Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/hupe1980/cdk-threagile
Agile Threat Modeling as Code
https://github.com/hupe1980/cdk-threagile
appsec cdk cdktg constructs devsecops modeling stride threagile threat
Last synced: 6 days ago
JSON representation
Agile Threat Modeling as Code
- Host: GitHub
- URL: https://github.com/hupe1980/cdk-threagile
- Owner: hupe1980
- License: mit
- Created: 2022-06-17T10:34:17.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-06-30T17:17:08.000Z (over 2 years ago)
- Last Synced: 2024-11-28T17:12:20.878Z (15 days ago)
- Topics: appsec, cdk, cdktg, constructs, devsecops, modeling, stride, threagile, threat
- Language: TypeScript
- Homepage:
- Size: 608 KB
- Stars: 12
- Watchers: 3
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-cdk - cdktg - Agile Threat Modeling as Code. (Related Projects / Multi-accounts setup)
- awesome-cdk - cdktg - Agile Threat Modeling as Code. (Related Projects / Multi-accounts setup)
README
# cdk-threagile (cdktg)
![Build](https://github.com/hupe1980/cdk-threagile/workflows/build/badge.svg)
![Release](https://github.com/hupe1980/cdk-threagile/workflows/release/badge.svg)
> Agile Threat Modeling as CodeCDK Constructs for [threagile](https://threagile.io/)
## Installation
TypeScript/JavaScript:```bash
npm i cdktg
```Python:
```bash
pip install cdktg
```## How to use
Initialize a project:```bash
mkdir threagile
cd threagile
cdktg init
```### Threat Model written in typescript:
```typescript
// threagile.tsconst project = new Project();
const model = new Model(project, 'Model Stub', {
title: 'Model Stub',
version: '1.0.0',
date: '2020-03-31',
author: new Author({
name: 'John Doe',
}),
businessCriticality: BusinessCriticality.IMPORTANT,
});const someData = new DataAsset(model, 'Some Data Asset', {
description: 'Some Description',
usage: Usage.BUSINESS,
origin: 'Some Origin',
owner: 'Some Owner',
quantity: Quantity.MANY,
ciaTriad: new CIATriad({
confidentiality: Confidentiality.CONFIDENTIAL,
integrity: Integrity.CRITICAL,
availability: Availability.OPERATIONAL,
}),
});const someTrustBoundary = new TrustBoundary(model, 'Some Trust Boundary', {
description: 'Some Description',
type: TrustBoundaryType.NETWORK_DEDICATED_HOSTER,
});const someTechnicalAsset = new TechnicalAsset(model, 'Some Technical Asset', {
trustBoundary: someTrustBoundary,
description: 'Some Description',
type: TechnicalAssetType.PROCESS,
usage: Usage.BUSINESS,
humanUse: false,
size: Size.COMPONENT,
technology: Technology.WEB_SERVICE_REST,
internet: false,
machine: Machine.VIRTUAL,
encryption: Encryption.NONE,
owner: 'Some Owner',
ciaTriad: new CIATriad({
confidentiality: Confidentiality.CONFIDENTIAL,
integrity: Integrity.CRITICAL,
availability: Availability.CRITICAL,
}),
multiTenant: false,
redundant: true,
});someTechnicalAsset.processes(someData);
const someOtherTechnicalAsset = new TechnicalAsset(model, 'Some Other Technical Asset', {
description: 'Some Description',
type: TechnicalAssetType.PROCESS,
usage: Usage.BUSINESS,
humanUse: false,
size: Size.COMPONENT,
technology: Technology.WEB_SERVICE_REST,
tags: ['some-tag', 'some-other-tag'],
internet: false,
machine: Machine.VIRTUAL,
encryption: Encryption.NONE,
owner: 'Some Owner',
ciaTriad: new CIATriad({
confidentiality: Confidentiality.CONFIDENTIAL,
integrity: Integrity.IMPORTANT,
availability: Availability.IMPORTANT,
}),
multiTenant: false,
redundant: true,
});someOtherTechnicalAsset.processes(someData);
const someTraffic = someTechnicalAsset.communicatesWith('Some Traffic', someOtherTechnicalAsset, {
description: 'Some Description',
protocol: Protocol.HTTPS,
authentication: Authentication.NONE,
authorization: Authorization.NONE,
vpn: false,
ipFiltered: false,
readonly: false,
usage: Usage.BUSINESS,
});someTraffic.sends(someData);
const someSharedRuntime = new SharedRuntime(model, "Some Shared Runtime", {
description: "Some Description",
});someSharedRuntime.runs(someTechnicalAsset, someOtherTechnicalAsset);
project.synth();
```### High level constructs (cdktg/plus*)
```typescript
import { ApplicationLoadBalancer, Cloud } from "cdktg/plus-aws";// ...
const alb = new ApplicationLoadBalancer(model, "ALB", {
waf: true,
ciaTriad: new CIATriad({
availability: Availability.CRITICAL,
integrity: Integrity.IMPORTANT,
confidentiality: Confidentiality.CONFIDENTIAL,
}),
});const cloud = new Cloud(model, "AWS-Cloud");
cloud.addTechnicalAssets(alb);
// ...
```### cdktg CLI commands:
A running thragile rest api server is required for the CLI. The URL can be passed by parameter `url` or environment variable `CDKTG_THREAGILE_BASE_URL`.The examples can be used with the [threagile playground](https://run.threagile.io/)
```sh
cdktg [command]Commands:
cdktg init create a new cdk-threagile project
cdktg synth synthesize the models
cdktg ping ping the api
cdktg check check the models
cdktg analyze analyze the models
cdktg completion generate completion scriptOptions:
--help Show help [boolean]
--version Show version number [boolean]
```
### Analyze outputs:
```sh
dist
└── ModelStub
├── data-asset-diagram.png
├── data-flow-diagram.png
├── report.pdf
├── risks.json
├── risks.xlsx
├── stats.json
├── tags.xlsx
├── technical-assets.json
└── threagile.yaml
```## Examples
See more complete [examples](https://github.com/hupe1980/cdk-threagile-examples).
## License[MIT](LICENSE)