// the find
nsacyber/WALKOFF
A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber
WALKOFF is NSA's open-source security automation platform — think n8n or StackStorm but built with a government SOC in mind. It gives you a drag-and-drop workflow editor to chain together custom Python apps, schedule them, and visualize results on dashboards. The target user is a sysadmin or security engineer who wants to automate repetitive ops tasks without writing a full orchestration system from scratch.
The app model is genuinely well-designed: each integration is an isolated Docker container with a YAML API spec, so adding a new tool doesn't touch the core. The dual-stack architecture (FastAPI backend + Angular frontend, both containerized) is cleaner than most comparable tools. Coming from NSA's cyber directorate means the security posture baked in — RBAC, JWT auth, HMAC-signed execution tokens — is more thought-through than typical open-source automation projects. The workflow editor supports conditional branching and transforms, not just linear pipelines.
The project has been dead since December 2022 — no commits in over three years, and the community subreddit link in the README goes to a 2020 event. The Angular frontend ships pre-built dist files in git, which is a red flag for maintainability and supply chain hygiene. The Docker Swarm requirement is dated; anyone starting today would reach for Compose alone or Kubernetes, and Swarm-specific behavior (secrets, overlay networks) adds friction for local dev. Documentation is sparse beyond setup — there's no meaningful guidance on writing production-grade apps or handling failure modes in long-running workflows.