📋
STIG Process Modeling
Manage the complete workflow between vendors and sponsors for STIG creation
VulcanSTIG-Ready Security Guidance
Streamline the creation of STIG documentation and InSpec validation profiles
Skip to content
Quick Start
Quick Test with Docker
bash
docker pull mitre/vulcan:latest
docker run -p 3000:3000 mitre/vulcan:latestFull Setup with Docker Compose
bash
# Clone the repository
git clone https://github.com/mitre/vulcan.git
cd vulcan
# Generate secure configuration
./setup-docker-secrets.sh
# Start the application stack
docker compose upLatest Release
Current Version
v2.3.1 - Released February 2026
DISA process documentation, SRG ID display, export improvements, and DRY refactors. View Release Notes →
Why Vulcan?
Vulcan bridges the gap between security requirements and practical implementation, enabling organizations to:
- Accelerate STIG Development: Reduce time from months to weeks
- Ensure Consistency: Maintain alignment with DISA standards
- Automate Validation: Generate InSpec profiles alongside documentation
- Collaborate Effectively: Built-in workflows for multi-team environments
- Track Compliance: Full audit trail and revision history
Technology Stack
Backend
- Ruby 3.4.9 with Rails 8.0.2.1
- PostgreSQL 18
Frontend
- Vue 2.7.16
- Bootstrap 4.6.2
- Turbolinks 5.2.0
DevOps
- Docker optimized images
- GitHub Actions CI/CD
- Kubernetes ready
Part of MITRE SAF
Vulcan is a core component of the MITRE Security Automation Framework (SAF), a comprehensive suite of tools designed to automate security validation and compliance checking.
InSpec
Compliance automation framework
Heimdall
Security results visualization
SAF CLI
Command-line security tools