idea open to discussion: CDK for building and maintaining big threat models

Threagile / threagile

Agile Threat Modeling Toolkit

https://threagile.io

MIT License

623 stars 128 forks source link

Open klahnen opened 2 years ago

klahnen commented 2 years ago

The YAML file can grow very fast when while you add more details to your threat model.

It will be great to:

Add an import feature for having complementary YAML files that can be added to the main YAML file. YAML by default does not support imports.

hupe1980 commented 2 years ago

I had also thought of CDK and gave it a shot:

fuzolan commented 2 years ago

Both would be nice. At first sight, the work of @hupe1980 looks good!

ezavgorodniy commented 3 weeks ago

In 2023 it was implemented by @joreiche to be able to include other yamls. So for example one of threat model which I build looks like

includes:
  - common.yaml
  - data-assets.yaml
  - technical-assets.yaml
  - boundaries.yaml
  - risk-tracking.yaml

And inside this yaml files I have usual threagile yaml definitions.

Current implementation is based on merging fields and one file may unpredictably overwrite other file though.