Lock down company Macs so only approved software can run, blocking malware or unauthorized apps automatically.
Audit what programs are running across a fleet of machines before rolling out stricter security policies.
Centrally manage allow and block rules across many computers from a single sync server.
Allow all software from a trusted developer certificate without needing a rule for every version they release.
| google/santa | khronosgroup/moltenvk | facebook/componentkit | |
|---|---|---|---|
| Stars | 4,515 | 5,621 | 5,764 |
| Language | Objective-C++ | Objective-C++ | Objective-C++ |
| Setup difficulty | hard | hard | moderate |
| Complexity | 4/5 | 4/5 | 4/5 |
| Audience | ops devops | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires macOS system-level permissions and a kernel extension. Organizations need a sync server for fleet management. Note: Google archived this project in 2025, consider northpolesec/santa for active support.
Santa is a security tool for macOS that controls which programs are allowed to run on a computer. It sits at the operating system level and intercepts every attempt to execute a file, then checks that file against a set of rules before deciding whether to allow or block it. A notification is shown to the user if something is blocked. The tool has two operating modes. In the default monitor mode, almost everything is allowed to run, but all executions are logged. This is useful for learning what software runs on a machine before applying stricter controls. In lockdown mode, only explicitly approved software is allowed to run and everything else is blocked by default. Rules can be written in several ways. The most specific is a hash-based rule that matches one exact version of a file. A broader option is a certificate-based rule, which allows or blocks any program signed by a particular developer certificate. This means a rule covers all versions of a piece of software as long as it is still signed by the same company. There are also path-based rules using regular expressions, which have the lowest priority when multiple rules apply. For organizations managing many machines, Santa includes a sync mechanism that lets a central server push rule updates to all managed computers and collect logs of what has run. Several open-source sync server options exist for this purpose. Santa is designed as one layer in a broader security approach, not a complete solution on its own. It does not protect against dynamically loaded code libraries, and it does not apply rules to scripts, only to compiled binaries. As of 2025, Google is no longer maintaining this project. The README points users toward an actively maintained fork at northpolesec/santa.
Santa is a macOS security tool that controls which programs can run on a computer by intercepting every execution attempt and checking it against allow or block rules, useful for IT teams locking down managed machines.
Mainly Objective-C++. The stack also includes Objective-C++, macOS, kernel extension.
Open source license, free to use and modify. The project is archived, active development continues at the northpolesec/santa fork.
Setup difficulty is rated hard, with roughly 1day+ to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.