ThreatCL Cloud Overview

What is ThreatCL Cloud?

ThreatCL Cloud is a SaaS platform for collaborative threat modeling. It extends the local threatcl CLI experience by providing a centralized, multi-user environment where teams can share, manage, and collaborate on threat models together.

While the standard threatcl CLI works entirely with local HCL files, ThreatCL Cloud adds:

• Centralized storage — threat models are stored in the cloud and accessible by your team
• Collaboration — multiple team members can work on threat models within the same organization
• Versioning — track changes to threat models over time
• Threat & control libraries — shared libraries of threats and controls that can be referenced across models
• Search — search across all threat models in your organization

Organizations and Roles

ThreatCL Cloud is organized around organizations. Each organization has members with one of the following roles:

• Owner — full administrative control over the organization
• Admin — can manage members and threat models
• Member — can create and edit threat models
• Viewer — read-only access to threat models

Backend Block

To link a local HCL threat model file to ThreatCL Cloud, add a backend block to your threatmodel block:

backend "threatcl-cloud" {
  organization = "acme"
  threatmodel = "my-app"
}

threatmodel "My Application" {
  description = "My application threat model"
  author = "@me"

  threat "Data Breach" {
    description = "Unauthorized access to sensitive data"
    impacts = ["Confidentiality"]
  }
}

The backend "threatcl-cloud" block is placed outside (before) the threatmodel block. It signals to the CLI that this file is intended for use with ThreatCL Cloud. Commands like cloud push and cloud validate check for this block.

Environment Variables

The following environment variables can be used to configure ThreatCL Cloud commands:

• THREATCL_API_URL — the ThreatCL Cloud API endpoint URL
• THREATCL_API_TOKEN — an API token for authentication (alternative to device flow login)
• THREATCL_CLOUD_ORG — the default organization ID to use for cloud commands

These environment variables can be used instead of (or in addition to) flags and stored tokens. See Authentication for the full token resolution priority.

Quick Start

The typical flow for getting started with ThreatCL Cloud is:

1. Log in

terminal

$ threatcl cloud login

This initiates a device flow authentication. Follow the prompts to authenticate in your browser. See Authentication for details.

2. Create a threat model

You can create a threat model directly from the CLI:

terminal

$ threatcl cloud create -name "My Application" -description "My app threat model"

Or, use cloud push to validate and upload a local HCL file in one step.

3. Push a local file

terminal

$ threatcl cloud push my-threatmodel.hcl

The push command validates your HCL file for cloud compatibility, creates the threat model in the cloud if it doesn’t exist, and uploads the HCL content. See Managing Threat Models for the full range of commands.

Further Reading

• Authentication & Tokens — login, logout, token management
• Managing Threat Models — create, upload, push, validate, and view
• Searching Threat Models — search threats and controls across your org
• Threat & Control Libraries — import, export, and manage shared libraries