Threatcl GraphQL Example Queries
Basic Queries
1. Get Statistics
Get a quick overview of all threat models:
query GetStats { stats { totalThreatModels totalThreats totalInformationAssets totalControls implementedControls averageRiskReduction }}2. List All Threat Models
Get a simple list of all threat model names and authors:
query ListThreatModels { threatModels { name author description }}3. Get a Specific Threat Model
Retrieve details for a single threat model by name:
query GetTowerOfLondon { threatModel(name: "Tower of London") { name author description link sourceFile createdAt updatedAt }}Filtering Queries
4. Internet-Facing Threat Models
Find all threat models that are internet-facing:
query InternetFacingModels { threatModels(filter: { internetFacing: true }) { name author attributes { internetFacing initiativeSize } }}5. New Initiatives
Find all threat models marked as new initiatives:
query NewInitiatives { threatModels(filter: { newInitiative: true }) { name author attributes { newInitiative initiativeSize } }}6. Large Initiatives
Find all large-sized initiatives:
query LargeInitiatives { threatModels(filter: { initiativeSize: "Large" }) { name author attributes { initiativeSize } }}7. Threats by STRIDE Category
Find all threats categorized as “Spoofing”:
query SpoofingThreats { threats(filter: { stride: ["Spoofing"] }) { description stride impacts threatModel { name } }}8. Threats by Impact
Find threats that impact confidentiality:
query ConfidentialityThreats { threats(filter: { impacts: ["Confidentiality"] }) { description impacts stride threatModel { name } }}9. Confidential Information Assets
Find all assets classified as confidential:
query ConfidentialAssets { informationAssets(classification: "Confidential") { name description informationClassification threatModel { name } }}Detailed Queries
10. Threat Model with All Details
Get complete information about a threat model:
query CompleteThreatModel { threatModel(name: "Tower of London") { name author description link sourceFile
attributes { newInitiative internetFacing initiativeSize }
informationAssets { name description informationClassification }
threats { description impacts stride controls { name description implemented implementationNotes riskReduction } }
useCases { description }
exclusions { description }
thirdPartyDependencies { name description saas payingCustomer openSource infrastructure uptimeDependency uptimeNotes } }}11. All Threats with Controls
Get all threats and their associated controls:
query AllThreatsWithControls { threatModels { name threats { description impacts stride controls { name description implemented riskReduction } } }}12. Threat Models with Data Flow Diagrams
Find threat models that have DFDs:
query ModelsWithDFDs { threatModels { name author dataFlowDiagrams { name processes { name trustZone } dataStores { name trustZone informationAsset } externalElements { name trustZone } flows { name from to } trustZones { name } } }}Analysis Queries
13. Security Control Coverage
Analyze which threat models have the most controls:
query ControlCoverage { threatModels { name author threats { description controls { name implemented } } }}14. Implementation Status
Find threats with unimplemented controls:
query UnimplementedControls { threatModels { name threats { description controls { name implemented riskReduction } } }}Note: You’ll need to filter client-side for implemented: false.
15. Risk Reduction Analysis
Analyze risk reduction across all controls:
query RiskReductionAnalysis { threatModels { name threats { description controls { name implemented riskReduction } } }
stats { totalControls implementedControls averageRiskReduction }}16. Third-Party Dependency Audit
Find all third-party dependencies and their criticality:
query ThirdPartyAudit { threatModels { name thirdPartyDependencies { name description saas openSource uptimeDependency infrastructure } }}Multiple Queries in One Request
17. Dashboard Data
Get all data needed for a dashboard in one query:
query Dashboard { statistics: stats { totalThreatModels totalThreats totalInformationAssets totalControls implementedControls averageRiskReduction }
recentModels: threatModels { name author updatedAt attributes { internetFacing initiativeSize } }
criticalAssets: informationAssets(classification: "Confidential") { name threatModel { name } }
allThreats: threats { description stride threatModel { name } }}18. Security Posture Report
Generate a comprehensive security posture report:
query SecurityPostureReport { stats { totalThreatModels totalThreats totalControls implementedControls averageRiskReduction }
internetFacing: threatModels(filter: { internetFacing: true }) { name threats { description impacts controls { implemented } } }
confidentialData: informationAssets(classification: "Confidential") { name description threatModel { name } }}Advanced Queries
19. Using Query Variables
Define reusable queries with variables:
query GetModelByName($modelName: String!) { threatModel(name: $modelName) { name author description threats { description impacts } }}Variables:
{ "modelName": "Tower of London"}20. Fragments for Reusable Fields
Use fragments to avoid repeating field selections:
fragment ThreatDetails on Threat { description impacts stride controls { name implemented riskReduction }}
query ModelsWithThreatDetails { threatModels { name author threats { ...ThreatDetails } }
specificModel: threatModel(name: "Tower of London") { name threats { ...ThreatDetails } }}Client-Side Filtering Examples
While the API provides server-side filtering, sometimes you need client-side filtering. Here are some examples using JavaScript:
21. Find Threats Without Implemented Controls
const query = ` query { threatModels { name threats { description controls { name implemented } } } }`;
// Filter client-sideconst threatsWithoutControls = data.threatModels.flatMap(tm => tm.threats.filter(threat => threat.controls.every(control => !control.implemented) ).map(threat => ({ model: tm.name, threat: threat.description })));22. Calculate Control Implementation Rate
const query = ` query { threatModels { name threats { controls { implemented } } } }`;
// Calculate implementation rate per modelconst implementationRates = data.threatModels.map(tm => { const allControls = tm.threats.flatMap(t => t.controls); const implemented = allControls.filter(c => c.implemented).length; return { model: tm.name, rate: (implemented / allControls.length * 100).toFixed(1) };});Tips
-
Use the Playground: The GraphQL Playground at
http://localhost:8080provides autocomplete, documentation, and query validation. -
Introspection: You can query the schema itself to discover available types and fields:
query {__schema {types {namefields {name}}}} -
Aliases: Use aliases to fetch the same field with different arguments:
query {small: threatModels(filter: { initiativeSize: "Small" }) { name }large: threatModels(filter: { initiativeSize: "Large" }) { name }} -
Comments: GraphQL supports comments with
#:query {# Get all internet-facing modelsthreatModels(filter: { internetFacing: true }) {name}}