Skip to content

threatcl

threat modelling configuration language with hcl

Getting started

Install threatcl

  1. Install with homebrew:

    Terminal window
    brew install threatcl/repo/threatcl
  2. Or, install with go:

    Terminal window
    go install github.com/threatcl/threatcl/cmd/threatcl@latest
  3. Or, run with docker:

    Terminal window
    docker run --rm -it ghcr.io/threatcl/threatcl
  4. Or, integrate with GitHub Actions:

Document your threat model

tower-of-london.hcl
threatmodel "Tower of London" {
description = "A historic castle"
author = "@xntrik"
attributes {
new_initiative = "true"
internet_facing = "true"
initiative_size = "Small"
}
information_asset "crown jewels" {
description = "including the imperial state crown"
information_classification = "Confidential"
}
usecase {
description = "The Queen can fetch the crown"
}
threat {
description = "Someone who isn't the Queen steals the crown"
impacts = ["Confidentiality"]
expanded_control "Guards" {
description = "Trained guards patrol tower"
risk_reduction = 75
}
}
}

Validate your threat model

Terminal window
threatcl validate tower-of-london.hcl

Learn more

Learn more about the threatcl spec here, and how to start building threat models with threatcl