Skip to content

VulcanSTIG-Ready Security Guidance

Streamline the creation of STIG documentation and InSpec validation profiles

Vulcan

Quick Start

Quick Test with Docker

bash
docker pull mitre/vulcan:latest
docker run -p 3000:3000 mitre/vulcan:latest

Full Setup with Docker Compose

bash
# Clone the repository
git clone https://github.com/mitre/vulcan.git
cd vulcan

# Generate secure configuration
./.github/setup-docker-secrets.sh

# Start the application stack
docker-compose -f .github/docker-compose.yml up

Latest Release

Current Version

v2.2.1 - Released August 16, 2025

Security patch release addressing critical vulnerability fixes. View Release Notes →

Why Vulcan?

Vulcan bridges the gap between security requirements and practical implementation, enabling organizations to:

  • Accelerate STIG Development: Reduce time from months to weeks
  • Ensure Consistency: Maintain alignment with DISA standards
  • Automate Validation: Generate InSpec profiles alongside documentation
  • Collaborate Effectively: Built-in workflows for multi-team environments
  • Track Compliance: Full audit trail and revision history

Technology Stack

Backend

  • Ruby 3.3.9 with Rails 8.0.2.1
  • PostgreSQL 12+
  • Redis for caching

Frontend

  • Vue 2.6.11
  • Bootstrap 4.4.1
  • Turbolinks 5.2.0

DevOps

  • Docker optimized images
  • GitHub Actions CI/CD
  • Kubernetes ready

Part of MITRE SAF

Vulcan is a core component of the MITRE Security Automation Framework (SAF), a comprehensive suite of tools designed to automate security validation and compliance checking.

Get Involved

📚 Documentation

Comprehensive guides for users and developers

Read the Docs →

🤝 Contributing

Help improve Vulcan with code, docs, or feedback

Contribution Guide →

💬 Community

Get help and discuss with other users

Join Discussions →

Part of the MITRE Security Automation Framework (SAF)