I'm building security-check(https://github.com/idlework/security-check), a fast and open source CLI tool to audit your macOS security settings.

After reading several blogs about macOS security, I wondered how secure my own Mac actually was. To my surprise after searching for a simple CLI tool I could not find any good or maintained tools. I did find more complex tools: Lynis felt too enterprise-heavy, mSCP is designed for fleet management, and the GUI tools don't fit into a developer workflow. So I built security-check to have a quick way to check whether my Mac's security settings were actually configured well.

What it does: scans ~40 macOS security settings (FileVault, Firewall, Gatekeeper, SIP, etc.), gives you a letter grade, and outputs JSON if you want to pipe it somewhere. The --diff flag lets you track what changed between runs. Runs in under 5 seconds, zero dependencies, and single binary.

This is my first public Rust project, so I'd genuinely appreciate feedback on the code, idiomatic improvements, architecture, anything really. And if you have ideas for checks that should be included, I'd love to hear them so I can add them to the list.

If you find it useful, a star on the repository helps others discover it too.

Thanks for checking it out