{"id":13841161,"url":"https://github.com/stevespringett/threatmodel-sdk","last_synced_at":"2025-07-09T22:35:03.469Z","repository":{"id":11735824,"uuid":"66680157","full_name":"stevespringett/threatmodel-sdk","owner":"stevespringett","description":"A Java library for parsing and programmatically using threat models","archived":false,"fork":false,"pushed_at":"2023-02-15T11:57:20.000Z","size":2026,"stargazers_count":79,"open_issues_count":10,"forks_count":24,"subscribers_count":17,"default_branch":"trunk","last_synced_at":"2025-06-19T16:54:39.814Z","etag":null,"topics":["appsec","java","java-library","sdk","secure-design","software-security","threat-model"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stevespringett.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-08-26T21:21:21.000Z","updated_at":"2024-10-15T19:42:22.000Z","dependencies_parsed_at":"2023-02-17T04:45:49.271Z","dependency_job_id":null,"html_url":"https://github.com/stevespringett/threatmodel-sdk","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/stevespringett/threatmodel-sdk","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stevespringett%2Fthreatmodel-sdk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stevespringett%2Fthreatmodel-sdk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stevespringett%2Fthreatmodel-sdk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stevespringett%2Fthreatmodel-sdk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stevespringett","download_url":"https://codeload.github.com/stevespringett/threatmodel-sdk/tar.gz/refs/heads/trunk","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stevespringett%2Fthreatmodel-sdk/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264504615,"owners_count":23618831,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","java","java-library","sdk","secure-design","software-security","threat-model"],"created_at":"2024-08-04T17:01:03.496Z","updated_at":"2025-07-09T22:35:03.453Z","avatar_url":"https://github.com/stevespringett.png","language":"Java","funding_links":[],"categories":["Java","Java (504)","Tools"],"sub_categories":[],"readme":"[![Build Status](https://github.com/stevespringett/threatmodel-sdk/workflows/Maven%20CI/badge.svg)](https://github.com/stevespringett/threatmodel-sdk/actions?workflow=Maven+CI)\n[![Codacy Badge](https://api.codacy.com/project/badge/Grade/a70de450d92041cf8966b88ab35230c2)](https://www.codacy.com/app/stevespringett/threatmodel-sdk?utm_source=github.com\u0026amp;utm_medium=referral\u0026amp;utm_content=stevespringett/threatmodel-sdk\u0026amp;utm_campaign=Badge_Grade)\n[![License](https://img.shields.io/badge/license-Apache%202.0-brightgreen.svg)][Apache 2.0]\n\nThreatModel SDK\n=====================================\n\nThe ThreatModel SDK is a minimalistic Java library that provides a basic \nvendor-neutral object model along with the ability to parse reports \ngenerated from common threat modeling tools.\n\nIntent and Purpose\n-------------------\n\nThe intent of the ThreatModel SDK is to represent threat model data in a\nnormalized way, regardless of approach, tool, or vendor. The primary \npurpose of the SDK is to facilitate the automation of threat model data\nby exfiltrating threat intelligence from the model so that identified \nthreats can be automatically added to a teams backlog or defect tracking\nsystem.\n\nThe goal of this project is NOT to graphically represent threat model \ndata through user interfaces. \n\nSupported Threat Modeling Tools\n-------------------\n\n* Microsoft Threat Modeling Tool 2016\n\nCompiling\n-------------------\n\n\u003e $ mvn clean package\n\nUsage Example\n-------------------\n```java\n// Threat model file to open\nFile file = new File(\"/path/to/threatmodel.tm7\");\n\n// Creates a normalized, vender-neutral ThreatModel object\nThreatModel threatModel = ThreatModelFactory\n    .parse(file, ThreatModelingTool.MICROSOFT_THREAT_MODELING_TOOL_2016);\n```\n\n```java\n// Java Bean conventions\nThreat threat = new Threat();\nthreat.setName(\"XSS\");\nthreat.setRisk(risk);\n\n// Fluent interface\nThreat threat = new Threat()\n  .name(\"XSS\")\n  .risk(risk);\n```\n\nMaven Usage\n-------------------\nThe Threatmodel SDK is available on the Maven Central Repository.\n\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003eus.springett\u003c/groupId\u003e\n    \u003cartifactId\u003ethreatmodel-sdk\u003c/artifactId\u003e\n    \u003cversion\u003e1.0.0\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\nCopyright \u0026 License\n-------------------\n\nThreatModel SDK is Copyright (c) Steve Springett. All Rights Reserved.\n\nAll other trademarks are property of their respective owners.\n\nPermission to modify and redistribute is granted under the terms of the [Apache 2.0] license.\n\n  [Apache 2.0]: http://www.apache.org/licenses/LICENSE-2.0.txt\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstevespringett%2Fthreatmodel-sdk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstevespringett%2Fthreatmodel-sdk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstevespringett%2Fthreatmodel-sdk/lists"}