Cairn documentation — Snipe-IT reconciliation setup
Everything you need to connect your tools and keep your asset system of record honest.
Getting started / Setup
Cairn pulls device records from the tools that already manage your fleet and reconciles them into one system of record. You can get a first dry run going in a few minutes. Cairn is free and open source (AGPL-3.0) — self-host it yourself, at no cost, forever.
1. Get Cairn
Cairn is free and open source: clone github.com/jsdosanj/cairn, build the binary or grab a release, and run it on your own infrastructure under the AGPL-3.0 — no account, no license key required.
2. Install the binary & generate a config
Install Cairn from GitHub —
download a release binary or build from source (see
Install) — then create a starter config with
cairn init > cairn.yaml. The config declares your sources, your
sink (system of record), and notifications.
3. Connect your sources
Add each MDM or EDR you run — Jamf Pro, Microsoft Intune, Kandji,
JumpCloud, Google Workspace (ChromeOS), CrowdStrike Falcon, Sophos
Central, Defender for Endpoint, and more — under sources.
Supply each source's base URL and credentials via environment variables,
and give it a trust score that decides which tool wins
field-by-field when records disagree.
4. Point Cairn at your system of record
Set your sink to Snipe-IT and give it your instance URL and
an API token. Cairn matches devices across sources by serial number,
merges them by trust priority, and writes the reconciled record into
Snipe-IT — then pushes the resulting asset tag back to your MDM so both
sides agree.
5. Dry-run, then sync
Always preview first: cairn sync --dry-run shows every
create, update, and conflict resolution without writing anything. When
the plan looks right, drop the flag to apply it. Wire up Slack, Microsoft
Teams, or a generic webhook under notify so your team sees
each run, and schedule it (cron or your orchestrator) to keep inventory
honest automatically.
Frequently asked questions
Short answers to the things teams ask most.
What is Cairn for?
Cairn keeps your IT asset system of record matching reality. It reads device inventory from the MDM and EDR tools that already manage your fleet, reconciles overlapping records, and writes one clean, trustworthy record per machine — so you stop guessing what you actually own.
How does reconciliation work?
Cairn matches records for the same physical machine across tools by
serial number, then merges them field-by-field using the
trust score you assign each source. Higher trust wins on
conflict, so (for example) you can let Jamf own hardware fields while
CrowdStrike owns last-seen data.
Which tools does Cairn integrate with?
Sources include Jamf Pro, Microsoft Intune, Kandji, JumpCloud, Google Workspace (ChromeOS), CrowdStrike Falcon, Sophos Central, Microsoft Defender for Endpoint, Apple Business Manager, UniFi, CDW, and Rudder. Snipe-IT is the supported system of record, and notifications go to Slack, Microsoft Teams, or a generic webhook.
How do I import existing data, and can I export it?
There's nothing to import manually — Cairn pulls live device data directly from your connected sources on every run. Your reconciled records live in your Snipe-IT system of record, which you fully own and can export at any time through Snipe-IT's own API and CSV export.
Will Cairn overwrite my data without warning?
No. Run cairn sync --dry-run to preview every create,
update, and conflict resolution before a single write hits your system
of record. Only when you drop the flag does Cairn apply changes.
How do permissions and credentials work?
Cairn talks to each tool with its own scoped API credentials — ideally read-only on sources and write-scoped only on your system of record. Secrets are supplied via environment variables (never committed to config), connections are HTTPS-only, config files are permission-checked, and serial numbers are masked in logs.
Can I search and review what changed?
Every run produces a summary of matched, new, and conflict-resolved devices, delivered to your notification channel. You can search and filter the reconciled records themselves in Snipe-IT by serial, asset tag, model, or source.
Where does Cairn run?
Cairn is a single cross-platform binary for macOS, Windows, and Linux. Run it in fleet mode centrally to reconcile the whole estate, or in agent mode on each endpoint to sync that one machine. It fits cleanly into cron jobs and CI/orchestration pipelines.
Is Cairn open source?
Yes. Cairn is free and open source, released under the AGPL-3.0 — the same license as Snipe-IT, which Cairn integrates with. You can self-host it at no cost, forever, from GitHub. There are no paid tiers, no seat limits, and no license keys.
How much does Cairn cost?
Nothing. Cairn is free and open source (AGPL-3.0), forever. There are no paid tiers, no seat limits, and no license keys — see the pricing page.
Can I add a tool you don't list?
Cairn's provider model lets new MDM and EDR sources be added without changing the core engine. Since Cairn is open source, you can build a provider yourself or request one on GitHub.
Support
Stuck on a setup step, a connector, or a conflict? We're happy to help.
Get support
Reach the Cairn maintainer through the contact form and we'll get back to you.
Community & bug reports
Self-hosting the open-source build? File bugs and feature requests, or browse existing discussion, on GitHub issues.