Vulcan

Appearance

VulcanSTIG-Ready Security Guidance

Streamline the creation of STIG documentation and InSpec validation profiles

Get Started
Try Production
View on GitHub
Vulcan — the Plan pillar of MITRE SAF

STIG Process Modeling

Manage the complete workflow between vendors and sponsors for STIG creation

InSpec Integration

Write and test validation code locally or across SSH, AWS, and Docker targets

Control Management

Track control status, revision history, and relationships between requirements

Collaborative Authoring

Multiple authors can work on control sets with built-in review workflows

Cross-Reference STIGs

Look up related controls across all published STIGs for consistency

Enterprise Security

Database encryption, flexible authentication with OIDC, LDAP, and GitHub

Quick Start

Quick Test with Docker

bash
docker pull mitre/vulcan:latest
docker run -p 3000:3000 mitre/vulcan:latest

Full Setup with Docker Compose

bash
# Clone the repository
git clone https://github.com/mitre/vulcan.git
cd vulcan

# Generate secure configuration
./setup-docker-secrets.sh

# Start the application stack
docker compose up

Latest Release

Current Version

v2.3.7 - Released May 2026

Component-level comments via polymorphic reviews, project-aggregate disposition matrix CSV export, "Comment" toolbar button rename, replies allowed on active threads after a comment period closes. View Release Notes →

Why Vulcan?

Vulcan bridges the gap between security requirements and practical implementation, enabling organizations to:

  • Accelerate STIG Development: Reduce time from months to weeks
  • Ensure Consistency: Maintain alignment with DISA standards
  • Automate Validation: Generate InSpec profiles alongside documentation
  • Collaborate Effectively: Built-in workflows for multi-team environments
  • Track Compliance: Full audit trail and revision history

Technology Stack

Backend

  • Ruby 3.4.9 with Rails 8.0.2.1
  • PostgreSQL 18

Frontend

  • Vue 2.7.16
  • Bootstrap 4.6.2
  • Turbolinks 5.2.0

DevOps

  • Docker optimized images
  • GitHub Actions CI/CD
  • Kubernetes ready

Part of MITRE SAF

Vulcan is a core component of the MITRE Security Automation Framework (SAF), a comprehensive suite of tools designed to automate security validation and compliance checking.

InSpec

Compliance automation framework

Heimdall

Security results visualization

SAF CLI

Command-line security tools

Get Involved

Documentation

Comprehensive guides for users and developers

Read the Docs →

Contributing

Help improve Vulcan with code, docs, or feedback

Contribution Guide →

Community

Get help and discuss with other users

Join Discussions →

Part of the MITRE Security Automation Framework (SAF)

Copyright © 2025 MITRE Corporation