Skip to content
IriusRisk Community
Branch: master
Clone or download
Stephen de Vries
Latest commit 73c8cbd Aug 10, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
resources added AWS lambda risk pattern Aug 10, 2019
Example-Web-App-ThreatModel.xml Create Example-Web-App-ThreatModel.xml May 2, 2016
README.md Update README.md Aug 10, 2019
TermsOfUse.md Added statement about import and export to XML Jul 4, 2016

README.md

IriusRisk Community Edition is a free version of IriusRisk that allows you to quickly model software security risks using a template based approach, and then manage those risks throughout the rest of the SDLC, including:

  • Assigning a risk response: Accept, Mitigate or Expose
  • Apply a security standard, such as OWASP ASVS to derive the security requirements in one step
  • Automatically upload security controls as requirements to Jira
  • Synchronise the current implementation state of the requirements with Jira and automatically adjust the associated risk rating

An open Threat Model platform

All threat models created in IriusRisk can be published as Templates that are visible to other users of the platform. If you have existing threat models in Microsoft Threat Modeller version 4 format, you can import the threats and countermeasures via the "Add Artifact" feature on the Architecture tab. (Threat and Countermeasures are imported, but not dataflows).

Getting Started

  • Registration for the Community Edition is suspended until 27 August 2019. Follow @IriusRisk for updates
  • Submit bugs and feature requests to github
  • Join the IriusRisk discussion forum

Try our commercial edition for these extra features

  • Manage more than 1 application. The solution has been tested with 4000+ applications.
  • Directly modify questionnaires, risk patterns and rules.
  • Access to expanded risk patterns libraries such as PCI DSS v3.2
  • Use our API to embed IriusRisk as part of your SecDevOps pipeline and automatically import Cucumber, BDD-Security and OWASP ZAP scanning results
  • Import vulnerabilities from numerous SAST and DAST tools via ThreadFix
  • See our website for more details
You can’t perform that action at this time.