# cdk-threagile (cdktg)
> Agile Threat Modeling as Code
CDK Constructs for [threagile](https://threagile.io/)
## Installation
TypeScript/JavaScript:
```bash
npm i cdktg
```
Python:
```bash
pip install cdktg
```
## How to use
Initialize a project:
```bash
mkdir threagile
cd threagile
cdktg init
```
### Threat Model written in typescript:
```typescript
// threagile.ts
const project = new Project();
const model = new Model(project, 'Model Stub', {
title: 'Model Stub',
version: '1.0.0',
date: '2020-03-31',
author: new Author({
name: 'John Doe',
}),
businessCriticality: BusinessCriticality.IMPORTANT,
});
const someData = new DataAsset(model, 'Some Data Asset', {
description: 'Some Description',
usage: Usage.BUSINESS,
origin: 'Some Origin',
owner: 'Some Owner',
quantity: Quantity.MANY,
ciaTriad: new CIATriad({
confidentiality: Confidentiality.CONFIDENTIAL,
integrity: Integrity.CRITICAL,
availability: Availability.OPERATIONAL,
}),
});
const someTrustBoundary = new TrustBoundary(model, 'Some Trust Boundary', {
description: 'Some Description',
type: TrustBoundaryType.NETWORK_DEDICATED_HOSTER,
});
const someTechnicalAsset = new TechnicalAsset(model, 'Some Technical Asset', {
trustBoundary: someTrustBoundary,
description: 'Some Description',
type: TechnicalAssetType.PROCESS,
usage: Usage.BUSINESS,
humanUse: false,
size: Size.COMPONENT,
technology: Technology.WEB_SERVICE_REST,
internet: false,
machine: Machine.VIRTUAL,
encryption: Encryption.NONE,
owner: 'Some Owner',
ciaTriad: new CIATriad({
confidentiality: Confidentiality.CONFIDENTIAL,
integrity: Integrity.CRITICAL,
availability: Availability.CRITICAL,
}),
multiTenant: false,
redundant: true,
});
someTechnicalAsset.processes(someData);
const someOtherTechnicalAsset = new TechnicalAsset(model, 'Some Other Technical Asset', {
description: 'Some Description',
type: TechnicalAssetType.PROCESS,
usage: Usage.BUSINESS,
humanUse: false,
size: Size.COMPONENT,
technology: Technology.WEB_SERVICE_REST,
tags: ['some-tag', 'some-other-tag'],
internet: false,
machine: Machine.VIRTUAL,
encryption: Encryption.NONE,
owner: 'Some Owner',
ciaTriad: new CIATriad({
confidentiality: Confidentiality.CONFIDENTIAL,
integrity: Integrity.IMPORTANT,
availability: Availability.IMPORTANT,
}),
multiTenant: false,
redundant: true,
});
someOtherTechnicalAsset.processes(someData);
const someTraffic = someTechnicalAsset.communicatesWith('Some Traffic', someOtherTechnicalAsset, {
description: 'Some Description',
protocol: Protocol.HTTPS,
authentication: Authentication.NONE,
authorization: Authorization.NONE,
vpn: false,
ipFiltered: false,
readonly: false,
usage: Usage.BUSINESS,
});
someTraffic.sends(someData);
const someSharedRuntime = new SharedRuntime(model, "Some Shared Runtime", {
description: "Some Description",
});
someSharedRuntime.runs(someTechnicalAsset, someOtherTechnicalAsset);
project.synth();
```
### High level constructs (cdktg/plus*)
```typescript
import { ApplicationLoadBalancer, Cloud } from "cdktg/plus-aws";
// ...
const alb = new ApplicationLoadBalancer(model, "ALB", {
waf: true,
ciaTriad: new CIATriad({
availability: Availability.CRITICAL,
integrity: Integrity.IMPORTANT,
confidentiality: Confidentiality.CONFIDENTIAL,
}),
});
const cloud = new Cloud(model, "AWS-Cloud");
cloud.addTechnicalAssets(alb);
// ...
```
### cdktg CLI commands:
A running thragile rest api server is required for the CLI. The URL can be passed by parameter `url` or environment variable `CDKTG_THREAGILE_BASE_URL`.
The examples can be used with the [threagile playground](https://run.threagile.io/)
```sh
cdktg [command]
Commands:
cdktg init create a new cdk-threagile project
cdktg synth <filename> synthesize the models
cdktg ping ping the api
cdktg check check the models
cdktg analyze analyze the models
cdktg completion generate completion script
Options:
--help Show help [boolean]
--version Show version number [boolean]
```
### Analyze outputs:
```sh
dist
└── ModelStub
├── data-asset-diagram.png
├── data-flow-diagram.png
├── report.pdf
├── risks.json
├── risks.xlsx
├── stats.json
├── tags.xlsx
├── technical-assets.json
└── threagile.yaml
```
## Examples
See more complete [examples](https://github.com/hupe1980/cdk-threagile-examples).
## License
[MIT](LICENSE)
Raw data
{
"_id": null,
"home_page": "https://github.com/hupe1980/cdk-threagile.git",
"name": "cdktg",
"maintainer": "",
"docs_url": null,
"requires_python": "~=3.7",
"maintainer_email": "",
"keywords": "",
"author": "hupe1980",
"author_email": "",
"download_url": "https://files.pythonhosted.org/packages/bb/86/9e2f2a4832652f9228c16ea8a9f3271b8238b743060975ef0ac54536d1eb/cdktg-0.0.39.tar.gz",
"platform": null,
"description": "# cdk-threagile (cdktg)\n\n\n\n\n> Agile Threat Modeling as Code\n\nCDK Constructs for [threagile](https://threagile.io/)\n\n## Installation\n\nTypeScript/JavaScript:\n\n```bash\nnpm i cdktg\n```\n\nPython:\n\n```bash\npip install cdktg\n```\n\n## How to use\n\nInitialize a project:\n\n```bash\nmkdir threagile\ncd threagile\ncdktg init\n```\n\n### Threat Model written in typescript:\n\n```typescript\n// threagile.ts\n\nconst project = new Project();\n\nconst model = new Model(project, 'Model Stub', {\n title: 'Model Stub',\n version: '1.0.0',\n date: '2020-03-31',\n author: new Author({\n name: 'John Doe',\n }),\n businessCriticality: BusinessCriticality.IMPORTANT,\n});\n\nconst someData = new DataAsset(model, 'Some Data Asset', {\n description: 'Some Description',\n usage: Usage.BUSINESS,\n origin: 'Some Origin',\n owner: 'Some Owner',\n quantity: Quantity.MANY,\n ciaTriad: new CIATriad({\n confidentiality: Confidentiality.CONFIDENTIAL,\n integrity: Integrity.CRITICAL,\n availability: Availability.OPERATIONAL,\n }),\n});\n\nconst someTrustBoundary = new TrustBoundary(model, 'Some Trust Boundary', {\n description: 'Some Description',\n type: TrustBoundaryType.NETWORK_DEDICATED_HOSTER,\n});\n\nconst someTechnicalAsset = new TechnicalAsset(model, 'Some Technical Asset', {\n trustBoundary: someTrustBoundary,\n description: 'Some Description',\n type: TechnicalAssetType.PROCESS,\n usage: Usage.BUSINESS,\n humanUse: false,\n size: Size.COMPONENT,\n technology: Technology.WEB_SERVICE_REST,\n internet: false,\n machine: Machine.VIRTUAL,\n encryption: Encryption.NONE,\n owner: 'Some Owner',\n ciaTriad: new CIATriad({\n confidentiality: Confidentiality.CONFIDENTIAL,\n integrity: Integrity.CRITICAL,\n availability: Availability.CRITICAL,\n }),\n multiTenant: false,\n redundant: true,\n});\n\nsomeTechnicalAsset.processes(someData);\n\nconst someOtherTechnicalAsset = new TechnicalAsset(model, 'Some Other Technical Asset', {\n description: 'Some Description',\n type: TechnicalAssetType.PROCESS,\n usage: Usage.BUSINESS,\n humanUse: false,\n size: Size.COMPONENT,\n technology: Technology.WEB_SERVICE_REST,\n tags: ['some-tag', 'some-other-tag'],\n internet: false,\n machine: Machine.VIRTUAL,\n encryption: Encryption.NONE,\n owner: 'Some Owner',\n ciaTriad: new CIATriad({\n confidentiality: Confidentiality.CONFIDENTIAL,\n integrity: Integrity.IMPORTANT,\n availability: Availability.IMPORTANT,\n }),\n multiTenant: false,\n redundant: true,\n});\n\nsomeOtherTechnicalAsset.processes(someData);\n\nconst someTraffic = someTechnicalAsset.communicatesWith('Some Traffic', someOtherTechnicalAsset, {\n description: 'Some Description',\n protocol: Protocol.HTTPS,\n authentication: Authentication.NONE,\n authorization: Authorization.NONE,\n vpn: false,\n ipFiltered: false,\n readonly: false,\n usage: Usage.BUSINESS,\n});\n\nsomeTraffic.sends(someData);\n\nconst someSharedRuntime = new SharedRuntime(model, \"Some Shared Runtime\", {\n description: \"Some Description\",\n});\n\nsomeSharedRuntime.runs(someTechnicalAsset, someOtherTechnicalAsset);\n\nproject.synth();\n```\n\n### High level constructs (cdktg/plus*)\n\n```typescript\nimport { ApplicationLoadBalancer, Cloud } from \"cdktg/plus-aws\";\n\n// ...\n\nconst alb = new ApplicationLoadBalancer(model, \"ALB\", {\n waf: true,\n ciaTriad: new CIATriad({\n availability: Availability.CRITICAL,\n integrity: Integrity.IMPORTANT,\n confidentiality: Confidentiality.CONFIDENTIAL,\n }),\n});\n\nconst cloud = new Cloud(model, \"AWS-Cloud\");\n\ncloud.addTechnicalAssets(alb);\n\n// ...\n```\n\n### cdktg CLI commands:\n\nA running thragile rest api server is required for the CLI. The URL can be passed by parameter `url` or environment variable `CDKTG_THREAGILE_BASE_URL`.\n\nThe examples can be used with the [threagile playground](https://run.threagile.io/)\n\n```sh\ncdktg [command]\n\nCommands:\n cdktg init create a new cdk-threagile project\n cdktg synth <filename> synthesize the models\n cdktg ping ping the api\n cdktg check check the models\n cdktg analyze analyze the models\n cdktg completion generate completion script\n\nOptions:\n --help Show help [boolean]\n --version Show version number [boolean]\n```\n\n### Analyze outputs:\n\n```sh\ndist\n\u2514\u2500\u2500 ModelStub\n \u251c\u2500\u2500 data-asset-diagram.png\n \u251c\u2500\u2500 data-flow-diagram.png\n \u251c\u2500\u2500 report.pdf\n \u251c\u2500\u2500 risks.json\n \u251c\u2500\u2500 risks.xlsx\n \u251c\u2500\u2500 stats.json\n \u251c\u2500\u2500 tags.xlsx\n \u251c\u2500\u2500 technical-assets.json\n \u2514\u2500\u2500 threagile.yaml\n```\n\n## Examples\n\nSee more complete [examples](https://github.com/hupe1980/cdk-threagile-examples).\n\n## License\n\n[MIT](LICENSE)\n\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Agile Threat Modeling as Code",
"version": "0.0.39",
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"md5": "9f286e8c77813faa9ec71e4d39489bae",
"sha256": "6610a179b36582b46b911caef7fb6ea51aa53edf8842005bda0341d7e8649527"
},
"downloads": -1,
"filename": "cdktg-0.0.39-py3-none-any.whl",
"has_sig": false,
"md5_digest": "9f286e8c77813faa9ec71e4d39489bae",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.7",
"size": 1318957,
"upload_time": "2022-06-30T05:54:08",
"upload_time_iso_8601": "2022-06-30T05:54:08.639509Z",
"url": "https://files.pythonhosted.org/packages/72/a2/0dc76b0e20a387f59492499d8696ed00e7f97c1b9da88e9e86a5faf2f23e/cdktg-0.0.39-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"md5": "d9921408ecdfc35d84405115fbf36a86",
"sha256": "27c1c1c5a103a7dffbd9cfe90a0b0c7368d98d5a7685157b17efa9aa44a76cee"
},
"downloads": -1,
"filename": "cdktg-0.0.39.tar.gz",
"has_sig": false,
"md5_digest": "d9921408ecdfc35d84405115fbf36a86",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.7",
"size": 1320176,
"upload_time": "2022-06-30T05:54:10",
"upload_time_iso_8601": "2022-06-30T05:54:10.610881Z",
"url": "https://files.pythonhosted.org/packages/bb/86/9e2f2a4832652f9228c16ea8a9f3271b8238b743060975ef0ac54536d1eb/cdktg-0.0.39.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2022-06-30 05:54:10",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "hupe1980",
"github_project": "cdk-threagile.git",
"lcname": "cdktg"
}
JSON
