Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Threagile/threagile
Agile Threat Modeling Toolkit
https://github.com/Threagile/threagile
agile architecture cicd devsecops infosec risk-analysis risk-management security threagile threat-modeling
Last synced: 3 months ago
JSON representation
Agile Threat Modeling Toolkit
- Host: GitHub
- URL: https://github.com/Threagile/threagile
- Owner: Threagile
- License: mit
- Created: 2020-08-04T10:47:17.000Z (almost 4 years ago)
- Default Branch: master
- Last Pushed: 2024-03-31T23:51:12.000Z (3 months ago)
- Last Synced: 2024-04-01T23:28:08.575Z (3 months ago)
- Topics: agile, architecture, cicd, devsecops, infosec, risk-analysis, risk-management, security, threagile, threat-modeling
- Language: Go
- Homepage: https://threagile.io
- Size: 3.56 MB
- Stars: 554
- Watchers: 31
- Forks: 116
- Open Issues: 26
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.txt
- Code of conduct: CODE_OF_CONDUCT.md
- Support: support/live-templates.txt
Lists
- awesome-hacking-lists - threagile - Agile Threat Modeling Toolkit (Go (531))
- awesome-devsecops-russia - Theagile
- awesome-threat-modelling - Threagile - Threagile is an open-source toolkit for agile threat modeling (Tools / Free tools)
- DevSecOps - https://github.com/Threagile/threagile - the-badge) | (Pre-commit time tools)
- awesome-threat-modelling - Threagile - Threagile is an open-source toolkit for agile threat modeling (Tools / Free tools)
- awesome-hacking-lists - threagile - Agile Threat Modeling Toolkit (Go)
- awesome-hacking-lists - Threagile/threagile - Agile Threat Modeling Toolkit (Go)
README
# Threagile
[](https://gitter.im/Threagile/community)
#### Agile Threat Modeling Toolkit
Threagile (see [https://threagile.io](https://threagile.io) for more details) is an open-source toolkit for
agile threat modeling:
It allows to model an architecture with its assets in an agile fashion as a YAML file directly inside the IDE.
Upon execution of the Threagile toolkit all standard risk rules (as well as individual custom rules if present)
are checked against the architecture model.
#### Execution via Docker Container
The easiest way to execute Threagile on the commandline is via its Docker container:
docker run --rm -it threagile/threagile help
_____ _ _ _
|_ _| |__ _ __ ___ __ _ __ _(_) | ___
| | | '_ \| '__/ _ \/ _` |/ _` | | |/ _ \
| | | | | | | | __/ (_| | (_| | | | __/
|_| |_| |_|_| \___|\__,_|\__, |_|_|\___|
|___/
Threagile - Agile Threat Modeling
Documentation: https://threagile.io
Docker Images: https://hub.docker.com/r/threagile/threagile
Sourcecode: https://github.com/threagile
License: Open-Source (MIT License)Version: 1.0.0 ()
Examples:
If you want to create an example model (via docker) as a starting point to learn about Threagile just run:
docker run --rm -it -v "$(pwd)":app/work threagile/threagile create-example-model -output app/work
If you want to create a minimal stub model (via docker) as a starting point for your own model just run:
docker run --rm -it -v "$(pwd)":app/work threagile/threagile create-stub-model -output app/work
If you want to execute Threagile on a model yaml file (via docker):
docker run --rm -it -v "$(pwd)":app/work threagile/threagile analyze-model -verbose -model -output app/work
If you want to execute Threagile in interactive mode (via docker):
docker run --rm -it -v "$(pwd)":app/work threagile/threagile -i -verbose -model -output app/work
If you want to run Threagile as a server (REST API) on some port (here 8080):
docker run --rm -it --shm-size=256m -p 8080:8080 --name --mount 'type=volume,src=threagile-storage,dst=/data,readonly=false' threagile/threagile server --server-port 8080
If you want to find out about the different enum values usable in the model yaml file:
docker run --rm -it threagile/threagile list-types
If you want to use some nice editing help (syntax validation, autocompletion, and live templates) in your favourite IDE: docker run --rm -it -v "$(pwd)":app/work threagile/threagile create-editing-support -output app/work
If you want to list all available model macros (which are macros capable of reading a model yaml file, asking you questions in a wizard-style and then update the model yaml file accordingly):
docker run --rm -it threagile/threagile list-model-macros
If you want to execute a certain model macro on the model yaml file (here the macro add-build-pipeline):
docker run --rm -it -v "$(pwd)":app/work threagile/threagile -model app/work/threagile.yaml -output app/work execute-model-macro add-build-pipeline
Usage:
threagile [flags]
threagile [command]
Available Commands:
analyze-model Analyze model
create-editing-support Create editing support
create-example-model Create example threagile model
create-stub-model Create stub threagile model
execute-model-macro Execute model macro
explain-model-macros Explain model macros
explain-risk-rules Detailed explanation of all the risk rules
explain-types Print type information (enum values to be used in models)
help Help about any command
list-model-macros Print model macros
list-risk-rules Print available risk rules
list-types Print type information (enum values to be used in models)
print-license Print license information
quit quit client
server Run server
Flags:
--app-dir string app folder (default "/app")
--background string background pdf file (default "background.pdf")
--config string config file
--custom-risk-rules-plugin string comma-separated list of plugins file names with custom risk rules to load
--diagram-dpi int DPI used to render: maximum is 300
--generate-data-asset-diagram generate data asset diagram (default true)
--generate-data-flow-diagram generate data flow diagram (default true)
--generate-report-pdf generate report pdf, including diagrams (default true)
--generate-risks-excel generate risks excel (default true)
--generate-risks-json generate risks json (default true)
--generate-stats-json generate stats json (default true)
--generate-tags-excel generate tags excel (default true)
--generate-technical-assets-json generate technical assets json (default true)
-h, --help help for threagile
--ignore-orphaned-risk-tracking ignore orphaned risk tracking (just log them) not matching a concrete risk
-i, --interactive interactive mode
--model string input model yaml file (default "threagile.yaml")
--output string output directory (default ".")
--plugin-dir string plugin folder location (default "/app")
--raa-run string RAA calculation run file name (default "raa_calc")
--skip-risk-rules string comma-separated list of risk rules (by their ID) to skip
--temp-dir string temporary folder location (default "/dev/shm")
-v, --verbose verbose output
--version version for threagile
Additional help topics:
threagile print-3rd-party-licenses Print 3rd-party license information
threagile version Get version information
Use "threagile [command] --help" for more information about a command.