AdversaryGraph v0.9.0

ThreatMapper v0.9.0 Release Notes

Release date: 2026-06-15

Summary

ThreatMapper v0.9.0 is a maturity-evidence release for external review. It
keeps the project clearly pre-v1.0, but makes the repository easier to assess
for maintainers, CTI analysts, detection engineers, and curated security lists.

What Changed

• Added a complete documentation package for quickstart, user workflow, admin
  operation, security model, limitations, comparisons, validation, and
  production readiness.
• Added demo dataset and sample outputs for reviewer-safe evaluation.
• Added GitHub issue templates, pull request template, maintainers file,
  contribution guide, and public roadmap.
• Added CI workflow covering backend tests and frontend production build.
• Documented analyst review-state and evidence-binding progress.
• Replaced placeholder screenshot references with actual screenshot evidence.

Reviewer Evidence

• README.md: maturity evidence table, screenshots, architecture, quickstart.
• docs/quickstart.md: clean Docker evaluation path.
• docs/demo-dataset/: public report excerpt and expected mappings.
• docs/sample-outputs/: JSON, Navigator layer, CSV, and Markdown examples.
• docs/validation/: evaluation plan and mapping review rubric.
• docs/production-readiness.md: implemented gates and production blockers.

Verification

cd backend && PYTHONPATH=. python -m pytest -q
cd frontend && npm run build

Expected backend test result for this release: 63 passed.

Known Limits

• ThreatMapper is not an attribution engine; TTP overlap is an investigation
  lead only.
• LLM-assisted mappings require analyst review.
• The default Docker Compose deployment is for controlled environments, not an
  internet-facing SaaS deployment.
• The project should wait for more release history and external usage evidence
  before strict curated-list resubmission.