README
ΒΆ
Threatcat π
Threatcat is a command-line tool designed to support the threat modeling process by automating parts of the model creation. It is built to be easily integrated into your CI/CD pipeline, helping you to keep your threat models up-to-date with your evolving system architecture.
The main goal of Threatcat is to gather information from various sources, merge them, and create a foundational threat model. This allows security and development teams to focus on analyzing and mitigating threats rather than on the manual and often time-consuming task of diagramming and data entry.
β¨ Features
Threatcat offers a range of features to streamline your threat modeling workflow:
- Automated Model Generation: Automatically create a baseline threat model from your infrastructure-as-code definitions.
- Support for Docker Compose: Currently, Threatcat can read
docker-compose.ymlfiles and generate a corresponding OWASP Threat Dragon model. - Model Updates: You can also use a
docker-compose.ymlfile to update an existing Threat Dragon model with new or changed services. - CI/CD Integration: As a command-line tool, Threatcat can be seamlessly integrated into your CI/CD pipeline to ensure your threat models are always current.
π Upcoming Features
We have an exciting roadmap for Threatcat, with plans to introduce:
- Broader Input Format Support: We are planning to add support for other input formats, for example Terraform files that describe infrastructure and even direct source code analysis.
- Multiple Output Formats: In the future, you will be able to generate threat models in various formats, such as Threagile YAML files.
- Enhanced Merging Capabilities: We aim to improve the merging logic to intelligently handle more complex scenarios and a wider array of input sources.
- Automatic generation of threats: Automatic generation of common threat scenarios for recognized components.
- Extensibility: Enhanced extensibility through custom configuration files, allowing users to define new rules and integrations.
βοΈ Installation
To get started with Threatcat, you'll need a working Go installation on your system.
If you just want to use the tool and are not interested in modifying the source code, you can install it directly with a single command.
- Install to your PATH: To build the binary and automatically place it in your Go bin directory (which should be part of your system's
PATH), use:
This will make thego install github.com/threatcat-dev/threatcat/cmd/threatcat@latestthreatcatcommand available globally in your terminal.
To build/install from a local copy of the source code:
-
First, clone the repository to your local machine:
git clone https://github.com/threatcat-dev/threatcat.git -
Navigate to the project directory:
cd threatcat -
From here, you have two options:
-
Build the executable: Run the following command to compile the
threatcatbinary in the current directory.go build ./cmd/threatcat -
Install to your PATH: To build the binary and automatically place it in your Go bin directory (which should be part of your system's
PATH), use:go install ./cmd/threatcat
-
π οΈ Usage
Threatcat is designed to be straightforward to use from the command line.
Creating a New Threat Dragon Model
To create a new Threat Dragon model from a docker-compose.yml file, use the following command:
threatcat -d /path/to/your/docker-compose.yml -o /path/to/your/threatdragon-model.json
π₯ Video: Creating a new ThreatDragon model from docker-compose
Updating an Existing Threat Dragon Model
To update an existing Threat Dragon model with the containers from a docker-compose.yml file, run:
threatcat -d /path/to/your/docker-compose.yml -t /path/to/your/threatdragon-input-model.json -o /path/to/your/threatdragon-output-model.json
To overwrite your existing model with the updates, simply use the same file path for both the -t parameter and the -o parameter.
π₯ Video: Updating an existing ThreatDragon model
Custom Component Mapping
Threatcat automatically classifies components into categories (applications, databases, webservers, infrastructure) based on the Docker image name. While Threatcat recognizes many common public images by default, you can extend this mapping to include your private or less common images.
To do this, create a configuration file (e.g., threatcat.config) with your custom image names under the appropriate categories:
applications:
- my-custom-app
- my-other-app-image:latest
databases:
- my-special-db
webservers:
- my-nginx-proxy
infrastructure:
- my-message-queue
To apply your custom definitions during a run, pass the configuration file to the tool using the -i flag. Threatcat will then correctly classify any components using these image names.
threatcat -d /path/to/your/docker-compose.yml -i /path/to/your/threatcat.config -o /path/to/your/threatdragon-model.json
Further Usage
For a full list of all available commands and flags, you can always use the -h flag. This will provide you with the most up-to-date information.
threatcat -h
π Contributing
We welcome and greatly appreciate feedback from the community! If you have suggestions for new features, ideas for improvement, or have found a bug, please let us know by opening an issue.
A Note on Pull Requests
As Threatcat is currently being developed as part of a student project, we need to handle the core implementation ourselves. For this reason, we are currently not able to accept pull requests.
We may be able to open up for code contributions in the future. We appreciate your understanding!
π License
Threatcat is licensed under the MIT License. See the LICENSE file for more information.
Directories
ΒΆ
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
threatcat
command
|
|
|
internal
|
|
|
threatdragon
This file was generated from JSON Schema using quicktype, do not modify it directly.
|
This file was generated from JSON Schema using quicktype, do not modify it directly. |