All Projects → Threagile → Threagile

Threagile / Threagile

Licence: mit
Agile Threat Modeling Toolkit

Programming Languages

go
31211 projects - #10 most used programming language

Projects that are alternatives of or similar to Threagile

Holisticinfosec For Webdevelopers Fascicle0
📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚
Stars: ✭ 37 (-77.16%)
Mutual labels:  agile, infosec, devsecops
Docker Security Images
🔐 Docker Container for Penetration Testing & Security
Stars: ✭ 172 (+6.17%)
Mutual labels:  infosec, devsecops
kanban-board
Single-click full-stack application (Postgres, Spring Boot & Angular) using Docker Compose
Stars: ✭ 138 (-14.81%)
Mutual labels:  agile, docker-container
introspector
A schema and set of tools for using SQL to query cloud infrastructure.
Stars: ✭ 61 (-62.35%)
Mutual labels:  infosec, devsecops
reconmap
Vulnerability assessment and penetration testing automation and reporting platform for teams.
Stars: ✭ 242 (+49.38%)
Mutual labels:  infosec, devsecops
Faraday
Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+1874.07%)
Mutual labels:  infosec, devsecops
Sbt Dependency Check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (+15.43%)
Mutual labels:  infosec, devsecops
Application Security Engineer Interview Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (+64.81%)
Mutual labels:  infosec, devsecops
Purify
All-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: ✭ 72 (-55.56%)
Mutual labels:  infosec, devsecops
Terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Stars: ✭ 2,687 (+1558.64%)
Mutual labels:  devsecops, architecture
Javainterview
最全的Java技术知识点,以及Java源码分析。为开源贡献自己的一份力。
Stars: ✭ 154 (-4.94%)
Mutual labels:  architecture
Run Aspnetcore Cqrs
Real world Enterprise CRM application example of ASP.NET Core + Angular web application. Implemented CQRS Design Pattern for ASP.NET Core + Angular reference application, demonstrating a layered application architecture with DDD best practices. Download 100+ page eBook PDF from here ->
Stars: ✭ 152 (-6.17%)
Mutual labels:  architecture
Bmw Tensorflow Inference Api Cpu
This is a repository for an object detection inference API using the Tensorflow framework.
Stars: ✭ 158 (-2.47%)
Mutual labels:  docker-container
Python Clean Architecture
A Python toolkit for applications driven by The Clean Architecture
Stars: ✭ 159 (-1.85%)
Mutual labels:  architecture
Karma
Find leaked emails with your passwords
Stars: ✭ 154 (-4.94%)
Mutual labels:  infosec
Slack Watchman
Monitoring your Slack workspaces for sensitive information
Stars: ✭ 159 (-1.85%)
Mutual labels:  infosec
Vue Django Rest Auth
An example project featuring Vue.js and Django Rest Framework using django-rest-auth
Stars: ✭ 153 (-5.56%)
Mutual labels:  architecture
Genealogy
Laravel 8 and Vue family tree and genealogy data processing website.
Stars: ✭ 153 (-5.56%)
Mutual labels:  docker-container
Silicon Info
Mac menu bar tool to view the architecture of the running application
Stars: ✭ 153 (-5.56%)
Mutual labels:  architecture
Yarch
YARCH iOS Architecture
Stars: ✭ 161 (-0.62%)
Mutual labels:  architecture

Threagile

Threagile Community Chat

Agile Threat Modeling Toolkit

Threagile (see https://threagile.io for more details) is an open-source toolkit for agile threat modeling:

It allows to model an architecture with its assets in an agile fashion as a YAML file directly inside the IDE. Upon execution of the Threagile toolkit all standard risk rules (as well as individual custom rules if present) are checked against the architecture model.

Execution via Docker Container

The easiest way to execute Threagile on the commandline is via its Docker container:

docker run --rm -it threagile/threagile


  _____ _                          _ _      
 |_   _| |__  _ __ ___  __ _  __ _(_) | ___ 
   | | | '_ \| '__/ _ \/ _` |/ _` | | |/ _ \
   | | | | | | | |  __/ (_| | (_| | | |  __/
   |_| |_| |_|_|  \___|\__,_|\__, |_|_|\___|
                             |___/        
Threagile - Agile Threat Modeling


Documentation: https://threagile.io
Docker Images: https://hub.docker.com/r/threagile
Sourcecode: https://github.com/threagile
License: Open-Source (MIT License)    

Usage: threagile [options]


Options:

  -background string
        background pdf file (default "background.pdf")
  -create-editing-support
        just create some editing support stuff in the output directory
  -create-example-model
        just create an example model named threagile-example-model.yaml in the output directory
  -create-stub-model
        just create a minimal stub model named threagile-stub-model.yaml in the output directory
  -custom-risk-rules-plugins string
        comma-separated list of plugins (.so shared object) file names with custom risk rules to load
  -diagram-dpi int
        DPI used to render: maximum is 240 (default 120)
  -execute-model-macro string
        Execute model macro (by ID)
  -generate-data-asset-diagram
        generate data asset diagram (default true)
  -generate-data-flow-diagram
        generate data-flow diagram (default true)
  -generate-report-pdf
        generate report pdf, including diagrams (default true)
  -generate-risks-excel
        generate risks excel (default true)
  -generate-risks-json
        generate risks json (default true)
  -generate-stats-json
        generate stats json (default true)
  -generate-tags-excel
        generate tags excel (default true)
  -generate-technical-assets-json
        generate technical assets json (default true)
  -ignore-orphaned-risk-tracking
        ignore orphaned risk tracking (just log them) not matching a concrete risk
  -list-model-macros
        print model macros
  -list-risk-rules
        print risk rules
  -list-types
        print type information (enum values to be used in models)
  -model string
        input model yaml file (default "threagile.yaml")
  -output string
        output directory (default ".")
  -print-3rd-party-licenses
        print 3rd-party license information
  -print-license
        print license information
  -raa-plugin string
        RAA calculation plugin (.so shared object) file name (default "raa.so")
  -server int
        start a server (instead of commandline execution) on the given port
  -skip-risk-rules string
        comma-separated list of risk rules (by their ID) to skip
  -verbose
        verbose output
  -version
        print version


Examples:

If you want to create an example model (via docker) as a starting point to learn about Threagile just run: 
 docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -create-example-model -output /app/work

If you want to create a minimal stub model (via docker) as a starting point for your own model just run: 
 docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -create-stub-model -output /app/work

If you want to execute Threagile on a model yaml file (via docker): 
 docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -verbose -model /app/work/threagile.yaml -output /app/work

If you want to run Threagile as a server (REST API) on some port (here 8080): 
 docker run --rm -it --shm-size=256m -p 8080:8080 --name threagile-server --mount 'type=volume,src=threagile-storage,dst=/data,readonly=false' threagile/threagile -server 8080

If you want to find out about the different enum values usable in the model yaml file: 
 docker run --rm -it threagile/threagile -list-types

If you want to use some nice editing help (syntax validation, autocompletion, and live templates) in your favourite IDE: 
 docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -create-editing-support -output /app/work

If you want to list all available model macros (which are macros capable of reading a model yaml file, asking you questions in a wizard-style and then update the model yaml file accordingly): 
 docker run --rm -it threagile/threagile -list-model-macros

If you want to execute a certain model macro on the model yaml file (here the macro add-build-pipeline): 
 docker run --rm -it -v "$(pwd)":/app/work threagile/threagile -model /app/work/threagile.yaml -output /app/work -execute-model-macro add-build-pipeline
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].