jgadsden
commented
2 years ago Hello @micheelengronne Good suggestions. We are now actively developing for Threat Dragon version 2.0, and it is intended to have an API for the threat dragon server. We thought about this for version 1.x but version 1.6.x is the last of this sequence, and we are moving all our effort away from version 1.x and on to version 2.0
V2 development branch is here: https://github.com/OWASP/threat-dragon/tree/v2-development and our API intentions are here: https://github.com/OWASP/threat-dragon/issues/88
Did you want to start specifying the API? Much of it may reuse what exists in td.server, possibly
github-actions[bot]
Describe what problem your feature request solves
Currently, Threat Dragon is hard to automate in a CI pipeline and is not well integrated with the code. many manual operations are necessary to use it.
Describe the solution you'd like
I would like to be able to extract a Threat-dragon diagram from code (like threatspec does) and automatically check if the threats are mitigated by analysing the results from tests (via a junit importer for instance).
Bonus: I would be very happy if Threat-dragon is also integrated with kroki.io to modelize threats from already existing diagrams (Vega, UML,...) in order to use tools like EoP more efficiently.