Question 1

How to export threat models from Threat Dragon Desktop for reports?

Accepted Answer

Threat Dragon Desktop saves models as local JSON files, which can be shared directly, but there's no built-in export to formats like PDF or Word. You may need to use external tools or manual copying for formal reports.

Question 2

Threat Dragon vs Microsoft Threat Modeling Tool – which should I use?

Accepted Answer

Threat Dragon is free, open-source, and cross-platform with automated threat generation, while Microsoft's tool is proprietary and better integrated with Azure. Choose Threat Dragon for cost-free, offline use, and Microsoft for enterprise ecosystems.

Question 3

Can I import diagrams from tools like draw.io into Threat Dragon?

Accepted Answer

The README doesn't mention import capabilities for existing diagrams; you likely need to recreate diagrams within Threat Dragon's interface, which can be time-consuming for complex architectures.

Question 4

Is Threat Dragon Desktop safe for use on air-gapped networks?

Accepted Answer

Yes, it's designed for offline use with local storage, making it secure for air-gapped environments. Ensure you verify the installer's integrity from the GitHub releases page before deployment.

Question 5

How to update Threat Dragon Desktop when new versions are released?

Accepted Answer

Updates require manually downloading new installers from the GitHub releases page or using package managers for Linux. There's no automatic update feature, so you must track releases yourself.

Question 6

Does Threat Dragon support team collaboration on the same model?

Accepted Answer

The desktop variant is single-user with local files, so collaboration requires manual file sharing and version control. The web version offers GitHub integration for team workflows.

owasp-threat-dragon-desktop

What is owasp-threat-dragon-desktop?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions