cdktg


Namecdktg JSON
Version 0.0.39 PyPI version JSON
download
home_pagehttps://github.com/hupe1980/cdk-threagile.git
SummaryAgile Threat Modeling as Code
upload_time2022-06-30 05:54:10
maintainer
docs_urlNone
authorhupe1980
requires_python~=3.7
licenseMIT
keywords
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # cdk-threagile (cdktg)

![Build](https://github.com/hupe1980/cdk-threagile/workflows/build/badge.svg)
![Release](https://github.com/hupe1980/cdk-threagile/workflows/release/badge.svg)

> Agile Threat Modeling as Code

CDK Constructs for [threagile](https://threagile.io/)

## Installation

TypeScript/JavaScript:

```bash
npm i cdktg
```

Python:

```bash
pip install cdktg
```

## How to use

Initialize a project:

```bash
mkdir threagile
cd threagile
cdktg init
```

### Threat Model written in typescript:

```typescript
// threagile.ts

const project = new Project();

const model = new Model(project, 'Model Stub', {
    title: 'Model Stub',
    version: '1.0.0',
    date: '2020-03-31',
    author: new Author({
        name: 'John Doe',
    }),
    businessCriticality: BusinessCriticality.IMPORTANT,
});

const someData = new DataAsset(model, 'Some Data Asset', {
    description: 'Some Description',
    usage: Usage.BUSINESS,
    origin: 'Some Origin',
    owner: 'Some Owner',
    quantity: Quantity.MANY,
    ciaTriad: new CIATriad({
        confidentiality: Confidentiality.CONFIDENTIAL,
        integrity: Integrity.CRITICAL,
        availability: Availability.OPERATIONAL,
    }),
});

const someTrustBoundary = new TrustBoundary(model, 'Some Trust Boundary', {
    description: 'Some Description',
    type: TrustBoundaryType.NETWORK_DEDICATED_HOSTER,
});

const someTechnicalAsset = new TechnicalAsset(model, 'Some Technical Asset', {
    trustBoundary: someTrustBoundary,
    description: 'Some Description',
    type: TechnicalAssetType.PROCESS,
    usage: Usage.BUSINESS,
    humanUse: false,
    size: Size.COMPONENT,
    technology: Technology.WEB_SERVICE_REST,
    internet: false,
    machine: Machine.VIRTUAL,
    encryption: Encryption.NONE,
    owner: 'Some Owner',
    ciaTriad: new CIATriad({
        confidentiality: Confidentiality.CONFIDENTIAL,
        integrity: Integrity.CRITICAL,
        availability: Availability.CRITICAL,
    }),
    multiTenant: false,
    redundant: true,
});

someTechnicalAsset.processes(someData);

const someOtherTechnicalAsset = new TechnicalAsset(model, 'Some Other Technical Asset', {
    description: 'Some Description',
    type: TechnicalAssetType.PROCESS,
    usage: Usage.BUSINESS,
    humanUse: false,
    size: Size.COMPONENT,
    technology: Technology.WEB_SERVICE_REST,
    tags: ['some-tag', 'some-other-tag'],
    internet: false,
    machine: Machine.VIRTUAL,
    encryption: Encryption.NONE,
    owner: 'Some Owner',
    ciaTriad: new CIATriad({
        confidentiality: Confidentiality.CONFIDENTIAL,
        integrity: Integrity.IMPORTANT,
        availability: Availability.IMPORTANT,
    }),
    multiTenant: false,
    redundant: true,
});

someOtherTechnicalAsset.processes(someData);

const someTraffic = someTechnicalAsset.communicatesWith('Some Traffic', someOtherTechnicalAsset, {
    description: 'Some Description',
    protocol: Protocol.HTTPS,
    authentication: Authentication.NONE,
    authorization: Authorization.NONE,
    vpn: false,
    ipFiltered: false,
    readonly: false,
    usage: Usage.BUSINESS,
});

someTraffic.sends(someData);

const someSharedRuntime = new SharedRuntime(model, "Some Shared Runtime", {
    description: "Some Description",
});

someSharedRuntime.runs(someTechnicalAsset, someOtherTechnicalAsset);

project.synth();
```

### High level constructs (cdktg/plus*)

```typescript
import { ApplicationLoadBalancer, Cloud } from "cdktg/plus-aws";

// ...

const alb = new ApplicationLoadBalancer(model, "ALB", {
    waf: true,
    ciaTriad: new CIATriad({
        availability: Availability.CRITICAL,
        integrity: Integrity.IMPORTANT,
        confidentiality: Confidentiality.CONFIDENTIAL,
    }),
});

const cloud = new Cloud(model, "AWS-Cloud");

cloud.addTechnicalAssets(alb);

// ...
```

### cdktg CLI commands:

A running thragile rest api server is required for the CLI. The URL can be passed by parameter `url` or environment variable `CDKTG_THREAGILE_BASE_URL`.

The examples can be used with the [threagile playground](https://run.threagile.io/)

```sh
cdktg [command]

Commands:
  cdktg init              create a new cdk-threagile project
  cdktg synth <filename>  synthesize the models
  cdktg ping              ping the api
  cdktg check             check the models
  cdktg analyze           analyze the models
  cdktg completion        generate completion script

Options:
  --help     Show help                               [boolean]
  --version  Show version number                     [boolean]
```

### Analyze outputs:

```sh
dist
└── ModelStub
    ├── data-asset-diagram.png
    ├── data-flow-diagram.png
    ├── report.pdf
    ├── risks.json
    ├── risks.xlsx
    ├── stats.json
    ├── tags.xlsx
    ├── technical-assets.json
    └── threagile.yaml
```

## Examples

See more complete [examples](https://github.com/hupe1980/cdk-threagile-examples).

## License

[MIT](LICENSE)



            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/hupe1980/cdk-threagile.git",
    "name": "cdktg",
    "maintainer": "",
    "docs_url": null,
    "requires_python": "~=3.7",
    "maintainer_email": "",
    "keywords": "",
    "author": "hupe1980",
    "author_email": "",
    "download_url": "https://files.pythonhosted.org/packages/bb/86/9e2f2a4832652f9228c16ea8a9f3271b8238b743060975ef0ac54536d1eb/cdktg-0.0.39.tar.gz",
    "platform": null,
    "description": "# cdk-threagile (cdktg)\n\n![Build](https://github.com/hupe1980/cdk-threagile/workflows/build/badge.svg)\n![Release](https://github.com/hupe1980/cdk-threagile/workflows/release/badge.svg)\n\n> Agile Threat Modeling as Code\n\nCDK Constructs for [threagile](https://threagile.io/)\n\n## Installation\n\nTypeScript/JavaScript:\n\n```bash\nnpm i cdktg\n```\n\nPython:\n\n```bash\npip install cdktg\n```\n\n## How to use\n\nInitialize a project:\n\n```bash\nmkdir threagile\ncd threagile\ncdktg init\n```\n\n### Threat Model written in typescript:\n\n```typescript\n// threagile.ts\n\nconst project = new Project();\n\nconst model = new Model(project, 'Model Stub', {\n    title: 'Model Stub',\n    version: '1.0.0',\n    date: '2020-03-31',\n    author: new Author({\n        name: 'John Doe',\n    }),\n    businessCriticality: BusinessCriticality.IMPORTANT,\n});\n\nconst someData = new DataAsset(model, 'Some Data Asset', {\n    description: 'Some Description',\n    usage: Usage.BUSINESS,\n    origin: 'Some Origin',\n    owner: 'Some Owner',\n    quantity: Quantity.MANY,\n    ciaTriad: new CIATriad({\n        confidentiality: Confidentiality.CONFIDENTIAL,\n        integrity: Integrity.CRITICAL,\n        availability: Availability.OPERATIONAL,\n    }),\n});\n\nconst someTrustBoundary = new TrustBoundary(model, 'Some Trust Boundary', {\n    description: 'Some Description',\n    type: TrustBoundaryType.NETWORK_DEDICATED_HOSTER,\n});\n\nconst someTechnicalAsset = new TechnicalAsset(model, 'Some Technical Asset', {\n    trustBoundary: someTrustBoundary,\n    description: 'Some Description',\n    type: TechnicalAssetType.PROCESS,\n    usage: Usage.BUSINESS,\n    humanUse: false,\n    size: Size.COMPONENT,\n    technology: Technology.WEB_SERVICE_REST,\n    internet: false,\n    machine: Machine.VIRTUAL,\n    encryption: Encryption.NONE,\n    owner: 'Some Owner',\n    ciaTriad: new CIATriad({\n        confidentiality: Confidentiality.CONFIDENTIAL,\n        integrity: Integrity.CRITICAL,\n        availability: Availability.CRITICAL,\n    }),\n    multiTenant: false,\n    redundant: true,\n});\n\nsomeTechnicalAsset.processes(someData);\n\nconst someOtherTechnicalAsset = new TechnicalAsset(model, 'Some Other Technical Asset', {\n    description: 'Some Description',\n    type: TechnicalAssetType.PROCESS,\n    usage: Usage.BUSINESS,\n    humanUse: false,\n    size: Size.COMPONENT,\n    technology: Technology.WEB_SERVICE_REST,\n    tags: ['some-tag', 'some-other-tag'],\n    internet: false,\n    machine: Machine.VIRTUAL,\n    encryption: Encryption.NONE,\n    owner: 'Some Owner',\n    ciaTriad: new CIATriad({\n        confidentiality: Confidentiality.CONFIDENTIAL,\n        integrity: Integrity.IMPORTANT,\n        availability: Availability.IMPORTANT,\n    }),\n    multiTenant: false,\n    redundant: true,\n});\n\nsomeOtherTechnicalAsset.processes(someData);\n\nconst someTraffic = someTechnicalAsset.communicatesWith('Some Traffic', someOtherTechnicalAsset, {\n    description: 'Some Description',\n    protocol: Protocol.HTTPS,\n    authentication: Authentication.NONE,\n    authorization: Authorization.NONE,\n    vpn: false,\n    ipFiltered: false,\n    readonly: false,\n    usage: Usage.BUSINESS,\n});\n\nsomeTraffic.sends(someData);\n\nconst someSharedRuntime = new SharedRuntime(model, \"Some Shared Runtime\", {\n    description: \"Some Description\",\n});\n\nsomeSharedRuntime.runs(someTechnicalAsset, someOtherTechnicalAsset);\n\nproject.synth();\n```\n\n### High level constructs (cdktg/plus*)\n\n```typescript\nimport { ApplicationLoadBalancer, Cloud } from \"cdktg/plus-aws\";\n\n// ...\n\nconst alb = new ApplicationLoadBalancer(model, \"ALB\", {\n    waf: true,\n    ciaTriad: new CIATriad({\n        availability: Availability.CRITICAL,\n        integrity: Integrity.IMPORTANT,\n        confidentiality: Confidentiality.CONFIDENTIAL,\n    }),\n});\n\nconst cloud = new Cloud(model, \"AWS-Cloud\");\n\ncloud.addTechnicalAssets(alb);\n\n// ...\n```\n\n### cdktg CLI commands:\n\nA running thragile rest api server is required for the CLI. The URL can be passed by parameter `url` or environment variable `CDKTG_THREAGILE_BASE_URL`.\n\nThe examples can be used with the [threagile playground](https://run.threagile.io/)\n\n```sh\ncdktg [command]\n\nCommands:\n  cdktg init              create a new cdk-threagile project\n  cdktg synth <filename>  synthesize the models\n  cdktg ping              ping the api\n  cdktg check             check the models\n  cdktg analyze           analyze the models\n  cdktg completion        generate completion script\n\nOptions:\n  --help     Show help                               [boolean]\n  --version  Show version number                     [boolean]\n```\n\n### Analyze outputs:\n\n```sh\ndist\n\u2514\u2500\u2500 ModelStub\n    \u251c\u2500\u2500 data-asset-diagram.png\n    \u251c\u2500\u2500 data-flow-diagram.png\n    \u251c\u2500\u2500 report.pdf\n    \u251c\u2500\u2500 risks.json\n    \u251c\u2500\u2500 risks.xlsx\n    \u251c\u2500\u2500 stats.json\n    \u251c\u2500\u2500 tags.xlsx\n    \u251c\u2500\u2500 technical-assets.json\n    \u2514\u2500\u2500 threagile.yaml\n```\n\n## Examples\n\nSee more complete [examples](https://github.com/hupe1980/cdk-threagile-examples).\n\n## License\n\n[MIT](LICENSE)\n\n\n",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "Agile Threat Modeling as Code",
    "version": "0.0.39",
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "md5": "9f286e8c77813faa9ec71e4d39489bae",
                "sha256": "6610a179b36582b46b911caef7fb6ea51aa53edf8842005bda0341d7e8649527"
            },
            "downloads": -1,
            "filename": "cdktg-0.0.39-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "9f286e8c77813faa9ec71e4d39489bae",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": "~=3.7",
            "size": 1318957,
            "upload_time": "2022-06-30T05:54:08",
            "upload_time_iso_8601": "2022-06-30T05:54:08.639509Z",
            "url": "https://files.pythonhosted.org/packages/72/a2/0dc76b0e20a387f59492499d8696ed00e7f97c1b9da88e9e86a5faf2f23e/cdktg-0.0.39-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "md5": "d9921408ecdfc35d84405115fbf36a86",
                "sha256": "27c1c1c5a103a7dffbd9cfe90a0b0c7368d98d5a7685157b17efa9aa44a76cee"
            },
            "downloads": -1,
            "filename": "cdktg-0.0.39.tar.gz",
            "has_sig": false,
            "md5_digest": "d9921408ecdfc35d84405115fbf36a86",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": "~=3.7",
            "size": 1320176,
            "upload_time": "2022-06-30T05:54:10",
            "upload_time_iso_8601": "2022-06-30T05:54:10.610881Z",
            "url": "https://files.pythonhosted.org/packages/bb/86/9e2f2a4832652f9228c16ea8a9f3271b8238b743060975ef0ac54536d1eb/cdktg-0.0.39.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2022-06-30 05:54:10",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "github_user": "hupe1980",
    "github_project": "cdk-threagile.git",
    "lcname": "cdktg"
}
        
Elapsed time: 0.54345s