Smithy

Smithy is a workflow engine for security tooling powered by smithy.security that automates security teams' frameworks built on top of Open Cybersecurity Schema Framework.

Links

• Architecture: understand how Smithy works
• SDK: build your custom security tooling on top of Smithy. Example.
• Smithyctl: CLI to build and execute workflows
• Blog
• Smithy at AppSecDublin: slides and video
• Smithy at State Of Open Conf UK 2025: slides and video

Getting Started

Prerequisites

• Go
• Docker
• Install Smithy with go install github.com/smithy-security/smithy/smithyctl@latest

Execute a workflow

Clone this repository git clone https://github.com/smithy-security/smithy.git and run the following command from within it:

smithyctl workflow run --build-component-images=true examples/golang/workflow.yaml

Check the findings in the logs.

Developing and publishing a component

Please check the docs over here

Contacts

Join our Discord server to get support and ask questions.