Skip to content


Repository files navigation


Modeling offers an unprecedented opportunity for high-quality critical systems development that is feasible in an industrial context. CARiSMA enables you to perform:

  • compliance analyses,
  • risk analyses, and
  • security analyses

of software models. CARiSMA is an acronym for CompliAnce, Risk, and Security Model Analyzer.

Since CARiSMA is a reimplemented variant of the former UMLsec tool it natively supports UML models. Due to its EMF-based implementation CARiSMA can also support domain-specific modeling languages such as BPMN.

CARiSMA is fully integrated into Eclipse and can thus become part of the modeling tool of your choice including but not limited to Papyrus MDT, IBM Rational Software Architect, and many others.

A flexible plugin architecture makes CARiSMA extensible for new languages and allows users to implement their own compliance, risk, or security checks.


See Installation Guide for how to install CARiSMA and its extensions.

General Usage

See Usage Guide for information on how to use CARiSMA.

Specific checks

Static Checks

See Static Checks for the specific checks.


See UMLsec4IDS for the specific checks.


See Activity2PetriNet for the specific checks.

Smartcard Checks

See Smartcard for the specific checks.

The OCL Check Plugin

See OCL for the specific checks.


See RABAC for the specific checks.


If you want to extend CARiSMA, consult the Development Guide.

Video Documentation

There are multiple different screencasts available on the CARiSMA-Tool:

Contact / Team

If you find bugs, please use GitHub's issue tracker.

For other questions contact: Research Group Software Engineering at University of Koblenz


  • Jan Jürjens
  • Julian Flake
  • Sven Peldszus

Further developers and contributors:

  • Sven Wenzel
  • Daniel Poggenpohl, né Warzecha
  • Benjamin Berghoff
  • Jens Bürger
  • Lidiya Kaltchev
  • Johannes Kowald
  • Kubi Mensah
  • Marcel Michel
  • Alexander Peikert
  • Klaus Rudack