📋
STIG Process Modeling
Manage the complete workflow between vendors and sponsors for STIG creation
VulcanSTIG-Ready Security Guidance
Streamline the creation of STIG documentation and InSpec validation profiles
Skip to content
Quick Start
Quick Test with Docker
bash
docker pull mitre/vulcan:latest
docker run -p 3000:3000 mitre/vulcan:latestFull Setup with Docker Compose
bash
# Clone the repository
git clone https://github.com/mitre/vulcan.git
cd vulcan
# Generate secure configuration
./.github/setup-docker-secrets.sh
# Start the application stack
docker-compose -f .github/docker-compose.yml upLatest Release
Current Version
v2.2.1 - Released August 16, 2025
Security patch release addressing critical vulnerability fixes. View Release Notes →
Why Vulcan?
Vulcan bridges the gap between security requirements and practical implementation, enabling organizations to:
- Accelerate STIG Development: Reduce time from months to weeks
- Ensure Consistency: Maintain alignment with DISA standards
- Automate Validation: Generate InSpec profiles alongside documentation
- Collaborate Effectively: Built-in workflows for multi-team environments
- Track Compliance: Full audit trail and revision history
Technology Stack
Backend
- Ruby 3.3.9 with Rails 8.0.2.1
- PostgreSQL 12+
- Redis for caching
Frontend
- Vue 2.6.11
- Bootstrap 4.4.1
- Turbolinks 5.2.0
DevOps
- Docker optimized images
- GitHub Actions CI/CD
- Kubernetes ready
Part of MITRE SAF
Vulcan is a core component of the MITRE Security Automation Framework (SAF), a comprehensive suite of tools designed to automate security validation and compliance checking.
InSpec
Compliance automation framework
Heimdall
Security results visualization
SAF CLI
Command-line security tools