Question 1

How to generate data flow diagrams from HCL files with threatcl?

Accepted Answer

Use the `threatcl dfd` command with HCL files containing data_flow_diagram_v2 blocks to output PNG or DOT files automatically. The README provides examples like examples/tm2.hcl for defining diagrams.

Question 2

threatcl vs OWASP Threat Dragon: which is better for DevOps?

Accepted Answer

threatcl is better for DevOps teams using HCL and Terraform, as it automates threat modeling with version control and CI/CD integration. OWASP Threat Dragon offers a web-based GUI but may lack deep DevOps automation features.

Question 3

Can threatcl work with Kubernetes manifests instead of Terraform?

Accepted Answer

threatcl primarily integrates with Terraform; for Kubernetes, you need to manually define information assets in HCL or use custom scripts, as it doesn't have built-in support for Kubernetes manifests.

Question 4

How to set up threatcl in a CI/CD pipeline?

Accepted Answer

Integrate threatcl via GitHub Actions using the threatcl-action or use the `threatcl query` command in scripts to validate controls and check stats, as shown in the CI/CD example in the README.

Question 5

What is the GraphQL API schema for threatcl?

Accepted Answer

The GraphQL schema includes queries for stats, threatModels with filters, and details on threats and controls. Full documentation is available in docs/graphql-api.md with examples like filtering by internet-facing systems.

Question 6

How to customize the markdown dashboard templates in threatcl?

Accepted Answer

Use the `-dashboard-template` and `-threatmodel-template` flags with custom Go text/template files to modify the generated markdown output. Examples are provided in the README, such as dashboard-template.tpl.

threatcl

What is threatcl?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions