1.1.7 • Published 3 years ago
threat-model-manager v1.1.7
threat-model-manager
Documentation management for threat models
Building it
You can install from npm:
npm i threat-model-managerOr build from source:
npm i
npm run buildIf you build from source you will need to run:
node lib/cli.js generate filename.yamlRunning it
If installed from npm.
Currently there is only one command, generate:
threat-model-manager generate filename.yamlInput file format
The input file is a YAML file of the following format:
classes:
node-class-a:
label: Class A
threats:
- type: <threat type>
threat: text for threat
notes: some text
risk: a number
ticket: a reference to a ticket for resolution/mitigation
components:
component-a:
label: Component A
nodes:
node-name-a:
label: The name for node a
component: component-a
classes:
- node-class-a
threats:
- type: <threat type>
threat: text for threat
notes: some text
risk: a number
ticket: a reference to a ticket for resolution/mitigation
flows:
- to: node-name-b
threats:
- type: <threat type>
threat: text for threat
notes: some text
risk: a number
ticket: a reference to a ticket for resolution/mitigationThe threat types are one of:
- spoofing
- tampering
- repudiation
- information
- denial
- elevation
node names are only used for references between flows and nodes, but the model is checked to ensure there are no dangling references, but orphans are ok.
Output
The output is a graphviz dot file per component, and one overall, plus pngs for each.
Numeric references are generated on the fly, but are not stable if you add or remove nodes or flows.