Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/abhaybhargav/tmdl
An attempt at creating a unifying Threat Model Definition Language using a declarative syntax with cuelang
https://github.com/abhaybhargav/tmdl
cuelang desired-state-configuration infrastructure-as-code security-architecture security-tools threatmodeling
Last synced: 3 months ago
JSON representation
An attempt at creating a unifying Threat Model Definition Language using a declarative syntax with cuelang
- Host: GitHub
- URL: https://github.com/abhaybhargav/tmdl
- Owner: abhaybhargav
- Created: 2021-09-05T05:15:19.000Z (about 3 years ago)
- Default Branch: master
- Last Pushed: 2021-09-05T05:15:54.000Z (about 3 years ago)
- Last Synced: 2024-06-15T04:36:54.434Z (5 months ago)
- Topics: cuelang, desired-state-configuration, infrastructure-as-code, security-architecture, security-tools, threatmodeling
- Homepage:
- Size: 6.84 KB
- Stars: 8
- Watchers: 5
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-cue - tmdl - Threat Model Definition Language using a declarative syntax with CUE. (Projects)
README
## Threat Model Definition Language - TMDL
> An attempt at creating a unifying Threat Model Definition Language using a declarative syntax with cuelang
### Existing Problems with Threat Modeling as Code
* Currently Threat Modeling can be composed in programming languages like Python (pytm) or in declarative syntax like YAML (ThreatPlaybook). YAML is painful to work with owing to whitespace and indentation issues. Using imperative techniques to define threat models with programming languages adds an signficant entry barrier to practitioners and does not engender "desired state" with simple declarations
* Hard to understand functions and keywords, making it harder to compose threat models.
* Hard to enforce constraints with existing formats
* Cannot be evaluated against multiple formats. Single format ensures that composition and parsing happens in that single format### Problems that this project aims to solve
* Provide a consistent, declarative definition syntax using cuelang, which is more purpose-built for this and similar use-cases
* Capture multiple facets of data related to a Threat Model. Not only Features, but components, security requirements, etc.
* Enforcing constraints based on a single unified schema across all objects
* Import from JSON, YAML using cuelang
* Easily parsed and evaled in multiple formats including JSON, YAML from cue directly### TODOs
Please refer to project info for TODO list