►
Description
Threagile is the open-source toolkit for #Agile #ThreatModeling which allows to model an architecture with its assets in an agile declarative fashion as a YAML file directly inside the IDE or any YAML editor.
Upon execution of the Threagile toolkit a set of risk-rules execute security checks against the architecture model and create a report with potential risks and mitigation advice. Also nice-looking data-flow diagrams are automatically created as well as other output formats (Excel and JSON).
The risk tracking can also happen inside the Threagile YAML model file, so that the current state of risk mitigation is reported as well.
Threagile can either be run via the command-line (also a Docker container is available) or started as a REST-Server.
For more information and a live playground visit https://threagile.io
A
A
So
you
go
just
to
docker
hub
and
search
for
fragile,
and
then
you
can
pull
that
container
image
onto
your
local
machine
and
run
it
wherever
you
like
on
prem.
That's
pretty
easy,
and
it's
just
like
running
with
docker
run,
and
I
add
minus
minus
rm
to
remove
the
container
after
it
was
executed
and
make
it
interactive
and
just
run
the
image.
A
And
then
you
get
a
help.
That
kind
of
help
is
basically
the
command
line
information
you
get
here
again
with
some
kind
of
links
where
you
can
find
further
information
and
with
some
settings
into
which
we
are
going
to
dive
deeper
in
the
next
few
minutes
and
some
examples
as
well
that
you
can
also
use
if
you
want
to
get
the
starting
points
running
in
order
to
not
always
use
the
docker
command.
I
just
created
a
small
wrapper
script
for
my
personal
use.
It's
shell
script.
A
You
can
do
this
on
windows
with
a
dot
cmd
file,
as
you
like,
so
I
do
have
a
fragile
shell
script
that
basically
is
executing
the
system
with
the
arguments
presented.
Basically
any
argument
and
it's
using
a
volume
in
order
to
map
my
local
folder
into
the
doc
container,
so
that
the
docker
container
of
fragile
can
work
on
that
folder.
So
that's
just
the
shortcut
that
I
do
not
have
to
type
that
during
the
next
minutes
every
time
and
we
do
have
in
threshold.
A
If
I
just
again
get
the
help,
do
you
have
some
example
to
create
a
stop
model,
so
creating
a
stop
model
is
basically
very
straightforward.
It's
creating
a
simple
file.
I
can
just
execute
that
giving
that
command
and
a
minimal
stop
model
was
created
named
threshold,
stop
model
yaml
in
the
output
directory.
A
So
if
I
now
take
a
look
at
that,
I
see
there
is
a
stop
model
that
I
can
then
in
my
ide
or
whatever
editor
you
like
to
edit
yaml
files
with.
I
can
fill
that
so
I
can
create
those
contents
like,
for
example,
some
data
assets
where
I
describe
the
data
assets
that
I'm
using
in
my
threat
model,
especially
the
confidentiality,
integrity
and
availability,
and
it
has
every
data
asset
you
can
have
multiples,
can
have
some
id
and
that
id
is
being
throughout
the
other
systems.
A
A
Also,
I
map
on
the
assets
that
are
being
processed
or
stored.
So
here
this
is
processing
one
data
asset
and
I
have
communication
links.
So
every
technical
asset
can
have
outgoing
communication
links.
I
just
have
to
define
the
target
id
a
protocol,
that's
also
from
an
enum
that
I'm
going
to
present
it's
extendable
and
also
a
little
bit
more
in
terms
of
what
data
is
sent
and
eventually
received
some
other
technical
assets.
We
see
here
in
the
stop
model,
it's
a
minimal
model.
A
Then
we
define
the
trust
boundaries,
a
trust
boundary
also,
and
we
can
have
multiple
ones
has
an
id
and
it's
a
different
type.
It
can
be
a
cloud-based
network,
security
group
or
just
some
container
platform
based
isolation
policy
or
basically,
some
classic
network
based
trust
boundary
on
execution,
environment
and
again
you
map
the
technical
assets
that
are
inside
this
trust
boundary.
A
A
That
should
be
simple
and
easy,
or
whatever
kind
of
editor
you
like
I'm
using
intellij,
but
that
really
doesn't
relate
to
that
kind
of
ide
whatever
you
like,
it
could
be
even
vi,
and
but
it
would
be
more
funny
for
the
presentation
to
have
an
example
model
and
I'm
going
to
show
you
that
as
well
so
inside
the
fragile
help.
We
saw
that
aside
from
a
stub
model,
we
can
also
create
a
not
a
minimal
stop
model,
but
a
filled
example
model.
A
That's
something
I'm
going
to
use
now,
thread
gel
and
create
the
example
model
and
an
example
model
was
created
and
that's
a
little
bit
more
filled.
So
if
you
take
a
look
at
that
in
the
ide,
we
see
some
data
assets
in
it
and
we
see
some
some
more
data
assets
here
and
we
see
some
more
technical
asset.
A
We
have
a
navigation
in
the
ide
here,
that's
pretty
pretty
nice,
so
we
can
just
go
to
the
apache
web
server
and
we
see
the
rating
and
the
data
that's
being
processed
and
stuff
like
that,
and
we
have
some
trust
boundaries
here
as
well.
So
we
can
see
it's
a
little
more
of
a
filled
model
and
we
can
just
use
this
kind
of
model
to
create
some
nice
results
by
executing
threshold
on
that.
A
So
it's
basically
fragile
and
then
just
I'm
giving
it
the
model
argument
and
that's
inside
the
container
app
work
fragile
example
model
dot,
yaml
and
output
is
app
work
and
I
make
it
for
both
that
way.
It
works
on
my
local
file
on
the
local
file
system
in
the
folder
here,
and
it
generates
a
few
things.
So
how
does
the
docker
container
do
that?
It's
simply
by
the
mapping
of
the
volume
so
that
inside
the
docker
container
of
fragile
app
work
is
the
folder
which
is
actually
the
current
folder
here.
A
A
So
we
see,
for
example,
a
data
flow
diagram
that
has
been
automatically
laid
out
and
the
colors
are
basically
due
to
the
different
data
flows
and
different
risk
ratings
in
terms
of
sensitivity
of
the
data
and
also
in
terms
of
the
places
where
custom
code
is
developed
or
not
whether
it's
on
the
internet
or
not
or
out
of
scope
or
not.
So
that's
a
little
bit
of
a
scheme
behind
that
layout
and
it
has
been
automatically
generated.
A
Also,
we
do
have
a
pdf
report
that
has
been
generated.
That's
a
little
bit
long
because
it's
in
terms
of
reading
density,
giving
two
different
entries
for
viewing
the
risks
that
have
been
identified
according
to
the
risk
rules
and
also
some
kind
of
documentation
character.
So
it's
a
little
bit
of
lengthier
and
we
do
have
in
that
kind
of
report.
A
That,
basically,
is
the
other
view
of
the
same
data
and
we
have
a
data
loss
probability
that
has
also
been
generated
by
each
data
asset
and
a
little
bit
more
of
documentation.
So
basically
some
management
summary.
As
expected,
you
can
even
customize
that
with
some
custom
text
and
some
distribution
diagrams
and
an
impact
analysis
of
the
risks,
83
risks
initially
identified
in
27
categories
of
that
example,
file,
including
some
individual
risk,
a
critical
one.
A
So
even
custom
risks
can
be
added
to
that
kind
of
scheme
and
you
can
click
on
any
of
those
to
get
to
more
details,
but
more
on
that
later,
and
we
do
have
a
risk
mitigation
where
we
see
a
distribution
of
the
initial
identified
risks
and
the
remaining
ones.
So,
basically,
some
have
been
mitigated.
Some
have
been
in
progress
or
many
here
are
unchecked,
which
is
not
good
and
the
impact
analysis
of
the
remaining
ones.
A
So
after
that
kind
of
presented
mitigation,
that
is
also
maintainable
inside
the
yaml
file,
also,
we
do
have
some
kind
of
embedding
of
the
diagrams
and
a
little
bit
of
more
documentation
stuff
not
going
into
details
here.
We've
got
a
stride
distribution
so
that
you
see
those
risks.
Even
here
it's
clickable
to
go
to
the
details.
A
Accordingly,
the
spoofing
tampering
and
to
the
other
categories
like
repudiation
information,
disclosure,
denial
of
service
and
elevation
of
privilege
within
stride,
again
different
views,
same
data,
you
have
an
assignment
by
function,
so
that
gives
who
is
most
probably
are
responsible
for
mitigating
the
risk,
business
side,
architecture,
side,
development,
side
or
operation
side
again
clickable
and
an
analysis
of
the
relative
attacker
attractiveness.
That's
something
I'm
not
going
to
cover
in
that
short
video
here.
A
That
includes
a
description,
the
impact,
a
detection
logic
and
what
could
be
false,
positives
and
the
mitigation,
and
that
mitigation
includes
links
directly
to
the
o,
wasp
cheat
sheet
and
the
o
wasp
asvs
chapter,
so
that
things
can
be
read
up
from
there
as
well,
and
every
risk
here
is
rated
according
to
individual
rules
and
also
has
some
description
here.
This
was
identified
one
time
again.
An
xml
risk
was
identified
one
time
here
and
we
do
have
some
crosstalk
scripting
risks
that
potential
cross-scripting
risks
that
have
been
identified
four
times.
A
A
So,
let's
go
into
the
risks
by
technical
asset,
for
example,
we
can
go
to
the
back
office
erp
system,
it
has
14
remaining
out
of
18
risks.
Click
on
that,
and
here
we
see
the
risks
being
here:
rated
high
risk,
elevated
medium
and,
for
example,
the
xml
risk
is
here
and
matching
at
this
back
office,
erp
system
or
some
untrusted
deserialization
vulnerability
or
some
medium
risks
here,
like
crosshatch
scripting
across
a
request,
forgery
or
unencrypted
communications
and
stuff
like
that
and
a
little
bit
of
documentation,
that's
just
basically
for
the
documentation.
A
Folks,
you
can
click
on
any
of
those
risks.
So,
for
example,
we
can
click
on,
let's
say
here:
the
s
csrf
risk
and
then
we've
got
crosshat
requests,
foundry
explained
and
where
it
matched
seven
times
where
it's
matching.
So
we
have
those
seven
times
here
as
well
and
finally,
we
do
have
some
kind
of
data
loss
probabilities
here,
that's
also
calculated.
Everything
is
red
because
we
didn't
mitigate
too
many
risks
yet
and,
for
example,
the
customer
accounts
are
read
due
to
39
unmitigated
risks
still
out
of
57
identified.
A
I
can
click
on
that
and
I
see
where
it's
processed,
on
which
technical
assets
where
it's
sent
or
received,
via
which
connection
links-
and
here
I
see
its
data
losses
probable
due
to
zooming
in
having
39
remaining
risks.
Those
are
the
remaining
ones
and
each
one
has
a
probable
or
possible
or
improbable
style
of
that's
the
risk
id
here,
a
style
of
weather.
That
kind
of
risk
is
risking
that
you
lose
data,
so
some
injection
obviously
might
definitely
have
some
risk
of
losing
data.
Crossover,
scripting
possible
depends
on
encrypted
communication.
A
Also
possible
needs
to
be
a
network-based
attack
happening,
and
some
other
ones
is
just
more
improbable.
So
I
can
click
on
any
of
those
and,
let's
say
missing
cloud
hardening
click,
and
then
I've
got
some
missing
cloud
hardening
information
here.
So
it's
very
easy
to
navigate
throughout
these
kinds
of
structures.
A
That's,
basically,
the
the
whole
detail
set
of
the
identified
risks.
But
where
do
those
risks
come
from
that?
You
have
seen
in
the
pdf
for
in
the
excel
file
in
the
json
file?
So
basically,
there
are
risk
rules
inside
fragile,
a
built-in
list
of
ever-growing
30-40-ish
something
risk
rules
that
are
working
on
the
parsed
graph
of
the
yaml
file
and
have
some
inherent
rules
accordingly,
due
to
the
types
of
technology
that
have
been
chosen
or
the
types
of
protocol
and
the
different
other
settings,
you
provided
declaratively
in
the
thread
model
yaml
file.
A
So,
for
example,
we
have
a
path
traversal
rule
here,
so
it's
threaders
written
in
golong,
the
go
language
very
simple,
very
easy
to
write.
Here
we
have
the
metadata
of
the
path
traversal
rule,
so
we
have
a
path,
traversal
risk.
I
can
show
you,
let's
take
a
look
inside
this
one
here:
path:
traversal,
risk,
a
description
impacts,
a
little
bit
more
mitigation,
stuff
links
to
the
cheat
sheet
and
links
to
the
asvs
chapter,
and
this
was
risk
was
identified
one
time,
some
file,
server
access
and
that's
basically,
the
detection
logic
inside
that
method.
Here.
A
A
It's
then
checking
if
incoming
flows
are
basically
matching
the
risk
rule
and
if
it
does,
then
it's
a
risk
that
has
been
generated
here
with
some
likelihood
and
some
impact
and
some
text
for
the
risk
details
and
a
an
id
that
has
been
generated
here.
So
that's
pretty
simple
and
more
simple
rule.
We
have
another
one,
a
little
bit
more
complex.
For
example,
unguarded
direct
data
store
access,
that's
the
one
here,
a
little
bit
more
complex
more
on
the
protocol
side
and
checking
things
and
trust,
boundary
crossings
and
stuff
like
that.
A
So
it's
a
little
bit
of
graph
navigation
stuff,
but
basically
it's
pretty
simple
and
of
course
you
can
also
create
your
own
custom
risk
rules,
there's
an
interface
for
that.
So
it's
a
little
bit
of
golang
programming.
It's
very
simple!
You
can
compile
that
and
then
you
can
give
that
to
your
local
fragile
execution
with
the
command
switch
for
custom
risk
rules.
A
So
you
have
a
mapping
where
you
can
have
custom
risk
rule
plugins
the
shared
object
files
generated
from
the
golang
compilation
of
the
risk
rules,
and
then
these
are
being
worked
on
on
the
model
file
as
well,
so
that
allows
that
big
corporations
can
code
or
customize
those
risk
rules
and
code,
their
own
risk
rules
if
they
want
to
and
have
that
way
in
the
whole
landscape
of
the
the
corporation.
Those
risk
rules
applied
everywhere
where
threads
runs.
So
you
can
have
your
own
corporate
policies
as
code
in
that
way.
A
That
is
then
applied
on
the
decorative
yaml
file
modeled
as
the
thread
model
input.
So
how
about
editing
those
thread
model
yaml
files
in
your
ide?
They
that's
pretty
awesome
and
pretty
straightforward,
because
every
ide
supports
yaml
files,
even
in
vi.
You
can
easily
edit
a
yaml
file
or
it
can
be
generated
by
some
other
kind
of
service,
whatever
you
like,
and
we
do
even
have
some
nice
editing
support
inside
fragile.
So
here
there
is
a
create
editing,
support
flag
which,
when
I
just
add,
I'm
getting
two
files
generated
schema.json
and
live
templates.
A
That's
just
a
static
file
not
depending
on
any
model.
It's
just
the
way
you
generate
these
files
and
you
can
import
those
files
in
your
ide.
So,
for
example,
the
schema
json
we
can
use
and
that's
the
yaml
schema.
That's
basically
giving
us
auto
completion
and
all
those
things
for
the
ide
I've
imported
it
already
here
and
then
I
can
in
any
model.
I
can
click
here
on
the
fragile
schema
and
then
I
do
have
a
schema,
validation
and
auto
completion.
A
So,
for
example,
let's
take
a
this
jenkins,
build
server
here
as
an
example
and
make
a
technology
build
pipeline,
and
I
have
a
typo
here,
double
p,
then,
basically,
it's
flagged
here
as
invalid.
So
that's
not
a
valid
one,
and
here
even
I
do
have
in
my
ide
a
validation
error
and
I
can
even
have
auto
completion.
So
I
can
just
hit
the
control
space
and
then
I
can
do
whatever
and
select
whatever
kind
of
technology
or
type
it
a
little
bit.
And
then
I
do
have
it
and
now
it's
valid
again:
that's
pretty
nice.
A
Also,
we
do
have
some
kind
of
live,
editing
support.
So
when
you
take
the
other
file,
it's
just
a
text
file
that
has
been
generated
and
you
can
import
that
as
well.
It's
live
templates
txt
in
your
ide,
just
a
one
one
time
effort,
including
for
the
most
prominent
ides
some
links
of
how
you
can
do
that,
and
then
you
can
edit
those
templates
for
the
base
model
and
also
for
data
assets,
technical
assets
and
all
these
communication
links
stuff
so
that
you
can
even
do
some
zen
style
coding,
so
fragile
base
model
enter
bam.
A
I've
got
the
base
model,
some
title
tap
some
name
top
and
you
can
jump
through
all
these,
and
here
I
can
have
a
business
criticality
entered
or
whatever
data
assets.
I'm
skipping
a
few
things.
Data
assets
and
then
I
can
here
have
the
data
assets
live,
editing,
support
click,
some
data,
abc
tab,
data,
abc
tab
usage.
A
Then
I
can
use
control
space
to
have
the
editing
support
here.
Let's
say
that's
business,
and
even
if
the
confidentiality
is
confidential
and
all
these
things,
our
technical
asset
task
asset
enter,
and
I
can
give
it
a
name.
Some
tesh
asset,
abc
asset,
abc
tab
and
type,
is
its
process.
You
such
as
business
used
by
human,
is
false,
so
you
see
it
autocompletes
and
taps
through
that,
and
I
can
even
have
your
technology.
Let's
say
it's
a
web
server
or
web
service
rest
web
servers.
It's
not
sitting
on
the
internet.
A
So
it's
not
the
client
it's
exposed
on
the
internet,
but
not
sitting
on
the
internet.
Machine
is
a
container
and
encryption
is
with
symmetra
key
and
unfortunately
not
with
end
user
identity,
and
I
can
have
some
ratings
here
confidential
and
important
and
operational,
and
it's
multi-tenant
and
not
redundant
and
it
contains
custom
developed
parts.
So
that
way
I
can
easily
get
a
simple
way
to
create
those
things,
including
communication
links.
So
I
can
have
a
comp
link
here,
com
link
and
to
abc,
and
then
I
have
the
target
id
the
protocol
and
all
these
things.
A
A
Well,
we
even
have
some
kind
of
model
macros
which
are
codified
again
in
golang,
codified,
phase
of
to
have
an
interactive
wizard
style
question
back
and
forth
with
the
user
in
order
to
seed
a
model
or
to
modify
an
existing
model
in
a
certain
way,
adding
things.
So
when
you
do
have
certain
elements
in
your
corporation
that
are
often
modeled
in
a
more
or
less
same
style,
then
you
can
have
that
codified
in
a
thread
model
macro
a
model
macro,
that's
working
on
the
model
like
a
macro
modifying
it
with
an
interactive,
wizard
style
approach.
A
So
I
can,
for
example,
execute
that
at
build
pipeline
model
here
to
execute,
with
the
execute
model
macro
at
build
pipeline
flag
to
add
the
build
pipeline
to
this
model.
We
are
working
on
and
we
do
have
a
few
questions,
whether
it's
basically
it's
about
naming
things
and
a
little
bit
about
how
the
build
pipeline
is
being
deployed
and
it's
a
state
machine.
That's
coded
inside
the
model
macro,
so
each
model
macro
can
have
a
dynamic
set
of
questions,
and
here
the
default
I'm
accepting
git
and
jenkins.
A
Basically,
the
names
of
those
build
pipeline
elements:
the
artifact
registry,
whether
we're
using
a
code
inspection
platform.
Yes,
are
we
using
containerization
technology?
Yes,
it's
docker
kubernetes
as
occupational
orchestration
runtime
or
can
use
open
shifter.
It's
just
a
name
and
build
pipeline
composed
components
exposed
to
the
internet.
No,
are
they
used
by
multiple
tenants?
Yes
are
those
encrypted?
No,
and
here
I
can
select
on
which
technical
assets
existing
in
the
model.
These
deployments
are
being
deployed
on
so
everything
that's
built
with
that
build
pipeline.
A
Let's
say
it
deploys
some
front-end
stuff
to
the
apache
web
server.
You
see
the
start
has
been
selected
also
it
deploys
something
to
the
erp
system
and
it
deploys
something
to
the
marketing
c,
ms,
let's
say
number
10
and
then
we're
through
zero,
and
then
we
can
even
answer
the
trust.
Boundary
question.
So
are
those
inside
a
custom
trust
boundary?
Yes,
and
should
a
new
one
be
generated?
Yes,
what
type
is
it?
It's?
A
Let's
say,
network
virtual
line,
so
it's
number
three
and
is
it
a
push
or
pull
based
deployment
pool
based,
would
be
github's
style,
pulling
things
and
pushing
things
with
the
classic
style?
Where
you
have
a
connection
to
push
the
deployment
artifact,
so
it's
let's
say
the
classic
one
and
basically
what
was
the
owner?
It's
company
xyz?
Whoever
is
owning
that,
and
here
we
see
what
will
be
applied.
A
That
was
the
dry
run,
so
these
things
will
be
applied
to
the
model,
adding
technical
assets,
adding
trust
boundaries,
adding
communication
links-
and
I
say
yes,
I
want
to
execute
that
and
the
model
file
has
been
modified.
So
here
I
see
the
updated
version.
A
backup
version,
of
course
has
been
created
as
well.
If
I
want
to
switch
back-
and
I
see
that
I
do
have
more
elements
here
inside
the
model-
and
if
I
now
execute
that
kind
of
stuff,
I
would
see
new
risks
being
generated.
A
A
I
didn't
apply
the
verbose
flag,
so
I
didn't
see
any
details,
and
here
I
see
a
new
data
flow
diagram
has
been
generated,
so
it
looks
a
little
bit
more
complicated
because
the
build
pipeline
things
have
been
added,
including
technical
assets
and
data
assets,
like
code
that's
flowing,
and
we
have
the
deployment
paths
being
added
here
and
of
course
the
risks
are
also
reflecting
that.
So,
for
example,
we
do
have
a
few
more
risks,
including
those
of
the
build
pipeline
components
and
also
eventually,
depending
on
the
architecture.
A
We
have
something
like
push
versus
pull
deployments
or
something
like
that.
So
that's
that's
a
way
to
edit
a
model
file
interactively
so,
for
example,
x.
Accidental
secret
leak.
Here,
that's
a
good
one,
so
a
build
pipeline
can
leak
secrets
and
git
or
docker
or
nexus
registries.
If
we
do
not
have
the
proper
counter
measures
in
place,
like
git
secrets,
telus
model,
other
kind
of
things
that
we
can
use
to
avoid
checking
secrets,
and
so
it's
a
new
risk.
A
That's
coming
from
the
fact
that
we
just
added
a
build
pipeline,
which
we
did
just
using
a
model
macro
and
you
can
create
your
own
model,
macros
of,
of
course,
as
well
inside
fragile.
So
that's
something
that
you
can
code.
If
you
want
definitely
as
well,
custom
risks
can
be
added
inside
the
model
yaml
file
as
well.
So
we
do
have
an
individual
risk
category,
where
you
can
name
custom
risk
categories
and
give
the
meter
information
for
the
report.
A
So
basically,
what's
that
that
risk
having
for
an
impact
and
how
it
should
be
mitigated
and
links
to
the
cheat
sheets.
And
if
you
have
something
like
that-
and
you
can
also
have
instances
that
you
doing
a
manual
analysis.
So
of
course,
when
you
identify
risks
in
the
threat
model
workshop,
they
should
be
added
here
as
well
risks
that
can
be
identified
by
a
tool,
but
it's
processed
in
the
same
style.
So
you
can
give
that
risk
a
name
and
you
can
even
map
onto
which
kind
of
technical
assets
this
risk
is
applying.
A
A
So
here
I
see
unique
risk
ids
that
are
also
inside
the
excel,
and
I
can
just
use
these
copy
that
and
then
paste
it
here
as
an
entry
in
the
risk
tracking,
and
then
I
can
give
it
a
status
of
whether
it's
accepted
mitigated
unchecked
in
discussion,
whatever
kind
of
status
you
want
to
assign
here
from
those
and
a
justification
text.
Eventually,
you
can
reference
if
you
like,
optionally,
a
ticket
like
a
buck
tracker
ticket
or
whatever.
A
This
is
being
handled
a
date
when
this
was
checked
and
checked
by
whom
the
name-
and
this
is
being
then
generated
again
inside
the
with
the
status
and
here
matching
accordingly
inside
the
axle
and
also
the
report
is
updated.
That
way,
if
you
regenerate,
so
you
see
the
bar
chart
here
and
the
pie
charts
here,
reflecting
that,
and
you
see
the
impact
analysis
of
the
remaining
risks.
So
that's
basically
those
that
are
not
yet
mitigated
compared
to
the
initial
ones.
A
This
should
be
better,
obviously,
and
you
can
even
have
wild
cards,
so
you
can
add
wildcards
if
you
have
a
certain
set,
like
unencrypted
asset,
a
certain
set
of
risks
that
you
do
not
want
on
block
being
visible
or
being
shown
inside
the
model
as
open,
because
you
mitigated
them
or
you
accepted
them
or
whatever.
Then
you
can
have
a
wildcard,
that's
being
used
between
those
ad
characters.
A
So
you
can
use
the
white
card
thing
to
have
a
batching
of
a
group
of
risks
that
you
want
to
mitigate
or
want
to
assign
a
certain
status
to.
If
you
want
to
do
that,
and
you
even
have
a
model
macro
that
is
able
to,
if
you
execute
that
seat,
you
with
all
those
risk
tracking
entries
of
all
the
risks
that
have
been
identified
and
threadrile
also
has
a
server
mode.
A
If
you
want
to
execute
it
not
directly
on
the
command
line
but
as
a
rest
server
with
an
api,
you
can
have
the
server
attribute,
with
a
port
number
added,
fragile
server
running
and
then
on
that
port
that
you
defined
you've
got
a
web
page
that
describes
the
model,
stop
and
the
example
files.
You
can
download
the
editing
support
and
you
can
just
upload
a
yaml
file
and
get
a
zip
file
to
download.
Then
that
gives
you
the
results.
A
So
in
the
api
you
can
have
that
direct
analysis
as
well,
and
you
can
even
that's
for
the
1.1
version,
the
extension
in
the
api
that
you
can
use
that
it's
being
in
development,
currently
that
the
server
side
also
has
a
way
to
store
encrypted
those
model
files.
You
can
then
edit.
Those
model
files
using
the
api
listing
data
assets,
adding
data
assets,
adding
technical
assets,
changing
things,
and
you
can
then
directly
get
the
results
from
the
api
as
well,
and
you
can
import
yaml
files
or
export
that
thing
as
a
yaml
file
as
well.
A
And
then
you
get
the
results
as
a
json
file
or
json
files
that
you
can
process,
and
that
way
you
can
even
get
some
more
information
and
can
automatically
decide
what
to
do
next
in
the
build
pipeline.
So
it's
fully
working
inside
of
def
ops
as
or
devsecops
workflows.
So
putting
thread
modeling
into
devops
as
well,
and
I
really
encourage
you
to
use
the
docker
container
and
execute
it
run
it
play
with
it.