OWASP / threat-dragon

An open source threat modeling tool from OWASP
https://owasp.org/www-project-threat-dragon/
Apache License 2.0
931 stars 251 forks source link

Resize Diagram or Export to PNG #385

Open RockRunner007 opened 2 years ago

RockRunner007 commented 2 years ago

Describe what problem your feature request solves I don't currently have a way to share a large threat model with non-git stakeholders.

Describe the solution you'd like As a Cloud Security Engineer, I would like the ability to export a threat model outside of threat dragon so that I can share a diagram with stakeholders that are not currently using threat dragon.

Additional context MVP - Desktop version could use a resize function Long term - Exports options for different formats

lreading commented 2 years ago

Hey @RockRunner007

Thanks for opening the issue! Version 2 is currently in development and has implemented the zoom feature. Exporting to PNG/JPEG/SVG is on the roadmap for v2, but may not be in the initial 2.0 release. There are improvements in the "report" area, though I can't say for certain if really large models will scale well. This can be printed or exported to PDF (via print dialogue), which includes the diagrams.

Would the ability to zoom (pan/scroll as well, of course) and/or the report suit your needs, or are there other use-cases you have for the image format?

I'm really interested to know if the scaling is working well with large models in v2. Would you be willing test one of your larger models using the latest from main?

Install pnpm: npm i -g pnpm Use node 16 From the td.vue directory: pnpm i then pnpm run electron:serve You can use the "local session" open, "Import a Threat Model via JSON" You will be presented with an upgrade notification screen, and after that you can navigate to the report directly. Clicking print then selecting save to PDF from the print dialogue will create the report.

V2 is still under development, so not all features are complete. The above suggestion will not modify any files on disk. :smile:

RockRunner007 commented 2 years ago

Hey @lreading

Thanks for the quick response!

Deep Dive: For me personally, the workaround was to use "Toggle Developer Tools" and manually modify the px of the working area so that I could snag a screenshot on my MacBook Pro. The screenshot was imported into a draw.io template that can be shared with leadership and spoken about during a presentation with upper management. For git users, they are accessing the json output via gitlab and modifying mid-sprint.

Context: https://www.linkedin.com/pulse/threat-modeling-dragon-gitlab-steven-carlson/

Proposed Fix(s): a. The ability to zoom or expand the working div "tmt-diagram-container" would help me in the short term. I can try to do some testing over the weekend. b. V2 of 2.0 would be more ideal as I will be importing the output into templates for sharing outside of my team.

lreading commented 2 years ago

Thanks so much for sharing that context! It's helpful for us to understand how people are using it in different organizations.

I think the best solution would be to get the export working. Even with zoom implemented, that's a few extra steps to zoom, take a screenshot, then paste somewhere else. :smile:

No promises on if we can get it implemented in the 2.0 release, but understanding that use-case really helps prioritize these things. We're excited for any and all feedback on how v2 is coming along!

Thanks again!

RockRunner007 commented 2 years ago

If you are publishing a "test" release anywhere, let me know and I am more than happy to put some of my larger STRIDE threat models to the test.

lreading commented 2 years ago

We haven't published a desktop release yet, but the web version is updated off of the main branch at https://www.threatdragon.com/

When using the local session option, it is a 1:1 with the desktop version. The only reason I don't typically recommend that for testing is because it's sitting on a server in the cloud, and many orgs are careful about where they put their threat models. The local session version should not be transferring any data off of the web client. :smile:

jauharbal commented 2 years ago

Looking for the export option and the download was not working for me on the MacBook

jgadsden commented 2 years ago

Agreed @jauharbal , this feature is still in progress and is in the Open state. Are you interested in coding for this? If you want a release version then you can check out : https://github.com/OWASP/threat-dragon/releases

xeruf commented 7 months ago

Would still love this too, also a pure SVG/HTML export for embedding online.