Santa Application Control
ToolSanta is a binary authorization and monitoring system for macOS that allows or denies process execution based on certificate, hash, or path rules. Originally created by Google, Santa is now maintained by Northpole Security after Google archived the project in February 2025. The actively maintained fork continues to receive regular updates and remains the go-to open-source application control solution for macOS.
Key Features
Resources
Videos
Santa's Little Helper: Manage Mac Security with osquery
Harrison Ravazzolo's quick talk from MacDevOpsYVR 2025 pairs Santa's binary authorization muscle with osquery's visibility superpowers, creating a one-two punch for macOS endpoint security. In just over six minutes, you'll see how allowlisting and real-time querying work together to keep unauthorized software off your machines while giving you full forensic visibility. It's naughty-or-nice enforcement with receipts.
More in macOS Workstations
- macOS Security Compliance Project
- Santa Application Control
- macOS Hardening & Baseline Service