Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Threagile/threagile

Agile Threat Modeling Toolkit
https://github.com/Threagile/threagile

agile architecture cicd devsecops infosec risk-analysis risk-management security threagile threat-modeling

Last synced: about 1 month ago
JSON representation

Agile Threat Modeling Toolkit

Awesome Lists containing this project

README

        

# Threagile

[![Threagile Community Chat](https://badges.gitter.im/Threagile/community.svg)](https://gitter.im/Threagile/community)

#### Agile Threat Modeling Toolkit
Threagile (see [https://threagile.io](https://threagile.io) for more details) is an open-source toolkit for
agile threat modeling:

It allows to model an architecture with its assets in an agile fashion as a YAML file directly inside the IDE.
Upon execution of the Threagile toolkit all standard risk rules (as well as individual custom rules if present)
are checked against the architecture model.

#### Execution via Docker Container
The easiest way to execute Threagile on the commandline is via its Docker container:

docker run --rm -it threagile/threagile --help

_____ _ _ _
|_ _| |__ _ __ ___ __ _ __ _(_) | ___
| | | '_ \| '__/ _ \/ _` |/ _` | | |/ _ \
| | | | | | | | __/ (_| | (_| | | | __/
|_| |_| |_|_| \___|\__,_|\__, |_|_|\___|
|___/
Threagile - Agile Threat Modeling

Documentation: https://threagile.io
Docker Images: https://hub.docker.com/r/threagile/threagile
Sourcecode: https://github.com/threagile
License: Open-Source (MIT License)
Version: 1.0.0 (20231104141112)

Usage: threagile [options]

Options:

-background string
background pdf file (default "background.pdf")
-create-editing-support
just create some editing support stuff in the output directory
-create-example-model
just create an example model named threagile-example-model.yaml in the output directory
-create-stub-model
just create a minimal stub model named threagile-stub-model.yaml in the output directory
-custom-risk-rules-plugins string
comma-separated list of plugins (.so shared object) file names with custom risk rules to load
-diagram-dpi int
DPI used to render: maximum is 240 (default 120)
-execute-model-macro string
Execute model macro (by ID)
-generate-data-asset-diagram
generate data asset diagram (default true)
-generate-data-flow-diagram
generate data-flow diagram (default true)
-generate-report-pdf
generate report pdf, including diagrams (default true)
-generate-risks-excel
generate risks excel (default true)
-generate-risks-json
generate risks json (default true)
-generate-stats-json
generate stats json (default true)
-generate-tags-excel
generate tags excel (default true)
-generate-technical-assets-json
generate technical assets json (default true)
-ignore-orphaned-risk-tracking
ignore orphaned risk tracking (just log them) not matching a concrete risk
-list-model-macros
print model macros
-list-risk-rules
print risk rules
-list-types
print type information (enum values to be used in models)
-model string
input model yaml file (default "threagile.yaml")
-output string
output directory (default ".")
-print-3rd-party-licenses
print 3rd-party license information
-print-license
print license information
-server int
start a server (instead of commandline execution) on the given port
-skip-risk-rules string
comma-separated list of risk rules (by their ID) to skip
-verbose
verbose output
-version
print version

Examples:

If you want to create an example model (via docker) as a starting point to learn about Threagile just run:
docker run --rm -it -v "$(pwd)":/app/work threagile/threagile --create-example-model --output /app/work

If you want to create a minimal stub model (via docker) as a starting point for your own model just run:
docker run --rm -it -v "$(pwd)":/app/work threagile/threagile --create-stub-model --output /app/work

If you want to execute Threagile on a model yaml file (via docker):
docker run --rm -it -v "$(pwd)":/app/work threagile/threagile --verbose --model /app/work/threagile.yaml --output /app/work

If you want to run Threagile as a server (REST API) on some port (here 8080):
docker run --rm -it --shm-size=256m -p 8080:8080 --name threagile-server --mount 'type=volume,src=threagile-storage,dst=/data,readonly=false' threagile/threagile -server 8080

If you want to find out about the different enum values usable in the model yaml file:
docker run --rm -it threagile/threagile -list-types

If you want to use some nice editing help (syntax validation, autocompletion, and live templates) in your favourite IDE:
docker run --rm -it -v "$(pwd)":/app/work threagile/threagile --create-editing-support --output /app/work

If you want to list all available model macros (which are macros capable of reading a model yaml file, asking you questions in a wizard-style and then update the model yaml file accordingly):
docker run --rm -it threagile/threagile -list-model-macros

If you want to execute a certain model macro on the model yaml file (here the macro add-build-pipeline):
docker run --rm -it -v "$(pwd)":/app/work threagile/threagile --model /app/work/threagile.yaml --output /app/work --execute-model-macro add-build-pipeline