Fraser Scott edited this page May 19, 2017 · 23 revisions

Welcome to the ThreatSpec Wiki. Here you will find all the user and developer documentation, as well as information about the various ThreatSpec scripts and tools.

Please note: This Wiki is a work in progress and is not yet complete.

Community Page

Information about how to participate in the ThreatSpec community. This includes how to contribute to the project as a developer and how to get more involved as a user.

Tools Page

A catalogue of scripts and tools that parse code and generate threat model reports.

Specifications

ThreatSpec is made up of 3 main components:

  1. A way of annotating code with threat modelling information
  2. A way of representing the threat model information in a generic, language-agnostic format
  3. A set of tools to parse code and generate different types of reports.

This section covers the standards that govern points 1 and 2 above.

Code Annotations

https://github.com/threatspec/threatspec/blob/master/specifications/code_annotations.md

ThreatSpec JSON Schema

https://github.com/threatspec/threatspec/blob/master/specifications/schema.json

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.