Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mozilla/seasponge

:pineapple: SeaSponge is an accessible threat modelling tool from Mozilla
https://github.com/mozilla/seasponge

mozilla threat-model

Last synced: 3 months ago
JSON representation

:pineapple: SeaSponge is an accessible threat modelling tool from Mozilla

Host: GitHub
URL: https://github.com/mozilla/seasponge
Owner: mozilla
License: mpl-2.0
Archived: true
Created: 2014-08-04T19:43:51.000Z (over 10 years ago)
Default Branch: master
Last Pushed: 2018-04-16T17:36:34.000Z (over 6 years ago)
Last Synced: 2024-05-22T17:16:11.570Z (6 months ago)
Topics: mozilla, threat-model
Language: CoffeeScript
Homepage: http://mozilla.github.io/seasponge/
Size: 1.25 MB
Stars: 274
Watchers: 37
Forks: 65
Open Issues: 26
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

awesome-threat-modeling - Mozilla Seasponge

README

        [SeaSponge](https://github.com/mozilla/seasponge)

=========

 [![No Maintenance Intended](http://unmaintained.tech/badge.svg)](http://unmaintained.tech/)

 [![Build Status](https://travis-ci.org/mozilla/seasponge.svg)](https://travis-ci.org/mozilla/seasponge)

> SeaSponge is an accessible web-based threat modeling tool developed for [Mozilla Winter of Security 2014](https://wiki.mozilla.org/Security/Automation/WinterOfSecurity2014).

-----

## About

This web-based application is being developed with three characteristics in mind:

- **Accessibility**: We want everyone to be able to map out their infrastructures and generate security reports on any operating-system and on any browser.

- **Aesthetics**: We're tired of clunky, boring interfaces - we want to bring the pizazz into threat-modeling.

- **Intuitive User-Experience**: We hate manuals, and we want you to be able to use this software without one.

Please see http://mozilla.github.io/seasponge/ for a live demo of the application.  

There is also a video on Air Mozilla available at https://air.mozilla.org/mozilla-winter-of-security-seasponge-a-tool-for-easy-threat-modeling/

### Example Threat Model developed with SeaSponge

Here is a share link for the SeaSponge threat model we developed in our [Air Mozilla demo video](https://air.mozilla.org/mozilla-winter-of-security-seasponge-a-tool-for-easy-threat-modeling/): http://goo.gl/Q8mt0T

### Usage

See our [`Usage` page in our Wiki](https://github.com/mozilla/seasponge/wiki/Usage) for more details.

![usage_demo](https://cloud.githubusercontent.com/assets/5893112/6827282/55cf9060-d2e5-11e4-802f-7663719ee873.gif)

## Authors

- [Mathew Kallada](https://github.com/kallada)

- [Glavin Wiechert](https://github.com/Glavin001)

- [Joel Kuntz](https://github.com/Frozenfire92)

- [Sarah MacDonald](https://github.com/rainbee2214)

With Mozilla Advisor [Curtis Koenig](https://mozillians.org/en-US/u/curtisk/)

and Professor [Dr. Pawan Lingras](http://cs.stmarys.ca/~pawan/)

## Contributing

Please see our [Contributing Guidelines](CONTRIBUTING.md)

#### Dependencies

You may need to prefix commands with `sudo`

- [Node.js](http://nodejs.org/) 

  - [Bower](http://bower.io/) `npm install -g bower`

  - [Grunt](http://gruntjs.com/) `npm install -g grunt-cli`

  - [Yeoman](http://yeoman.io/) `npm install -g yo`

    - [AngularJS Generator](https://github.com/yeoman/generator-angular) `npm install -g generator-angular`

- [Ruby](https://www.ruby-lang.org/en/installation/)

  - Linux users may also need `ruby-dev` via `sudo apt-get install ruby-dev`

  - [Sass](http://sass-lang.com/install) `gem install sass`

  - [Compass](http://compass-style.org/install/) >=0.12.2 `gem install compass`

After forking and cloning the repository in the location of your choice run the following commands to install your [Node.js](http://nodejs.org/) and [Bower](http://bower.io/) dependencies.

On Debian and Ubuntu-based platforms, the nodejs-legacy package must be installed along with nodejs and npm using apt-get in order to fix a naming conflict that will otherwise prevent some packages from building and running correctly, as explained in [/usr/share/doc/nodejs/README.Debian] (http://apt-browse.org/browse/ubuntu/trusty/universe/i386/nodejs/0.10.25~dfsg2-2ubuntu1/file/usr/share/doc/nodejs/README.Debian)

```bash

npm install

bower install

```

#### Building

Once you have the application and dependencies installed you can start building the app.

```bash

# Previews the app on a local server

grunt serve

# Builds the application to dist/

grunt build

```

#### Documentation

```bash

# Build docs to docs/

grunt docs

# Build docs and serve docs/ for web browser

grunt serve:docs

```

#### Developing

Please see the [Development Guide](DEVGUIDE.md)

## Links

- [Mozilla Wiki Page](https://wiki.mozilla.org/Security/Mentorships/MWoS/2014/online_threat_modeling_tool)

- [GitHub Project Wiki](https://github.com/mozilla/seasponge/wiki)