Score every trust-boundary crossing in your infrastructure — YAML, Terraform, Compose, Kubernetes
Project description
Trust Boundary Mapper
Score every trust-boundary crossing in your infrastructure and emit an opinionated security report — in under a minute, entirely offline.
Quickstart
# Install
pipx install trust-boundary-mapper
# Run in any directory that contains infrastructure files
tbm
# Or score explicitly
tbm score docker-compose.yml --output report.html --serve
After tbm score completes, --serve opens the report in your browser
automatically. Press Ctrl-C to stop the local server.
What TBM does
TBM reads an architecture description — YAML, Terraform state, Docker Compose, or Kubernetes manifests — and scores every communication edge between components using a trust-boundary thinness formula:
T(u, v) = (α + (1 − α) · A) · (w_s · S + w_b · B)
where A is authentication strength, S is data sensitivity, and B is blast radius (how many components are reachable downstream). High T means a thin trust boundary — the edge is a security concern.
The output is a self-contained HTML report you can open in any browser, a printable one-page client deliverable, and a machine-readable JSON export. Everything runs locally. No data leaves your machine.
Supported inputs
| Format | Auto-detected? | Introduced |
|---|---|---|
| Hand-written YAML (native schema) | .yaml / .yml with version: 1 |
v0.1 |
Terraform state (terraform show -json) |
.json |
v0.2 |
| Docker Compose | compose.yml, docker-compose.yml |
v0.3 |
| Kubernetes manifests (file or directory) | apiVersion: + kind: in YAML |
v0.4 |
| Kubernetes RBAC resources | Bundled with Kubernetes input | v0.6 |
Example output
══════════════════════════════════════════════════════════════════════════════════
TRUST BOUNDARY ANALYSIS — THREE-TIER WEB APPLICATION
2025-04-14T10:32:00Z
══════════════════════════════════════════════════════════════════════════════════
Input: three_tier.yaml α=0.10 w_s=0.50 w_b=0.50 mesh=collapsed
CRITICAL (T ≥ 0.60)
────────────────────────────────────────────────────────────────────────────────
web → api T=0.680 auth=network_only data=pii B=0.50
api → db T=0.625 auth=bearer_tls data=secrets B=0.25
MODERATE (0.30 ≤ T < 0.60)
...
The full HTML report includes a live vis-network graph, sortable tables, and per-edge remediation guidance.
Installation options
pipx (recommended — isolated, always on PATH)
pipx install trust-boundary-mapper
tbm --version
pip in a virtual environment
python -m venv .venv && source .venv/bin/activate
pip install trust-boundary-mapper
tbm --version
Single binary (no Python required)
Download the pre-built binary for your platform from the Releases page:
| Platform | File |
|---|---|
| Windows (x64) | tbm-0.7.1-windows-x64.exe |
| Linux (x64) | tbm-0.7.1-linux-x64 |
| macOS (Apple Silicon) | tbm-0.7.1-macos-arm64 |
Note: OS security warnings are expected for unsigned binaries. On macOS: right-click → Open. On Windows: More info → Run anyway. See RELEASING.md for details.
From source
git clone https://github.com/Datasculptures/trust-boundary-mapper
cd trust-boundary-mapper
pip install -e .
Zero-config quickstart
Running tbm with no arguments in a directory that contains infrastructure
files detects the input automatically:
$ tbm
Detected Compose input: ./docker-compose.yml
Would run: tbm score docker-compose.yml --output tbm-report.html --serve
Run this? [Y/n]
Supported auto-detection:
compose.ymlordocker-compose.yml→ Compose*.tfstate(single match) → Terraform state*.tbm.yamlortbm.yaml→ native YAMLk8s/ormanifests/directory with.yamlfiles → Kubernetes
Diff mode
Compare two versions of your architecture to surface regressions:
tbm diff \
--before before/infra.json \
--after after/infra.json \
--output diff-report.html \
--json diff-report.json \
--regression-severity critical
Exit code 13 if any edge was added or worsened to critical severity. Exit code 14 if before and after graphs share no component IDs.
Exit codes
| Code | Meaning |
|---|---|
| 0 | Success |
| 2 | Input validation error |
| 3 | Path-traversal or size-cap violation |
| 4 | Internal error |
| 5 | Malformed Terraform state |
| 6 | No mappable resources |
| 7 | Malformed Compose / Kubernetes manifest |
| 13 | Diff regression detected |
| 14 | Diff no-overlap |
Security posture
TBM is designed for offline, air-gapped use:
- No network calls, ever. All assets (vis-network JS) are vendored.
- No telemetry, no analytics, no crash reporting.
- 10 MB input file size cap before any parsing.
yaml.safe_loadonly — YAML tag injection is rejected.- Input paths validated against CWD to prevent path traversal.
Full documentation
- DEVELOPING.md — architecture, scoring methodology, all CLI flags, phase history
- CHANGELOG.md — version history
- RELEASING.md — PyPI publication runbook
- GitHub Issues
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file trust_boundary_mapper-0.8.3.tar.gz.
File metadata
- Download URL: trust_boundary_mapper-0.8.3.tar.gz
- Upload date:
- Size: 652.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
515946faf58d47fe2b8a32d537fe83a47f29b4547f383ec04b84f60c98514670
|
|
| MD5 |
b0d1bbb6918937c3392178d52ff887e5
|
|
| BLAKE2b-256 |
c929607aa5c13b2be7f2fc6601a2897444f1344659adbc38491120f1ef2dc59e
|
File details
Details for the file trust_boundary_mapper-0.8.3-py3-none-any.whl.
File metadata
- Download URL: trust_boundary_mapper-0.8.3-py3-none-any.whl
- Upload date:
- Size: 566.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
63b19f043b16f71d65363264f5f33792f41eec3171e5c871f7815a41f6b85b3c
|
|
| MD5 |
354febd00d37f4c2d01a150ff1d98cd0
|
|
| BLAKE2b-256 |
7ffdb364c37394eb27fbfa3924744d09aad761dbdecf55374398eef8c4474224
|