Agile Threat Modeling as Code
Project description
cdk-threagile (cdktg)
Agile Threat Modeling as Code
CDK Constructs for threagile
Installation
TypeScript/JavaScript:
npm i cdktg
Python:
pip install cdktg
How to use
Initialize a project:
mkdir threagile
cd threagile
cdktg init
Threat Model written in typescript:
// threagile.ts
const project = new Project();
const model = new Model(project, 'Model Stub', {
title: 'Model Stub',
version: '1.0.0',
date: '2020-03-31',
author: new Author({
name: 'John Doe',
}),
businessCriticality: BusinessCriticality.IMPORTANT,
});
const someData = new DataAsset(model, 'Some Data Asset', {
description: 'Some Description',
usage: Usage.BUSINESS,
origin: 'Some Origin',
owner: 'Some Owner',
quantity: Quantity.MANY,
ciaTriad: new CIATriad({
confidentiality: Confidentiality.CONFIDENTIAL,
integrity: Integrity.CRITICAL,
availability: Availability.OPERATIONAL,
}),
});
const someTrustBoundary = new TrustBoundary(model, 'Some Trust Boundary', {
description: 'Some Description',
type: TrustBoundaryType.NETWORK_DEDICATED_HOSTER,
});
const someTechnicalAsset = new TechnicalAsset(model, 'Some Technical Asset', {
trustBoundary: someTrustBoundary,
description: 'Some Description',
type: TechnicalAssetType.PROCESS,
usage: Usage.BUSINESS,
humanUse: false,
size: Size.COMPONENT,
technology: Technology.WEB_SERVICE_REST,
internet: false,
machine: Machine.VIRTUAL,
encryption: Encryption.NONE,
owner: 'Some Owner',
ciaTriad: new CIATriad({
confidentiality: Confidentiality.CONFIDENTIAL,
integrity: Integrity.CRITICAL,
availability: Availability.CRITICAL,
}),
multiTenant: false,
redundant: true,
});
someTechnicalAsset.processes(someData);
const someOtherTechnicalAsset = new TechnicalAsset(model, 'Some Other Technical Asset', {
description: 'Some Description',
type: TechnicalAssetType.PROCESS,
usage: Usage.BUSINESS,
humanUse: false,
size: Size.COMPONENT,
technology: Technology.WEB_SERVICE_REST,
tags: ['some-tag', 'some-other-tag'],
internet: false,
machine: Machine.VIRTUAL,
encryption: Encryption.NONE,
owner: 'Some Owner',
ciaTriad: new CIATriad({
confidentiality: Confidentiality.CONFIDENTIAL,
integrity: Integrity.IMPORTANT,
availability: Availability.IMPORTANT,
}),
multiTenant: false,
redundant: true,
});
someOtherTechnicalAsset.processes(someData);
const someTraffic = someTechnicalAsset.communicatesWith('Some Traffic', someOtherTechnicalAsset, {
description: 'Some Description',
protocol: Protocol.HTTPS,
authentication: Authentication.NONE,
authorization: Authorization.NONE,
vpn: false,
ipFiltered: false,
readonly: false,
usage: Usage.BUSINESS,
});
someTraffic.sends(someData);
const someSharedRuntime = new SharedRuntime(model, "Some Shared Runtime", {
description: "Some Description",
});
someSharedRuntime.runs(someTechnicalAsset, someOtherTechnicalAsset);
project.synth();
High level constructs (cdktg/plus*)
import { ApplicationLoadBalancer, Cloud } from "cdktg/plus-aws";
// ...
const alb = new ApplicationLoadBalancer(model, "ALB", {
waf: true,
ciaTriad: new CIATriad({
availability: Availability.CRITICAL,
integrity: Integrity.IMPORTANT,
confidentiality: Confidentiality.CONFIDENTIAL,
}),
});
const cloud = new Cloud(model, "AWS-Cloud");
cloud.addTechnicalAssets(alb);
// ...
cdktg CLI commands:
A running thragile rest api server is required for the CLI. The URL can be passed by parameter url or environment variable CDKTG_THREAGILE_BASE_URL.
The examples can be used with the threagile playground
cdktg [command]
Commands:
cdktg init create a new cdk-threagile project
cdktg synth <filename> synthesize the models
cdktg ping ping the api
cdktg check check the models
cdktg analyze analyze the models
cdktg completion generate completion script
Options:
--help Show help [boolean]
--version Show version number [boolean]
Analyze outputs:
dist
└── ModelStub
├── data-asset-diagram.png
├── data-flow-diagram.png
├── report.pdf
├── risks.json
├── risks.xlsx
├── stats.json
├── tags.xlsx
├── technical-assets.json
└── threagile.yaml
Examples
See more complete examples.
License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
cdktg-0.0.40.tar.gz
(1.3 MB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cdktg-0.0.40.tar.gz.
File metadata
- Download URL: cdktg-0.0.40.tar.gz
- Upload date:
- Size: 1.3 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.10.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
07f0c7ebc61da4f80378181023fe06b7551c79ed87529c00e3cb0ac505782bb8
|
|
| MD5 |
6b11754799d748205f2635fdaa4d6c09
|
|
| BLAKE2b-256 |
768bf78ce0862799f7e1ff542e5ec54899f2eaa4cba3c45ee72080dec3102121
|
File details
Details for the file cdktg-0.0.40-py3-none-any.whl.
File metadata
- Download URL: cdktg-0.0.40-py3-none-any.whl
- Upload date:
- Size: 1.3 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.10.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
77fe1255cad541d647e658f2878a2c88adf7bb81311e68c8e8c57eb80f0d427f
|
|
| MD5 |
3342ffe22b7739ec3beefa56fc392300
|
|
| BLAKE2b-256 |
a56075c06e663ee90b9056bca66f553f5a1c5862a78fd0a526415336ade49c35
|
