github.com/fadiguezel/threagile-mobile
Threagile (see https://threagile.io for more details) is an open-source toolkit for agile threat modeling:
It allows to model an architecture with its assets in an agile fashion as a YAML file directly inside the IDE. Upon execution of the Threagile toolkit all standard risk rules (as well as individual custom rules if present) are checked against the architecture model.
The easiest way to execute Threagile on the commandline is via its Docker container:
docker run --rm -it threagile/threagile
_____ _ _ _
|_ _| |__ _ __ ___ __ _ __ _(_) | ___
| | | '_ \| '__/ _ \/ _` |/ _` | | |/ _ \
| | | | | | | | __/ (_| | (_| | | | __/
|_| |_| |_|_| \___|\__,_|\__, |_|_|\___|
|___/
Threagile - Agile Threat Modeling
Documentation: https://threagile.io
Docker Images: https://hub.docker.com/r/threagile
Sourcecode: https://github.com/threagile
License: Open-Source (MIT License)
Usage: threagile [options]
Options:
-background string
background pdf file (default "background.pdf")
-create-editing-support
just create some editing support stuff in the output directory
-create-example-model
just create an example model named threagile-example-model.yaml in the output directory
-create-stub-model
just create a minimal stub model named threagile-stub-model.yaml in the output directory
-custom-risk-rules-plugins string
comma-separated list of plugins (.so shared object) file names with custom risk rules to load
-diagram-dpi int
DPI used to render: maximum is 240 (default 120)
-execute-model-macro string
Execute model macro (by ID)
-generate-data-asset-diagram
generate data asset diagram (default true)
-generate-data-flow-diagram
generate data-flow diagram (default true)
-generate-report-pdf
generate report pdf, including diagrams (default true)
-generate-risks-excel
generate risks excel (default true)
-generate-risks-json
generate risks json (default true)
-generate-stats-json
generate stats json (default true)
-generate-tags-excel
generate tags excel (default true)
-generate-technical-assets-json
generate technical assets json (default true)
-ignore-orphaned-risk-tracking
ignore orphaned risk tracking (just log them) not matching a concrete risk
-list-model-macros
print model macros
-list-risk-rules
print risk rules
-list-types
print type information (enum values to be used in models)
-model string
input model yaml file (default "threagile.yaml")
-output string
output directory (default ".")
-print-3rd-party-licenses
print 3rd-party license information
-print-license
print license information
-raa-plugin string
RAA calculation plugin (.so shared object) file name (default "raa.so")
-server int
start a server (instead of commandline execution) on the given port
-skip-risk-rules string
comma-separated list of risk rules (by their ID) to skip
-verbose
verbose output
-version
print version
Examples:
If you want to create an example model (via docker) as a starting point to learn about Threagile just run:
docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -create-example-model -output /app/work
If you want to create a minimal stub model (via docker) as a starting point for your own model just run:
docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -create-stub-model -output /app/work
If you want to execute Threagile on a model yaml file (via docker):
docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -verbose -model /app/work/threagile.yaml -output /app/work
If you want to run Threagile as a server (REST API) on some port (here 8080):
docker run --rm -it --shm-size=256m -p 8080:8080 --name threagile-server --mount 'type=volume,src=threagile-storage,dst=/data,readonly=false' threagile/threagile -server 8080
If you want to find out about the different enum values usable in the model yaml file:
docker run --rm -it threagile/threagile -list-types
If you want to use some nice editing help (syntax validation, autocompletion, and live templates) in your favourite IDE:
docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -create-editing-support -output /app/work
If you want to list all available model macros (which are macros capable of reading a model yaml file, asking you questions in a wizard-style and then update the model yaml file accordingly):
docker run --rm -it threagile/threagile -list-model-macros
If you want to execute a certain model macro on the model yaml file (here the macro add-build-pipeline):
docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -model /app/work/threagile.yaml -output /app/work -execute-model-macro add-build-pipeline
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.