search

mike-goodwin / owasp-threat-dragon-core

OWASP Threat Dragon core files
Apache License 2.0
11 stars 16 forks source link

Command line sync utility linking TD file to Jira Epic #118

Closed jcoupal closed 4 years ago

jcoupal commented 4 years ago

My company built a utility that helps us out a lot with Threat Modeling - we have a 2-way sync utility that pushes open (non-mitigated) vulnerabilities into a a named Jira Epic as a simpler way to build backlog for our dev team. Once closed in Jira, the items get marked as closed in TD.

threat-mvp-master.zip

jgadsden commented 4 years ago

Many thanks for this @jcoupal - and very good to see this tool presented to the open source community. I have had a quick look at the attached files and ITX has done a lot of impressive work on this.

I am working on a CLI for Threat Dragon mike-goodwin/owasp-threat-dragon-desktop#138 so this could be invoked using the CLI, I am not sure yet

@mike-goodwin this python-based tool syncs Threat Dragon files into named Epics in a Jira environment. It is probably a utility to provide alongside TD, rather than integrating into TD ... having said that it would be great to have JIRA integration within TD

If it is alongside TD then we may want to create a separate repo for it? to be discussed

jgadsden commented 4 years ago

It would be good to give credit to ITX for providing this, so @jcoupal would it be OK if we listed ITX as a contributor on the OWASP project page: https://owasp.org/www-project-threat-dragon/

jcoupal commented 4 years ago

Yes, that would be great! We can be found at www.itx.com and I can provide a logo if you like.

jgadsden commented 4 years ago

Yes, sure - if you would like to attach a logo then I can add this to the pages. Thanks again!

I am moving this issue to the core repo, as it is applicable to both desktop and web versions - I had not appreciated this when I suggested the desktop repo

jcoupal commented 4 years ago

itx logo

Sure, here it is.

jgadsden commented 4 years ago

Many thanks @jcoupal for the logo. Will update the OWASP project page when we wrok out where in the repo the utility should be stored. We are having discussions as to where your utility should sit in the repo structure ... it may have its own repo under a Threat Dragon github organisation, or may go into a utility directory in this repo. Not sure which one ...

jgadsden commented 4 years ago

Migrated to new issue in the OWASP area repo : https://github.com/OWASP/threat-dragon-core/issues/17