_xray2hdf -i \u003cjfrog-xray-json\u003e -o \u003chdf-scan-results-json\u003e [-h] [-w]\n\n FLAGS\n -i, --input=\u003cjfrog-xray-json\u003e (required) Input JFrog JSON File\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n -w, --includeRaw Include raw input file in HDF JSON file\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf convert jfrog_xray2hdf -i xray_results.json -o output-hdf-name.json\n```\n\n[top](#convert-other-formats-to-hdf)\n#### Tenable Nessus to HDF\n```\nconvert nessus2hdf Translate a Nessus XML results file into a Heimdall Data Format JSON file.\n The current iteration maps all plugin families except for 'Policy Compliance'\n A separate HDF JSON is generated for each host reported in the Nessus Report.\n USAGE\n $ saf convert nessus2hdf -i \u003cnessus-xml\u003e -o \u003chdf-scan-results-json\u003e [-h] [-w]\n \n FLAGS\n -i, --input=\u003cnessus-xml\u003e (required) Input Nessus XML File\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n -w, --includeRaw Include raw input file in HDF JSON file\n\n GLOBAL FLAGS\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n \n EXAMPLES\n $ saf convert nessus2hdf -i nessus_results.xml -o output-hdf-name.json\n```\n\n[top](#convert-other-formats-to-hdf)\n#### Microsoft Secure Score to HDF\nOutput|Use|Command\n---|---|---\nMicrosoft Secure Score JSON|This file contains the Graph API response for the `security/secureScore` endpoint|PowerShell$ `Get-MgSecuritySecureScore -Top 500`\nMicrosoft Secure Score Control Profiles JSON|This file contains the Graph API response for the `security/secureScoreControlProfiles` endpoint|PowerShell$ `Get-MgSecuritySecureScoreControlProfile -Top 500`\nCombined JSON|Combine the outputs from `security/secureScore` and `security/secureScoreControlProfiles` endpoints|`jq -s \\'{\"secureScore\": .[0], \"profiles\": .[1]}\\' secureScore.json secureScoreControlProfiles.json`\n\n\n```\nconvert msft_secure2hdf Translate a Microsoft Secure Score report and Secure Score Control to a Heimdall Data Format JSON file\n\n USAGE\n $ saf convert msft_secure2hdf -p \u003csecure-score-control-profiles\u003e -r \u003csecureScore-json\u003e-o \u003chdf-scan-results-json\u003e [-h]\n $ saf convert msft_secure2hdf -t \u003cazure-tenant-id\u003e -a \u003cazure-app-id\u003e -s \u003cazure-app-secret\u003e -o \u003chdf-scan-results-json\u003e [-h]\n $ saf convert msft_secure2hdf -i \u003ccombined-inputs\u003e -o \u003chdf-scan-results-json\u003e [-h]\n\n FLAGS\n -C, --certificate=\u003cvalue\u003e Trusted signing certificate file\n -I, --insecure Disable SSL verification, this is insecure.\n -a, --appId=\u003cvalue\u003e Azure application ID\n -i, --combinedInputs=\u003cvalue\u003e JSON File combining the outputs from the Microsoft Graph API endpoints\n {secureScore: \u003cCONTENTS_OF_INPUT_SCORE_DOC\u003e}, profiles: \u003cCONTENTS_OF_INPUT_PROFILES_DOC\u003e\n -o, --output=\u003cvalue\u003e (required) Output HDF JSON file\n -p, --inputProfiles=\u003cvalue\u003e Input Microsoft Graph API \"GET /security/secureScoreControlProfiles\" output JSON File\n -r, --inputScoreDoc=\u003cvalue\u003e Input Microsoft Graph API \"GET /security/secureScores\" output JSON File\n -s, --appSecret=\u003cvalue\u003e Azure application secret\n -t, --tenantId=\u003cvalue\u003e Azure tenant ID\n -w, --includeRaw Include raw input file in HDF JSON file\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n Using input files\n $ saf convert msft_secure2hdf -p secureScore.json -r secureScoreControlProfiles -o output-hdf-name.json [-w]\n\n Using Azure tenant ID\n $ saf convert msft_secure2hdf -t \"12345678-1234-1234-1234-1234567890abcd\" \\\n -a \"12345678-1234-1234-1234-1234567890abcd\" \\\n -s \"aaaaa~bbbbbbbbbbbbbbbbbbbbbbbbb-cccccccc\" \\\n -o output-hdf-name.json [-I | -C \u003ccertificate\u003e]\n\n Using combined inputs\n $ saf convert msft_secure2hdf -i \u003c(jq '{\"secureScore\": .[0], \"profiles\": .[1]}' secureScore.json secureScoreControlProfiles.json)\u003e \\\n -o output-hdf-name.json [-w]\n\n```\n\n[top](#convert-other-formats-to-hdf)\n#### Netsparker to HDF\n```\nconvert netsparker2hdf Translate a Netsparker XML results file into a\n Heimdall Data Format JSON file. The current\n iteration only works with Netsparker Enterprise\n Vulnerabilities Scan.\n USAGE\n $ saf convert netsparker2hdf -i \u003cnetsparker-xml\u003e -o \u003chdf-scan-results-json\u003e [-h] [-w]\n\n FLAGS\n -i, --input=\u003cnetsparker-xml\u003e (required) Input Netsparker XML File\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n -w, --includeRaw Include raw input file in HDF JSON file\n\nGLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf convert netsparker2hdf -i netsparker_results.xml -o output-hdf-name.json\n```\n\n[top](#convert-other-formats-to-hdf)\n#### NeuVector to HDF\n```\nconvert neuvector2hdf Translate a NeuVector results JSON to a Heimdall Data Format JSON file\n\nUSAGE\n $ saf convert neuvector2hdf -i \u003cneuvector-json\u003e -o \u003chdf-scan-results-json\u003e\n\nFLAGS\n -i, --input=\u003cvalue\u003e (required) Input NeuVector Results JSON File\n -o, --output=\u003cvalue\u003e (required) Output HDF JSON file\n -w, --includeRaw Include raw input file in HDF JSON file\n\nGLOBAL FLAGS\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\nEXAMPLES\n $ saf convert neuvector2hdf -i neuvector.json -o output-hdf-name.json\n```\n[top](#convert-other-formats-to-hdf)\n#### Nikto to HDF\n```\nconvert nikto2hdf Translate a Nikto results JSON file into a Heimdall\n Data Format JSON file.\n Note: Currently this mapper only supports single\n target Nikto Scans\n USAGE\n $ saf convert nikto2hdf -i \u003cnikto-json\u003e -o \u003chdf-scan-results-json\u003e [-h] [-w]\n\n FLAGS\n -i, --input=\u003cnikto-json\u003e (required) Input Niktop Results JSON File\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n -w, --includeRaw Include raw input file in HDF JSON file\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\nEXAMPLES\n $ saf convert nikto2hdf -i nikto-results.json -o output-hdf-name.json\n```\n[top](#convert-other-formats-to-hdf)\n#### Prisma to HDF\n```\nconvert prisma2hdf Translate a Prisma Cloud Scan Report CSV file into\n Heimdall Data Format JSON files\n USAGE\n $ saf convert prisma2hdf -i \u003cprisma-cloud-csv\u003e -o \u003chdf-output-folder\u003e [-h]\n\n FLAGS\n -i, --input=\u003cprisma-cloud-csv\u003e (required) Prisma Cloud Scan Report CSV\n -o, --output=\u003chdf-output-folder\u003e (required) Output HDF JSON file\n\n GLOBAL FLAGS\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n EXAMPLES\n $ saf convert prisma2hdf -i prismacloud-report.csv -o output-hdf-name.json\n```\n[top](#convert-other-formats-to-hdf)\n#### Prowler to HDF\n```\nconvert prowler2hdf Translate a Prowler-derived AWS Security Finding\n Format results from JSONL\n into a Heimdall Data Format JSON file\n USAGE\n $ saf convert prowler2hdf -i \u003cprowler-finding-json\u003e -o \u003chdf-output-folder\u003e [-h]\n\n FLAGS\n -i, --input=\u003cprowler-finding-json\u003e (required) Input Prowler ASFF JSON File\n -o, --output=\u003chdf-output-folder\u003e (required) Output HDF JSON Folder\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n \n EXAMPLES\n $ saf convert prowler2hdf -i prowler-asff.json -o output-folder\n```\n[top](#convert-other-formats-to-hdf)\n#### Sarif to HDF\n```\nconvert sarif2hdf Translate a SARIF JSON file into a Heimdall Data\n Format JSON file\n USAGE\n $ saf convert sarif2hdf -i \u003csarif-json\u003e -o \u003chdf-scan-results-json\u003e [-h] [-w]\n\n FLAGS\n -i, --input=\u003csarif-json\u003e (required) Input SARIF JSON File\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n -w, --includeRaw Include raw input file in HDF JSON file\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n DESCRIPTION\n SARIF level to HDF impact mapping are:\n SARIF level error -\u003e HDF impact 0.7\n SARIF level warning -\u003e HDF impact 0.5\n SARIF level note -\u003e HDF impact 0.3\n SARIF level none -\u003e HDF impact 0.1\n SARIF level not provided -\u003e HDF impact 0.1 as default\n\n EXAMPLES\n $ saf convert sarif2hdf -i sarif-results.json -o output-hdf-name.json\n```\n\n[top](#convert-other-formats-to-hdf)\n#### Scoutsuite to HDF\n```\nconvert scoutsuite2hdf Translate a ScoutSuite results from a Javascript\n object into a Heimdall Data Format JSON file\n\n Note: Currently this mapper only supports AWS\n USAGE\n $ saf convert scoutsuite2hdf -i \u003cscoutsuite-results-js\u003e -o \u003chdf-scan-results-json\u003e [-h] [-w]\n\n FLAGS\n -i, --input=\u003cscoutsuite-results-js\u003e (required) Input ScoutSuite Results JS File\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n -w, --includeRaw Include raw input file in HDF JSON file\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf convert scoutsuite2hdf -i scoutsuite-results.js -o output-hdf-name.json\n```\n[top](#convert-other-formats-to-hdf)\n#### Snyk to HDF\n```\nconvert snyk2hdf Translate a Snyk results JSON file into a Heimdall\n Data Format JSON file\n A separate HDF JSON is generated for each project\n reported in the Snyk Report\n USAGE\n $ saf convert snyk2hdf -i \u003csnyk-json\u003e -o \u003chdf-scan-results-json\u003e [-h]\n\n FLAGS\n -i, --input=\u003csnyk-json\u003e (required) Input Snyk Results JSON File\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf convert snyk2hdf -i snyk_results.json -o output-file-prefix\n```\n[top](#convert-other-formats-to-hdf)\n#### SonarQube to HDF\n```\nconvert sonarqube2hdf Pull SonarQube vulnerabilities for the specified\n project name and optional branch or pull/merge\n request ID name from an API and convert into a\n Heimdall Data Format JSON file\n USAGE\n $ saf convert sonarqube2hdf -n \u003csonar-project-key\u003e -u \u003chttp://your.sonar.instance:9000\u003e -a \u003cyour-sonar-api-key\u003e [ -b \u003ctarget-branch\u003e | -p \u003cpull-request-id\u003e ] -o \u003chdf-scan-results-json\u003e\n\n FLAGS\n -a, --auth=\u003cyour-sonar-api-key\u003e (required) SonarQube API Key\n -n, --projectKey=\u003csonar-project-key\u003e (required) SonarQube Project Key\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n -u, --url=\u003chttp://your.sonar.instance:9000\u003e (required) SonarQube Base URL (excluding '/api') \n -b, --branch=\u003ctarget-branch\u003e Requires Sonarqube Developer Edition or above\n -p, --pullRequestID=\u003cpull-request-id\u003e Requires Sonarqube Developer Edition or above\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf convert sonarqube2hdf -n sonar_project_key -u http://sonar:9000 --auth abcdefg -p 123 -o scan_results.json\n```\n\n[top](#convert-other-formats-to-hdf)\n#### Splunk to HDF\n```\nconvert splunk2hdf Pull HDF data from your Splunk instance back into an HDF file\n\n USAGE\n $ saf splunk2hdf -H \u003chost\u003e -I \u003cindex\u003e [-h] [-P \u003cport\u003e] [-s http|https] (-u \u003cusername\u003e -p \u003cpassword\u003e | -t \u003ctoken\u003e) [-L info|warn|debug|verbose] [-i \u003cfilename/GUID\u003e -o \u003chdf-output-folder\u003e]\n\n FLAGS\n -H, --host=\u003cvalue\u003e (required) Splunk Hostname or IP\n -I, --index=\u003cvalue\u003e (required) Splunk index to query HDF data from\n -P, --port=\u003cvalue\u003e [default: 8089] Splunk management port (also known as the Universal Forwarder port)\n -i, --input=\u003cvalue\u003e... GUID(s) or Filename(s) of files from Splunk to convert\n -o, --output=\u003cvalue\u003e Output HDF JSON Folder\n -p, --password=\u003cvalue\u003e Your Splunk password\n -s, --scheme=\u003coption\u003e [default: https] HTTP Scheme used for communication with splunk\n \u003coptions: http|https\u003e\n -t, --token=\u003cvalue\u003e Your Splunk API Token\n -u, --username=\u003cvalue\u003e Your Splunk username\n\n GLOBAL FLAGS\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf convert splunk2hdf -H 127.0.0.1 -u admin -p Valid_password! -I hdf -i some-file-in-your-splunk-instance.json -i yBNxQsE1mi4f3mkjtpap5YxNTttpeG -o output-folder\n```\n\n[top](#convert-other-formats-to-hdf)\n#### Trivy to HDF\n```\nconvert trivy2hdf Translate a Trivy-derived AWS Security Finding\n Format results from JSONL\n into a Heimdall Data Format JSON file\n USAGE\n $ saf convert trivy2hdf -i \u003ctrivy-finding-json\u003e -o \u003chdf-output-folder\u003e\n\n FLAGS\n -i, --input=\u003ctrivy-finding-json\u003e (required) Input Trivy ASFF JSON File\n -o, --output=\u003chdf-output-folder\u003e (required) Output HDF JSON Folder\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n DESCRIPTION\n Note: Currently this mapper only supports the results of Trivy's `image`\n subcommand (featuring the CVE findings) while using the ASFF template format\n (which comes bundled with the repo). An example call to Trivy to get this\n type of file looks as follows:\n AWS_REGION=us-east-1 AWS_ACCOUNT_ID=123456789012 trivy image --no-progress --format template --template \"@/absolute_path_to/git_clone_of/trivy/contrib/asff.tpl\" -o trivy_asff.json golang:1.12-alpine\n\n EXAMPLES\n $ saf convert trivy2hdf -i trivy-asff.json -o output-folder\n```\n\n[top](#convert-other-formats-to-hdf)\n#### Trufflehog to HDF\n```\nconvert trufflehog2hdf Translate a Trufflehog output file into an HDF results set\n\n USAGE\n $ saf convert trufflehog2hdf -i \u003ctrufflehog-json\u003e -o \u003chdf-scan-results-json\u003e [-h] [-w]\n\n FLAGS\n -i, --input=\u003ctrufflehog-json\u003e (required) Input Trufflehog file\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n -w, --includeRaw Include raw input file in HDF JSON file\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf convert trufflehog2hdf -i trufflehog.json -o output-hdf-name.json\n```\n\n[top](#convert-other-formats-to-hdf)\n#### Twistlock to HDF\n```\nconvert twistlock2hdf Translate a Twistlock CLI output file into an HDF results set\n\n USAGE\n $ saf convert twistlock2hdf -i \u003ctwistlock-json\u003e -o \u003chdf-scan-results-json\u003e [-h] [-w]\n\n FLAGS\n -i, --input=\u003ctwistlock-json\u003e (required) Input Twistlock file\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n -w, --includeRaw Include raw input file in HDF JSON file\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n \n EXAMPLES\n $ saf convert twistlock2hdf -i twistlock.json -o output-hdf-name.json\n```\n\n[top](#convert-other-formats-to-hdf)\n#### Veracode to HDF\n```\nconvert veracode2hdf Translate a Veracode XML file into a Heimdall Data\n Format JSON file\n USAGE\n $ saf convert veracode2hdf -i \u003cveracode-xml\u003e -o \u003chdf-scan-results-json\u003e [-h]\n\n FLAGS\n -i, --input=\u003cveracode-xml\u003e (required) Input Veracode XML File\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf convert veracode2hdf -i veracode_results.xml -o output-hdf-name.json\n```\n[top](#convert-other-formats-to-hdf)\n#### XCCDF Results to HDF\n***Note:*** `xccdf_results2hdf` only supports native OpenSCAP and SCC output.\n```\nconvert xccdf_results2hdf Translate a SCAP client XCCDF-Results XML report\n to a Heimdall Data Format JSON file\n USAGE\n $ saf convert xccdf_results2hdf -i \u003cxccdf-results-xml\u003e -o \u003chdf-scan-results-json\u003e [-h] [-w]\n\n FLAGS\n -i, --input=\u003cxccdf-results-xml\u003e (required) Input XCCDF Results XML File\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n -w, --includeRaw Include raw input file in HDF JSON file\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf convert xccdf_results2hdf -i results-xccdf.xml -o output-hdf-name.json\n```\n\n[top](#convert-other-formats-to-hdf)\n#### OWASP ZAP to HDF\n```\nconvert zap2hdf Translate a OWASP ZAP results JSON to a Heimdall Data Format JSON file\n\n USAGE\n $ saf convert zap2hdf -i \u003czap-json\u003e -n \u003ctarget-site-name\u003e -o \u003chdf-scan-results-json\u003e [-h] [-w]\n\n FLAGS\n -i, --input=\u003czap-json\u003e (required) Input OWASP Zap Results JSON File\n -n, --name=\u003ctarget-site-name\u003e (required) Target Site Name\n -o, --output=\u003chdf-scan-results-json\u003e (required) Output HDF JSON File\n -w, --includeRaw Include raw input file in HDF JSON file\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf convert zap2hdf -i zap_results.json -n mitre.org -o scan_results.json\n```\n[top](#convert-other-formats-to-hdf)\n\n---\n\n### eMASSer API CLI\n\nThe SAF CLI implements the eMASS REST API capabilities by incorporating the eMASSer CLI into the SAF CLI. Please references the [eMASSer Features](https://saf-cli.mitre.org/docs/emasser) πŸ“œ for additional information\n\nTo get top level help execute the following commad:\n\n```\n$ saf emasser [-h or -help]\n[eMASS] The eMASS REST API implementation\n\nUSAGE\n $ saf emasser COMMAND\n\nTOPICS\n emasser delete eMass REST API DELETE endpoint commands\n emasser get eMass REST API GET endpoint commands\n emasser post eMass REST API POST endpoint commands\n emasser put eMass REST API PUT endpoint commands\n\nCOMMANDS\n emasser configure Generate a configuration file (.env) for accessing an eMASS instances.\n emasser version Display the eMASS API specification version the CLI implements.\n```\n\n[top](#emasser-client)\n\n___\n\n### View\n\n#### Heimdall\n\nYou can start a local Heimdall Lite instance to visualize your findings with the SAF CLI. To start an instance use the `saf view heimdall` command:\n\n```\nview heimdall Run an instance of Heimdall Lite to\n visualize your data\n USAGE\n $ saf view heimdall [-h] [-p \u003cport\u003e] [-f \u003cfile\u003e] [-n]\n\n FLAGS\n -h, --help Show CLI help\n -f, --files=\u003cfile\u003e... File(s) to display in Heimdall\n -n, --noOpenBrowser Don't open the default browser automatically\n -p, --port=\u003cport\u003e [default: 3000] Port To Expose Heimdall On (Default 3000)\n\n ALIASES\n $ saf heimdall\n\n EXAMPLES\n $ saf view heimdall -p 8080\n```\n[top](#view-hdf-summaries-and-data)\n\n#### Summary\n\nTo get a quick compliance summary from an HDF file (grouped by profile name) use the `saf view summary` command:\n\n```\nview summary Get a quick compliance overview of an HDF file\n\n USAGE\n $ saf view summary -i \u003c\u003chdf-file\u003e... [-o \u003coutput\u003e] [-f json|yaml|markdown] [-s] [-r] [-t] [-l \u003cvalue\u003e] [-h]\n\n FORMATTING FLAGS\n -f, --format=\u003coption\u003e [default: yaml] Specify output format\n \u003coptions: json|yaml|markdown\u003e\n -r, --[no-]print-pretty Enable human-readable data output\n -t, --[no-]title-table Add titles to the markdown table(s)\n\n HELP FLAGS\n -h, --help Show help information\n\n I/O FLAGS\n -i, --input=\u003cvalue\u003e... (required) Specify input HDF file(s)\n -o, --output=\u003cvalue\u003e Specify output file(s)\n -s, --[no-]stdout Enable printing to console\n\n DEBUGGING FLAGS\n -l, --logLevel=\u003cvalue\u003e [default: info] Set log level\n\n ALIASES\n $ saf summary\n\n EXAMPLES\n Summarize 'input.hdf' single HDF file\n $ saf summary -i input.hdf\n\n Specify Formats\n $ saf summary -i input.hdf input.json --format=json\n\n Output GitHub Flavored Markdown Table, skip the console, and save to 'output.md\n $ saf summary -i input.hdf input.json --format=markdown --no-stdout -o output.md\n\n Summarize multiple HDF files\n $ saf summary --input input1.hdf --input input2.hdf\n $ saf summary --input input1.hdf input2.hdf\n\n Save summary to 'output.json' and print to the console\n $ saf summary -i input.hdf --output output.json\n\n Enable human-readable output\n $ saf summary --input input.hdf --pretty-print\n\n Useful for scripts or data-processing (RAW yaml/json/etc.)\n $ saf summary -i input.hdf --no-pretty-print\n\n```\n[top](#view-hdf-summaries-and-data)\n\n---\n\n### Validate\n\n#### Thresholds\n\nSee the wiki for more information on πŸ‘‰ [template files](https://github.com/mitre/saf/wiki/Validation-with-Thresholds).\n\n```\nvalidate threshold Validate the compliance and status counts of an HDF file\n\n USAGE\n $ saf validate threshold -i \u003chdf-json\u003e [-I \u003cflattened-threshold-json\u003e | -T \u003ctemplate-file\u003e] [-h] [-L info|warn|debug|verbose]\n\n FLAGS\n -i, --input=\u003cvalue\u003e (required) The HDF JSON File to be validated by the threshold values \n -T, --templateFile=\u003cvalue\u003e A threshold YAML file containing expected threshold values.\n Generate it using the \"saf generate threshold\" command\n -I, --templateInline=\u003cvalue\u003e An inline (on the command line) flattened JSON containing the validation\n thresholds (Intended for backwards compatibility with InSpec Tools)\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n Providing a threshold template file\n $ saf validate threshold -i rhel7-results.json -T threshold.yaml\n \n Specifying the threshold inline\n $ saf validate threshold -i rhel7-results.json -I \"{compliance.min: 80}, {passed.total.min: 18}, {failed.total.max: 2}\"\n\n```\n\n[top](#validate-hdf-thresholds)\n\n---\n\n### Generate\n\n#### Delta\n\nSee the wiki for more information on πŸ‘‰ [Delta](https://github.com/mitre/saf/wiki/Delta).\n\n```\nUpdate an existing InSpec profile with updated XCCDF guidance\n\nUSAGE\n $ saf generate delta [-h] [-L info|warn|debug|verbose] [-J \u003cvalue\u003e | --interactive] [-X \u003cvalue\u003e | -U \u003cvalue\u003e]\n [-o \u003cvalue\u003e | ] [-O \u003cvalue\u003e | ] [-r \u003cvalue\u003e | ] [-T rule|group|cis|version | ] [-M -c \u003cvalue\u003e]\n\nFLAGS\n -J, --inspecJsonFile=\u003cvalue\u003e InSpec Profile Controls JSON summary file\n - can be generated using the \"[cinc-auditor or inspec] json \u003cprofile path\u003e | jq . \u003e profile.json\" command\n -M, --runMapControls Run the approximate string matching process\n -O, --ovalXmlFile=\u003cvalue\u003e The OVAL XML file containing definitions used in the new guidance - in the form of .xml file\n -T, --idType=\u003coption\u003e [default: rule] Control ID Types: 'rule' - Vulnerability IDs (ex. 'SV-XXXXX'), 'group' - Group IDs (ex. 'V-XXXXX'), 'cis' - CIS Rule IDs\n (ex. C-1.1.1.1), 'version' - Version IDs (ex. RHEL-07-010020 - also known as STIG IDs)\n \u003coptions: rule|group|cis|version\u003e\n -U, --xccdfUrl=\u003cvalue\u003e (required [-X or -U] or --interactive) The URL for the XCCDF package containing the new guidance (.zip, e.g., DISA STIG downloads)\n -X, --xccdfXmlFile=\u003cvalue\u003e (required [-X or -U] or --interactive) The XCCDF File containing the new guidance (.xml or .zip)\n -c, --controlsDir=\u003cvalue\u003e (required with -M or -J not provided) The InSpec profile directory containing the controls to update (controls Delta is processing)\n -o, --deltaOutputDir=\u003cvalue\u003e (required if not --interactive) The output folder for the updated profile (this will contain the new controls modified by delta)\n - if it is not empty, it will be overwritten.\n -r, --reportFile=\u003cvalue\u003e Output markdown report file - must have an extension of .md\n\nGLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\nEXAMPLES\n Running the CLI interactively\n $ saf generate delta --interactive\n\n Providing a XCCDF (File), a Profile Controls Summary, and no Fuzzy matching)\n $ saf generate delta -X \u003cxccdf_benchmarks.[xml, zip]\u003e, -J \u003cprofile_summary.json\u003e -c \u003ccurrent-controls-dir\u003e -o \u003cupdated_controls_dir\u003e, [options]\n\n Providing a XCCDF (URL), a Profile Controls Summary, and no Fuzzy matching)\n $ saf generate delta -U \u003cURL-to-benchmark.zip\u003e, -J \u003cprofile_summary.json\u003e -c \u003ccurrent-controls-dir\u003e -o \u003cupdated_controls_dir\u003e, [options]\n\n Providing a XCCDF (File), a Profile Controls Summary, with Fuzzy matching)\n $ saf generate delta -X \u003cxccdf_benchmarks.[xml, zip]\u003e, -J \u003cprofile_summary.json\u003e -c \u003ccurrent-controls-dir\u003e -o \u003cupdated_controls_dir\u003e, -M, [options]\n\n Providing a XCCDF (URL), a Profile Controls Summary, with Fuzzy matching)\n $ saf generate delta -U \u003cURL-to-benchmark.zip\u003e, -J \u003cprofile_summary.json\u003e -c \u003ccurrent-controls-dir\u003e -o \u003cupdated_controls_dir\u003e, -M, [options]\n\n```\n[top](#generate-data-reports-and-more)\n\n#### Delta Supporting Options\nUse this process prior of running `generate delta`. The process updates the controls with metadata provided by the XCCDF guidance to include the controls name and number. Additionally it formates the control the same way the `generate delta` will. Running this process minimizes the delta output content and makes for better and easier visualization of the modification provided by the Delta process.\n\n```\nUSAGE\n $ saf generate update_controls4delta [-X \u003cvalue\u003e | -U \u003cvalue\u003e] -c \u003cvalue\u003e [-J \u003cvalue\u003e] [-P V|SV] [-g] [-f] [-b] [-h] [--interactive] [-L info|warn|debug|verbose] \n\nFLAGS\n -U, --xccdfUrl=\u003cvalue\u003e (required [-X or -U]) The URL pointing to the XCCDF file containing the new guidance (DISA STIG downloads)\n -X, --xccdfXmlFile=\u003cvalue\u003e (required [-X or -U]) The XCCDF XML file containing the new guidance - in the form of .xml file\n -c, --controlsDir=\u003cvalue\u003e (required) The InSpec profile controls directory containing the profiles to be updated \n -J, --inspecJsonFile=\u003cvalue\u003e Input execution/profile JSON file - can be generated using the \"inspec json \u003cprofile path\u003e \u003e profile.json\"\n command. If not provided the `inspec` CLI must be installed\n -P, --controlPrefix=\u003coption\u003e [default: V] Old control number prefix V or SV, default V \u003coptions: V|SV\u003e\n -g, --[no-]useXccdfGroupId Use the XCCDF `Group Id` to rename the controls. Uses prefix V or SV based on controlPrefix option\n [default: false]\n -b, --[no-]backupControls Preserve modified controls in a backup directory (oldControls) inside the controls directory\n [default: true]\n -f, --[no-]formatControls Format control contents in the same way `generate delta` will write controls\n [default: true]\n\nGLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\nEXAMPLES\n Providing an XCCDF File\n $ saf generate update_controls4delta -X ./the_xccdf_guidance_file.xml [-J \u003cprofile_json_file.json\u003e]\n [-c the_controls_directory --no-backupControls --no-formatControls -P \u003cV or SV\u003e -g -L debug]\n\n Providing an URL point to an ZIP XCCDF (from DISA STIG downloads)\n $ saf generate update_controls4delta -U \u003cURL to DISA STIGs downloads\u003e [-J \u003cprofile_json_file.json\u003e] \n [-c the_controls_directory --no-backupControls --no-formatControls -P \u003cV or SV\u003e -g -L debug]\n\n```\n[top](#generate-data-reports-and-more)\n\n#### CKL Templates\n\nChecklist template files are used to give extra information to `saf convert hdf2ckl`.\n\n```\ngenerate ckl_metadata Generate a checklist metadata template for \"saf convert hdf2ckl\"\n\n USAGE\n $ saf generate ckl_metadata -o \u003cjson-file\u003e [-h]\n\n FLAGS\n -o, --output=\u003cjson-file\u003e (required) Output JSON File\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n \n EXAMPLES\n $ saf generate ckl_metadata -o rhel_metadata.json\n```\n[top](#generate-data-reports-and-more)\n\n#### InSpec Metadata\n\nInSpec metadata files are used to give extra information to `saf convert *2inspec_stub`.\n\n```\ngenerate inspec_metadata Generate an InSpec metadata template for \"saf convert *2inspec_stub\"\n\n USAGE\n $ saf generate inspec_metadata -o \u003cjson-file\u003e\n\n FLAGS\n -o, --output=\u003cjson-file\u003e (required) Output JSON File\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf generate inspec_metadata -o ms_sql_baseline_metadata.json\n```\n[top](#generate-data-reports-and-more)\n\n#### Inspec Profile\n```\ngenerate inspec_profile Generate a new skeleton profile based on a (STIG or CIS) XCCDF benchmark file \n\nUSAGE\n $ saf generate inspec_profile -X \u003cstig-xccdf-xml\u003e [-O \u003coval-xccdf-xml] [-o \u003coutput-folder\u003e] [-m \u003cmetadata-json\u003e] [-T (rule|group|cis|version)] [-s] [-L (info|warn|debug|verbose)] [-h] [--interactive]\n\nFLAGS\n -X, --xccdfXmlFile=\u003cvalue\u003e (required) Path to the XCCDF benchmark file \n -O, --ovalDefinitions=\u003cvalue\u003e Path to an OVAL definitions file to populate profile elements that reference OVAL definitions\n -T, --idType=\u003coption\u003e [default: rule] Control ID Types: 'rule' - Vulnerability IDs (ex. 'SV-XXXXX'), 'group' -\n Group IDs (ex. 'V-XXXXX'), 'cis' - CIS Rule IDs (ex.\n C-1.1.1.1), 'version' - Version IDs (ex. RHEL-07-010020 - also known as STIG IDs)\n \u003coptions: rule|group|cis|version\u003e\n -m, --metadata=\u003cvalue\u003e Path to a JSON file with additional metadata for the inspec.yml\n The metadata Json is of the following format:\n {\"maintainer\": string, \"copyright\": string, \"copyright_email\": string, \"license\": string, \"version\": string}\n -o, --output=\u003cvalue\u003e [default: profile] The output folder to write the generated InSpec content (defaults to profile if \n unable to translate xccdf title)\n -s, --singleFile Output the resulting controls as a single file\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\nALIASES\n $ saf generate xccdf_benchmark2inspec_stub\n\nEXAMPLES\n $ saf generate xccdf_benchmark2inspec_stub -X ./U_RHEL_6_STIG_V2R2_Manual-xccdf.xml -T group --logLevel debug -r rhel-6-update-report.md\n $ saf generate xccdf_benchmark2inspec_stub -X ./CIS_Ubuntu_Linux_18.04_LTS_Benchmark_v1.1.0-xccdf.xml -O ./CIS_Ubuntu_Linux_18.04_LTS_Benchmark_v1.1.0-oval.xml --logLevel debug\n```\n[top](#generate-data-reports-and-more)\n#### Thresholds\n\nThreshold files are used in Continious Integration (CI) to ensure minimum compliance levels and validate control severities and statuses using `saf validate threshold`\n\nSee the wiki for more information on πŸ‘‰ [template files](https://github.com/mitre/saf/wiki/Validation-with-Thresholds).\n\n```\ngenerate threshold Generate a compliance template for \"saf validate threshold\".\n Default output states that you must have your current\n control counts or better (More Passes and/or less\n Fails/Skips/Not Applicable/No Impact/Errors)\n USAGE\n $ saf generate threshold -i \u003chdf-json\u003e [-o \u003cthreshold-yaml\u003e] [-h] [-e] [-c]\n\n FLAGS\n -c, --generateControlIds Validate control IDs have the correct severity and status\n -e, --exact All counts should be exactly the same when validating, not just less than or greater than\n -i, --input=\u003cvalue\u003e (required) Input HDF JSON File\n -o, --output=\u003cvalue\u003e Output Threshold YAML File\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\n EXAMPLES\n $ saf generate threshold -i rhel7-results.json -e -c -o output.yaml\n```\n[top](#generate-data-reports-and-more)\n\n#### Spreadsheet (csv/xlsx) to InSpec\n\nYou can use `saf generate spreadsheet2inspec_stub` to generate an InSpec profile stub from a spreadsheet file.\n\n```\ngenerate spreadsheet2inspec_stub Generate an InSpec profile stub from a CSV STIGs or CIS XLSX benchmarks\n\nUSAGE\n $ saf generate spreadsheet2inspec_stub -i, --input=\u003cXLSX or CSV\u003e -o, --output=FOLDER\n\nOPTIONS\n -M, --mapping=mapping Path to a YAML file with mappings for each field, by default, CIS Benchmark\n fields are used for XLSX, STIG Viewer CSV export is used by CSV\n -c, --controlNamePrefix=controlNamePrefix Prefix for all control IDs\n -f, --format=cis|disa|general [default: general]\n -i, --input=input (required)\n -e, --encodingHeader Add the \"# encoding: UTF-8\" comment at the top of each control\n -l, --lineLength=lineLength [default: 80] Characters between lines within InSpec controls\n -m, --metadata=metadata Path to a JSON file with additional metadata for the inspec.yml file\n -o, --output=output (required) [default: profile] Output InSpec profile stub folder\n\n GLOBAL FLAGS\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\nEXAMPLES\n saf generate spreadsheet2inspec_stub -i spreadsheet.xlsx -o profile\n```\n[top](#generate-data-reports-and-more)\n\n##### DoD Stub vs CIS Stub Formatting\n\nThe converter supports both Stub and CIS styles. The `--format` flag is used to specify the required output format. Default is DoD Stub Format.\n\n- Specifying the `--format` flag as either `cis` or `disa` will parse the input spreadsheet according to the standard formats for CIS Benchmark exports and DISA STIG exports, respectively.\n- You can also use the `general` setting (the default) to parse an arbitrary spreadsheet, but if you do so, you must provide a mapping file with the `--mapping` flag so that `saf` can parse the input.\n- If you provide a non-standard spreadsheet, the first row of values are assumed to be column headers.\n\n[top](#generate-data-reports-and-more)\n\n#### Mapping Files\n\nMapping files are YAML files that tell `saf` which columns in the input spreadsheet should be parsed. Mapping files are structured as following:\n\n``` yaml\nid: # Required\n - ID\n - \"recommendation #\"\ntitle: # Required\n - Title # You can give more than one column header as a value for an\n - title # attribute if you are not sure how it will be spelled in the input.\ndesc:\n - Description\n - Discussion\n - description\nimpact: 0.5 # If impact is set, its value will be used for every control\ndesc.rationale:\n - Rationale\n - rationale statement\ndesc.check: # Required\n - Audit\n - audit procedure\ndesc.fix:\n - Remediation\n - remediation procedure\ndesc.additional_information: # You can define arbitrary values under desc and tag\n - Additional Information # if you have extra fields to record\ndesc.default_value:\n - Default Value\nref: # InSpec keyword - saf will check this column for URLs (links to documentation)\n - References # and record each address as a ref attribute\n```\n\nWhere the keys (`title`) are InSpec control attributes and the values (`- Title`) are the column headers in the input spreadsheet that correspond to that attribute.\n\n[top](#generate-data-reports-and-more)\n\n---\n\n### Supplement\n\nSupplement (ex. read or modify) elements that provide contextual information in an HDF file such as `passthrough` or `target`\n\n#### Passthrough\n\nSupplement (ex. read or modify) the `passthrough` element, which provides contextual information in the Heimdall Data Format results JSON file\n\n```\nEXAMPLE (combined read, modfication, and overwrite of the original file)\n $ saf supplement passthrough read -i hdf_with_passthrough.json | jq -rc '.key = \"new value\"' | xargs -0 -I{} saf supplement passthrough write -i hdf_with_passthrough.json -d {}\n```\n\nPassthrough data can be any context/structure. See the sample below or visit πŸ‘‰ [Supplement HDF files with additional information](https://github.com/mitre/saf/wiki/Supplement-HDF-files-with-additional-information-(ex.-%60passthrough%60,-%60target%60))\n```json\n{\n \"CDM\": {\n \"HWAM\": {\n \"Asset_ID_Tattoo\": \"arn:aws:ec2:us-east-1:123456789012:instance/i-12345acbd5678efgh90\",\n \"Data_Center_ID\": \"1234-5678-ABCD-1BB1-CC12DD34EE56FF78\",\n \"FQDN\": \"i-12345acbd5678efgh90.ec2.internal\",\n \"Hostname\": \"i-12345acbd5678efgh90\",\n \"ipv4\": \"10.0.1.25\",\n \"ipv6\": \"none defined\",\n \"mac\": \"02:32:fd:e3:68:a1\",\n \"os\": \"Linux\",\n \"FISMA_ID\": \"ABCD2C21-7781-92AA-F126-FF987CZZZZ\"\n },\n \"CSM\": {\n \"Server_Type\": \"member server\",\n \"source_tool\": \"InSpec\"\n }\n }\n}\n```\n[top](#enhance-and-supplement-hdf-data)\n\n##### Read\n\n```\nsupplement passthrough read Read the `passthrough` attribute in a given Heimdall Data Format JSON file and send it to stdout or write it to a file\n\nUSAGE\n $ saf supplement passthrough read -i \u003chdf-json\u003e [-o \u003cpassthrough-json\u003e]\n\nFLAGS\n -i, --input=\u003cvalue\u003e (required) An input HDF file\n -o, --output=\u003cvalue\u003e An output `passthrough` JSON file (otherwise the data is sent to stdout)\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\nEXAMPLES\n $ saf supplement passthrough read -i hdf.json -o passthrough.json\n```\n[top](#enhance-and-supplement-hdf-data)\n\n##### Write\n\n```\nsupplement passthrough write Overwrite the `passthrough` attribute in a given HDF file with the provided `passthrough` JSON data\n\nUSAGE\n $ saf supplement passthrough write -i \u003cinput-hdf-json\u003e (-f \u003cinput-passthrough-json\u003e | -d \u003cpassthrough-json\u003e) [-o \u003coutput-hdf-json\u003e]\n\nFLAGS\n -d, --passthroughData=\u003cvalue\u003e Input passthrough-data (can be any valid JSON); this flag or `passthroughFile` must be provided\n -f, --passthroughFile=\u003cvalue\u003e An input passthrough-data file (can contain any valid JSON); this flag or `passthroughData` must be provided\n -i, --input=\u003cvalue\u003e (required) An input Heimdall Data Format file\n -o, --output=\u003cvalue\u003e An output Heimdall Data Format JSON file (otherwise the input file is overwritten)\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\nDESCRIPTION\n Passthrough data can be any context/structure. See sample ideas at [https://github.com/mitre/saf/wiki/Supplement-HDF-files-with-additional-information-(ex.-%60passthrough%60,-%60target%60)#:~:text=Settings-,Supplement%20HDF%20files%20with%20additional%20information,-(ex.%20%60passthrough%60%2C%20%60target](https://github.com/mitre/saf/wiki/Supplement-HDF-files-with-additional-information-(ex.-%60passthrough%60,-%60target%60))\n \nEXAMPLES\n Providing passthrough-data\n $ saf supplement passthrough write -i hdf.json -d '{\"a\": 5}'\n Using passthrough-data file\n $ saf supplement passthrough write -i hdf.json -f passthrough.json -o new-hdf.json\n```\n[top](#enhance-and-supplement-hdf-data)\n\n#### Target\n\nSupplement (ex. read or modify) the `target` element, which provides contextual information in the Heimdall Data Format results JSON file\n\n```\nEXAMPLE (combined read, modfication, and overwrite of the original file)\n $ saf supplement target read -i hdf_with_target.json | jq -rc '.key = \"new value\"' | xargs -0 -I{} saf supplement target write -i hdf_with_target.json -d {}\n```\n\nPassthrough data can be any context/structure. See the sample below or visit πŸ‘‰ [Supplement HDF files with additional information](https://github.com/mitre/saf/wiki/Supplement-HDF-files-with-additional-information-(ex.-%60passthrough%60,-%60target%60))\n```json\n{\n \"AWS\":{\n \"Resources\":[\n {\n \"Type\":\"AwsEc2Instance\",\n \"Id\":\"arn:aws:ec2:us-east-1:123456789012:instance/i-06036f0ccaa012345\",\n \"Partition\":\"aws\",\n \"Region\":\"us-east-1\",\n \"Details\":{\n \"AwsEc2Instance\":{\n \"Type\":\"t2.medium\",\n \"ImageId\":\"ami-0d716eddcc7b7abcd\",\n \"IpV4Addresses\":[\n \"10.0.0.27\"\n ],\n \"KeyName\":\"rhel7_1_10152021\",\n \"VpcId\":\"vpc-0b53ff8f37a06abcd\",\n \"SubnetId\":\"subnet-0ea14519a4ddaabcd\"\n }\n }\n }\n ]\n }\n}\n```\n[top](#enhance-and-supplement-hdf-data)\n\n##### Read\n\n```\nsupplement target read Read the `target` attribute in a given Heimdall Data Format JSON file and send it to stdout or write it to a file\n\nUSAGE\n $ saf supplement target read -i \u003chdf-json\u003e [-o \u003ctarget-json\u003e]\n\nFLAGS\n -i, --input=\u003cvalue\u003e (required) An input HDF file\n -o, --output=\u003cvalue\u003e An output `target` JSON file (otherwise the data is sent to stdout)\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\nEXAMPLES\n $ saf supplement target read -i hdf.json -o target.json\n```\n[top](#enhance-and-supplement-hdf-data)\n\n##### Write\n\n```\nsupplement target write Overwrite the `target` attribute in a given HDF file with the provided `target` JSON data\n\nUSAGE\n $ saf supplement target write -i \u003cinput-hdf-json\u003e (-f \u003cinput-target-json\u003e | -d \u003ctarget-json\u003e) [-o \u003coutput-hdf-json\u003e]\n\nFLAGS\n -d, --targetData=\u003cvalue\u003e Input target-data (can be any valid JSON); this flag or `targetFile` must be provided\n -f, --targetFile=\u003cvalue\u003e An input target-data file (can contain any valid JSON); this flag or `targetData` must be provided\n -i, --input=\u003cvalue\u003e (required) An input Heimdall Data Format file\n -o, --output=\u003cvalue\u003e An output Heimdall Data Format JSON file (otherwise the input file is overwritten)\n\n GLOBAL FLAGS\n -h, --help Show CLI help\n -L, --logLevel=\u003coption\u003e [default: info] Specify level for logging (if implemented by the CLI command)\n \u003coptions: info|warn|debug|verbose\u003e\n --interactive Collect input tags interactively (not available on all CLI commands)\n\nDESCRIPTION\n Target data can be any context/structure. See sample ideas at https://github.com/mitre/saf/wiki/Supplement-HDF-files-with-additional-information-(ex.-%60passthrough%60,-%60target%60)\n\nEXAMPLES\n Providing target-data\n $ saf supplement target write -i hdf.json -d '{\"a\": 5}'\n Using target-data file\n $ saf supplement target write -i hdf.json -f target.json -o new-hdf.json\n```\n[top](#enhance-and-supplement-hdf-data)\n\n# License and Author\n\n### Authors\n\n- Author:: Will Dower [wdower](https://github.com/wdower)\n- Author:: Ryan Lin [Rlin232](https://github.com/rlin232)\n- Author:: Amndeep Singh Mann [Amndeep7](https://github.com/amndeep7)\n- Author:: Camden Moors [camdenmoors](https://github.com/camdenmoors)\n- Author:: Emily Rodriguez [em-c-rod](https://github.com/em-c-rod)\n- Author:: George Dias [georgedias](https://github.com/georgedias)\n\n### NOTICE\n\nΒ© 2022-2025 The MITRE Corporation.\n\nApproved for Public Release; Distribution Unlimited. Case Number 18-3678.\n\n### NOTICE\n\nMITRE hereby grants express written permission to use, reproduce, distribute, modify, and otherwise leverage this software to the extent permitted by the licensed terms provided in the LICENSE.md file included with this project.\n\n### NOTICE\n\nThis software was produced for the U. S. Government under Contract Number HHSM-500-2012-00008I, and is subject to Federal Acquisition Regulation Clause 52.227-14, Rights in Data-General.\n\nNo other use other than that granted to the U. S. Government, or to those acting on behalf of the U. S. Government under that Clause is authorized without the express written permission of The MITRE Corporation.\n\nFor further information, please contact The MITRE Corporation, Contracts Management Office, 7515 Colshire Drive, McLean, VA 22102-7539, (703) 983-6000.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmitre%2Fsaf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmitre%2Fsaf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmitre%2Fsaf/lists"}