Skip to content
threatcl

threatcl

threat modelling configuration language with hcl
Go to the docs Go to the source

Getting started

Install threatcl

  1. Install with homebrew:

    Terminal window
    brew install threatcl/repo/threatcl

  2. Or, install with go:

    Terminal window
    go install github.com/threatcl/threatcl/cmd/threatcl@latest

  3. Or, run with docker:

    Terminal window
    docker run --rm -it ghcr.io/threatcl/threatcl

  4. Or, integrate with GitHub Actions:

    github.com/threatcl/threatcl-action Learn more here

Document your threat model

tower-of-london.hcl
threatmodel "Tower of London" {
  description = "A historic castle"
  author = "@xntrik"


  attributes {
    new_initiative = "true"
    internet_facing = "true"
    initiative_size = "Small"
  }


  information_asset "crown jewels" {
    description = "including the imperial state crown"
    information_classification = "Confidential"
  }


  usecase {
    description = "The Queen can fetch the crown"
  }


  threat {
    description = "Someone who isn't the Queen steals the crown"
    impacts = ["Confidentiality"]


    expanded_control "Guards" {
      description = "Trained guards patrol tower"
      risk_reduction = 75
    }
  }
}

Validate your threat model

Terminal window
threatcl validate tower-of-london.hcl

Learn more

Learn more about the threatcl spec here, and how to start building threat models with threatcl