diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..72a089b
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,67 @@
+# This is a comment.
+# Each line is a file pattern followed by one or more owners.
+
+# These owners will be the default owners for everything in
+# the repo. Unless a later match takes precedence,
+# @vanHeemstraSystems/global-owners will be requested for
+# review when someone opens a pull request.
+* @vanHeemstraSystems/global-owners
+
+# Order is important; the last matching pattern takes the most
+# precedence. When someone opens a pull request that only
+# modifies JS files, only @vanHeemstraSystems/js-owners and not the global
+# owner(s) will be requested for a review.
+*.js @vanHeemstraSystems/js-owners #This is an inline comment.
+
+# You can also use email addresses if you prefer. They'll be
+# used to look up users just like we do for commit author
+# emails.
+*.go docs@example.com
+
+# Teams can be specified as code owners as well. Teams should
+# be identified in the format @org/team-name. Teams must have
+# explicit write access to the repository. In this example,
+# the vanHeemstraSystems team in the vanHeemstraSystems organization owns all .txt files.
+*.txt @vanHeemstraSystems/vanHeemstraSystems
+
+# In this example, @vanHeemstraSystems/log-owners own any files in the build/logs
+# directory at the root of the repository and any of its
+# subdirectories.
+/build/logs/ @vanHeemstraSystems/log-owners
+
+# The `docs/*` pattern will match files like
+# `docs/getting-started.md` but not further nested files like
+# `docs/build-app/troubleshooting.md`.
+docs/* docs@vanheemstrasystems.com
+
+# In this example, @vanHeemstraSystems owns any file in an apps directory
+# anywhere in your repository.
+apps/ @vanHeemstraSystems
+
+# In this example, @vanHeemstraSystems/docs-owners owns any file in the `/docs`
+# directory in the root of your repository and any of its
+# subdirectories.
+/docs/ @vanHeemstraSystems/docs-owners
+
+# In this example, any change inside the `/scripts` directory
+# will require approval from @vanHeemstraSystems/docs-owners or @vanHeemstraSystems.
+/scripts/ @vanHeemstraSystems/docs-owners @vanHeemstraSystems
+
+# In this example, @vanHeemstraSystems owns any file in a `/logs` directory such as
+# `/build/logs`, `/scripts/logs`, and `/deeply/nested/logs`. Any changes
+# in a `/logs` directory will require approval from @vanHeemstraSystems.
+**/logs @vanHeemstraSystems
+
+# In this example, @vanHeemstraSystems owns any file in the `/apps`
+# directory in the root of your repository except for the `/apps/github`
+# subdirectory, as its owners are left empty. Without an owner, changes
+# to `apps/github` can be made with the approval of any user who has
+# write access to the repository.
+/apps/ @vanHeemstraSystems
+/apps/github
+
+# In this example, @vanHeemstraSystems owns any file in the `/apps`
+# directory in the root of your repository except for the `/apps/github`
+# subdirectory, as this subdirectory has its own owner @vanHeemstraSystems/docs-owners
+/apps/ @vanHeemstraSystems
+/apps/github @vanHeemstraSystems/docs-owners
diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000..8c6428b
--- /dev/null
+++ b/.github/CODE_OF_CONDUCT.md
@@ -0,0 +1,79 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+ address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+ professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at [safety@vanheemstrasystems.com][email]. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available [here][version].
+
+## Adoption
+
+This Code of Conduct was first adopted December 15th, 2021.
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/
+[email]: mailto:wvanheemstra@icloud.com
diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
new file mode 100644
index 0000000..c15a101
--- /dev/null
+++ b/.github/CONTRIBUTING.md
@@ -0,0 +1 @@
+all commit messages must follow [Semantic Commit Messages](https://gist.github.com/wvanheemstra/376206ed6fcadadbd451a1e277151cb9) or they will not trigger a release.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
new file mode 100644
index 0000000..1c3f619
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,27 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: 'Bug'
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
new file mode 100644
index 0000000..bbcbbe7
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml
new file mode 100644
index 0000000..78db6ff
--- /dev/null
+++ b/.github/workflows/documentation.yml
@@ -0,0 +1,36 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Translate DOCUMENTATION
+
+on:
+ push:
+ branches:
+ - main
+ - master
+
+jobs:
+ translate:
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ language:
+ - { code: zh-CN, name: Chinese Simplified }
+ - { code: zh-TW, name: Chinese Traditional }
+ - { code: hi, name: Hindi }
+ - { code: ar, name: Arabic }
+ - { code: fr, name: French }
+ - { code: en, name: English }
+ - { code: de, name: German }
+ - { code: nl, name: Dutch }
+ - { code: es, name: Spanish }
+
+ steps:
+ - uses: actions/checkout@v4
+ - name: Setup Node.js
+ uses: actions/setup-node@v4
+ with:
+ node-version: 20.x # Updated to a more recent LTS version
+
+ - name: Adding DOCUMENTATION - ${{ matrix.language.name }}
+ uses: vanHeemstraSystems/translate-documentation@main
+ with:
+ LANG: ${{ matrix.language.code }}
diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml
new file mode 100644
index 0000000..c2abfc4
--- /dev/null
+++ b/.github/workflows/readme.yml
@@ -0,0 +1,50 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Translate README
+
+on:
+ push:
+ branches:
+ - main
+ - master
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: Setup Node.js
+ uses: actions/setup-node@v1
+ with:
+ node-version: 12.x
+ # ISO Language Codes: https://cloud.google.com/translate/docs/languages
+ - name: Adding README - Chinese Simplified
+ uses: dephraiim/translate-readme@main
+ with:
+ LANG: zh-CN
+ - name: Adding README - Chinese Traditional
+ uses: dephraiim/translate-readme@main
+ with:
+ LANG: zh-TW
+ - name: Adding README - Hindi
+ uses: dephraiim/translate-readme@main
+ with:
+ LANG: hi
+ - name: Adding README - Arabic
+ uses: dephraiim/translate-readme@main
+ with:
+ LANG: ar
+ - name: Adding README - French
+ uses: dephraiim/translate-readme@main
+ with:
+ LANG: fr
+ - name: Adding README - German
+ uses: dephraiim/translate-readme@main
+ with:
+ LANG: de
+ - name: Adding README - Dutch
+ uses: dephraiim/translate-readme@main
+ with:
+ LANG: nl
+ - name: Adding README - Spanish
+ uses: dephraiim/translate-readme@main
+ with:
+ LANG: es
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..a9b7dc7
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,156 @@
+
+# Created by https://www.toptal.com/developers/gitignore/api/python,jupyternotebooks
+# Edit at https://www.toptal.com/developers/gitignore?templates=python,jupyternotebooks
+
+### JupyterNotebooks ###
+# gitignore template for Jupyter Notebooks
+# website: http://jupyter.org/
+
+.ipynb_checkpoints
+*/.ipynb_checkpoints/*
+
+# IPython
+profile_default/
+ipython_config.py
+
+# Remove previous ipynb_checkpoints
+# git rm -r .ipynb_checkpoints/
+
+### Python ###
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+# Usually these files are written by a python script from a template
+# before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+
+# IPython
+
+# pyenv
+# For a library or package, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+# However, in case of collaboration, if having platform-specific dependencies or dependencies
+# having no cross-platform support, pipenv may install dependencies that don't work, or not
+# install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# End of https://www.toptal.com/developers/gitignore/api/python,jupyternotebooks
diff --git a/.gitpod.yml b/.gitpod.yml
new file mode 100644
index 0000000..dc5f4a4
--- /dev/null
+++ b/.gitpod.yml
@@ -0,0 +1,4 @@
+
+vscode:
+ extensions:
+ - ms-vscode.makefile-tools
diff --git a/.readthedocs.yaml b/.readthedocs.yaml
new file mode 100644
index 0000000..9138a7f
--- /dev/null
+++ b/.readthedocs.yaml
@@ -0,0 +1,13 @@
+version: "2"
+
+build:
+ os: "ubuntu-22.04"
+ tools:
+ python: "3.10"
+
+python:
+ install:
+ - requirements: docs/requirements.txt
+
+sphinx:
+ configuration: docs/source/conf.py
diff --git a/.threagile/live-templates.txt b/.threagile/live-templates.txt
new file mode 100644
index 0000000..61c0c2c
--- /dev/null
+++ b/.threagile/live-templates.txt
@@ -0,0 +1,265 @@
+Nice live templates for your IDE:
+
+For IntelliJ IDE see for example: https://blog.jetbrains.com/webstorm/2018/01/using-and-creating-code-snippets/
+Other IDEs like Eclipse, Visual Studio and YAML-supporting text editors like Atom and Sublime have similar template features.
+
+
+
+====================================================
+Live template for a model base:
+====================================================
+
+threagile_version: 1.0.0
+
+title: $title$
+
+date:
+
+author:
+ name: $name$
+ homepage:
+
+
+management_summary_comment:
+
+business_criticality: $business_criticality$
+
+
+business_overview:
+ description: Some more demo text here and even images...
+ images:
+# - custom-image-1.png: Some dummy image 1
+# - custom-image-2.png: Some dummy image 2
+
+
+technical_overview:
+ description: Some more demo text here and even images...
+ images:
+# - custom-image-1.png: Some dummy image 1
+# - custom-image-2.png: Some dummy image 2
+
+
+questions: # simply use "" as answer to signal "unanswered"
+# Some question without an answer?: ""
+# Some question with an answer?: Some answer
+
+
+abuse_cases:
+ Denial-of-Service: >
+ As a hacker I want to disturb the functionality of the backend system in order to cause indirect
+ financial damage via unusable features.
+ CPU-Cycle Theft: >
+ As a hacker I want to steal CPU cycles in order to transform them into money via installed crypto currency miners.
+ Ransomware: >
+ As a hacker I want to encrypt the storage and file systems in order to demand ransom.
+ Identity Theft: >
+ As a hacker I want to steal identity data in order to reuse credentials and/or keys on other targets of the same company or outside.
+ PII Theft: >
+ As a hacker I want to steal PII (Personally Identifiable Information) data in order to blackmail the company and/or damage
+ their repudiation by publishing the stolen data.
+
+
+security_requirements:
+ Input Validation: Strict input validation is required to reduce the overall attack surface.
+ EU-GDPR: Mandatory EU-GDPR
+
+
+# Tags can be used for anything, it's just a tag. Also risk rules can act based on tags if you like.
+tags_available:
+
+
+data_assets:
+
+$END$
+
+
+technical_assets:
+
+
+trust_boundaries:
+
+
+shared_runtimes:
+
+
+individual_risk_categories:
+
+
+# NOTE:
+# For risk tracking each risk-id needs to be defined (the string with the @ sign in it). These unique risk IDs
+# are visible in the PDF report (the small grey string under each risk), the Excel (column "ID"), as well as the JSON responses.
+# Some risk IDs have only one @ sign in them, while others multiple. The idea is to allow for unique but still speaking IDs.
+# Therefore each risk instance creates its individual ID by taking all affected elements causing the risk to be within an @-delimited part.
+# Using wildcards (the * sign) for parts delimited by @ signs allows to handle groups of certain risks at once. Best is to lookup the IDs
+# to use in the created Excel file. Alternatively a model macro "seed-risk-tracking" is available that helps in initially
+# seeding the risk tracking part here based on already identified and not yet handled risks.
+risk_tracking:
+
+
+
+
+
+====================================================
+Live template for a data asset:
+====================================================
+
+ $DataAssetName$:
+ id: $id$
+ description: $END$
+ usage: $usage$
+ tags:
+ origin:
+ owner:
+ quantity: $quantity$
+ confidentiality: $confidentiality$
+ integrity: $integrity$
+ availability: $availability$
+ justification_cia_rating:
+
+
+
+
+
+====================================================
+Live template for a technical asset:
+====================================================
+
+ $TechnicalAssetName$:
+ id: $id$
+ description: $END$
+ type: $type$
+ usage: $usage$
+ used_as_client_by_human: $used_as_client_by_human$
+ out_of_scope: false
+ justification_out_of_scope:
+ size: $size$
+ technology: $technology$
+ tags: $tags$
+ internet: $internet$
+ machine: $machine$
+ encryption: $encryption$
+ owner:
+ confidentiality: $confidentiality$
+ integrity: $integrity$
+ availability: $availability$
+ justification_cia_rating:
+ multi_tenant: $multi_tenant$
+ redundant: $redundant$
+ custom_developed_parts: $custom_developed_parts$
+ data_assets_processed: # sequence of IDs to reference
+ data_assets_stored: # sequence of IDs to reference
+ data_formats_accepted:
+ communication_links:
+
+
+
+
+
+====================================================
+Live template for a communication link:
+====================================================
+
+ $CommunicationLinkName$:
+ target: $target_id$
+ description: $END$
+ protocol: $protocol$
+ authentication: $authentication$
+ authorization: $authorization$
+ tags: $tags$
+ vpn: $vpn$
+ ip_filtered: $ip_filtered$
+ readonly: $readonly$
+ usage: $usage$
+ data_assets_sent: # sequence of IDs to reference
+ data_assets_received: # sequence of IDs to reference
+
+
+
+
+
+====================================================
+Live template for a trust boundary:
+====================================================
+
+ $TrustBoundaryName$:
+ id: $id$
+ description: $END$
+ type: $type$
+ tags: $tags$
+ technical_assets_inside: # sequence of IDs to reference
+ trust_boundaries_nested: # sequence of IDs to reference
+
+
+
+
+
+====================================================
+Live template for a shared runtime:
+====================================================
+
+ $SharedRuntimeName$:
+ id: $id$
+ description: $END$
+ tags: $tags$
+ technical_assets_running: # sequence of IDs to reference
+
+
+
+
+
+====================================================
+Live template for an individual risk category:
+====================================================
+
+ $IndividualRiskCategoryName$:
+ id: $id$
+ description: $END$
+ impact:
+ asvs:
+ cheat_sheet:
+ action:
+ mitigation:
+ check:
+ function: $function$
+ stride: $stride$
+ detection_logic:
+ risk_assessment:
+ false_positives:
+ model_failure_possible_reason: $model_failure_possible_reason$
+ cwe: $cwe$
+ risks_identified:
+
+
+
+
+
+====================================================
+Live template for an individual risk instance:
+====================================================
+
+ $IndividualRiskInstanceName$:
+ severity: $severity$
+ exploitation_likelihood: $exploitation_likelihood$
+ exploitation_impact: $exploitation_impact$
+ data_breach_probability: $data_breach_probability$
+ data_breach_technical_assets: # list of technical asset IDs which might have data breach
+ $END$
+ most_relevant_data_asset: $most_relevant_data_asset$
+ most_relevant_technical_asset: $most_relevant_technical_asset$
+ most_relevant_trust_boundary: $most_relevant_trust_boundary$
+ most_relevant_shared_runtime: $most_relevant_shared_runtime$
+
+
+
+
+
+====================================================
+Live template for a risk tracking:
+====================================================
+
+ $RiskID$: # wildcards "*" between the @ characters are possible
+ status: $status$
+ justification: $END$
+ ticket:
+ date:
+ checked_by:
diff --git a/.threagile/openapi.yaml b/.threagile/openapi.yaml
new file mode 100644
index 0000000..1f288b9
--- /dev/null
+++ b/.threagile/openapi.yaml
@@ -0,0 +1,321 @@
+openapi: 3.0.3
+
+info:
+ title: Threagile API
+ description: "Threagile API for Agile Threat Modeling: visit https://threagile.io for more information."
+ version: 1.0.0
+
+servers:
+ - url: /
+ description: Threagile Server
+
+tags:
+ - name: "direct"
+ description: "Direct one-shot calls for on-the-fly analyzing and checking of models"
+ - name: "meta"
+ description: "Meta infos about types and version"
+ - name: "auth"
+ description: "Auth calls for crypto key and token management"
+ - name: "models"
+ description: "Persistent model creation and handling stuff"
+
+paths:
+ /meta/ping:
+ get:
+ tags:
+ - "meta"
+ summary: Simple health check ping
+ description: Used as health check in docker container as well
+ responses:
+ '200':
+ description: Simple pong response
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: pong
+ /meta/version:
+ get:
+ tags:
+ - "meta"
+ summary: Version number
+ description: Version number
+ responses:
+ '200':
+ description: Version number
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ version:
+ type: string
+ example: 1.0.0
+ build_timestamp:
+ type: string
+ example: 20200518160456
+ /meta/types:
+ get:
+ tags:
+ - "meta"
+ summary: Listing of all enum type values
+ description: Listing of all enum type values
+ responses:
+ '200':
+ description: Listing of all enum type values (example here shows just one)
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ confidentiality:
+ type: array
+ items:
+ type: string
+ example: [public, internal, restricted, confidential, strictly-confidential]
+ /meta/stats:
+ get:
+ tags:
+ - "meta"
+ summary: Model statistics
+ description: Model statistics
+ responses:
+ '200':
+ description: Model statistics
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ key_count:
+ type: integer
+ example: 13
+ model_count:
+ type: integer
+ example: 42
+ success_count:
+ type: integer
+ example: 123
+ error_count:
+ type: integer
+ example: 0
+ /direct/stub:
+ get:
+ tags:
+ - "direct"
+ summary: Stub model file
+ description: Stub model file (as a starting point)
+ responses:
+ '200':
+ description: Stub model file
+ content:
+ application/x-yaml:
+ schema:
+ type: string
+ /direct/check:
+ post:
+ tags:
+ - "direct"
+ summary: Direct model check call
+ description: Direct model check call
+ requestBody:
+ content:
+ multipart/form-data:
+ schema:
+ type: object
+ properties:
+ file:
+ type: string
+ format: binary
+ responses:
+ '200':
+ description: Model ok response
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: model is ok
+ '400':
+ description: Model not ok response
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ type: string
+ example: "Missing referenced data asset target: some-stuff"
+ /direct/analyze:
+ post:
+ tags:
+ - "direct"
+ summary: Direct model analyze call
+ description: Direct model analyze call
+ parameters:
+ - in: query
+ name: dpi
+ required: false
+ example: 120
+ schema:
+ type: integer
+ description: The DPI (resolution) to use for the diagram generation
+ requestBody:
+ content:
+ multipart/form-data:
+ schema:
+ type: object
+ properties:
+ file:
+ type: string
+ format: binary
+ responses:
+ '200':
+ description: Model analyzing result response (zipped)
+ content:
+ application/zip:
+ schema:
+ type: string
+ format: binary
+ '400':
+ description: Model not ok response
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ type: string
+ example: "Missing referenced data asset target: some-stuff"
+ /auth/keys:
+ post:
+ tags:
+ - "auth"
+ summary: Create a new auth key
+ description: Create a new auth key
+ responses:
+ '201':
+ description: Key successfully created
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ key:
+ type: string
+ example: BtM1Q7V47d4B3TrVSw1133CIyL1NUpUM2tJ92vfZMMQ
+ '500':
+ description: Error
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ type: string
+ example: unable to create key
+ delete:
+ tags:
+ - "auth"
+ summary: Delete an auth key
+ description: Delete an auth key
+ parameters:
+ - in: header
+ name: key
+ schema:
+ type: string
+ required: true
+ example: BtM1Q7V47d4B3TrVSw1133CIyL1NUpUM2tJ92vfZMMQ
+ responses:
+ '200':
+ description: Key successfully deleted
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: key deleted
+ '404':
+ description: Error
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ type: string
+ example: key not found
+ /auth/tokens:
+ post:
+ tags:
+ - "auth"
+ summary: Create a new (time limited) token from an auth key
+ description: Create a new (time limited) token from an auth key
+ parameters:
+ - in: header
+ name: key
+ schema:
+ type: string
+ required: true
+ example: BtM1Q7V47d4B3TrVSw1133CIyL1NUpUM2tJ92vfZMMQ
+ responses:
+ '201':
+ description: Token successfully created
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ token:
+ type: string
+ example: QrlcoMOtjy_h38T2N6JjrWpb4Kodg3Y7NnLN2yiDb69
+ '500':
+ description: Error
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ type: string
+ example: unable to create token
+ delete:
+ tags:
+ - "auth"
+ summary: Delete a token
+ description: Delete a token
+ parameters:
+ - in: header
+ name: token
+ schema:
+ type: string
+ required: true
+ example: QrlcoMOtjy_h38T2N6JjrWpb4Kodg3Y7NnLN2yiDb69
+ responses:
+ '200':
+ description: Token successfully deleted
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ type: string
+ example: token deleted
+ '404':
+ description: Error
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ type: string
+ example: token not found
diff --git a/.threagile/schema.json b/.threagile/schema.json
new file mode 100644
index 0000000..a028d78
--- /dev/null
+++ b/.threagile/schema.json
@@ -0,0 +1,1244 @@
+{
+ "$schema": "https://threagile.io/schema#",
+ "id": "https://threagile.io/schema.json",
+ "title": "Threagile",
+ "description": "Agile Threat Modeling",
+ "type": "object",
+ "properties": {
+ "threagile_version": {
+ "description": "Version of the Threagile toolkit",
+ "type": "string"
+ },
+ "title": {
+ "description": "Title of the model",
+ "type": "string"
+ },
+ "date": {
+ "description": "Date of the model",
+ "type": [
+ "string",
+ "null"
+ ],
+ "format": "date"
+ },
+ "author": {
+ "description": "Author of the model",
+ "type": "object",
+ "properties": {
+ "name": {
+ "description": "Author name",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "contact": {
+ "description": "Author contact info",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "homepage": {
+ "description": "Author homepage",
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "required": [
+ "name"
+ ]
+ },
+ "contributors": {
+ "description": "Contributors to the model",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true,
+ "items": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "description": "Contributor name",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "contact": {
+ "description": "Contributor contact info",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "homepage": {
+ "description": "Contributor homepage",
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "required": [
+ "name"
+ ]
+ }
+ },
+ "management_summary_comment": {
+ "description": "Individual management summary for the report",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "business_criticality": {
+ "description": "Business criticality of the target",
+ "type": "string",
+ "enum": [
+ "archive",
+ "operational",
+ "important",
+ "critical",
+ "mission-critical"
+ ]
+ },
+ "application_description": {
+ "description": "General description of the application, its purpose and functionality.",
+ "type": "object",
+ "properties": {
+ "description": {
+ "description": "Application description for the report",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "images": {
+ "description": "Application images for the report",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true
+ }
+ }
+ },
+ "business_overview": {
+ "description": "Individual business overview for the report",
+ "type": "object",
+ "properties": {
+ "description": {
+ "description": "Individual business overview for the report",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "images": {
+ "description": "Custom images for the report",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true
+ }
+ }
+ },
+ "technical_overview": {
+ "description": "Individual technical overview for the report",
+ "type": "object",
+ "properties": {
+ "description": {
+ "description": "Individual technical overview for the report",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "images": {
+ "description": "Custom images for the report",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true
+ }
+ }
+ },
+ "questions": {
+ "description": "Custom questions for the report",
+ "type": [
+ "object",
+ "null"
+ ],
+ "uniqueItems": true
+ },
+ "abuse_cases": {
+ "description": "Custom abuse cases for the report",
+ "type": [
+ "object",
+ "null"
+ ],
+ "uniqueItems": true
+ },
+ "security_requirements": {
+ "description": "Custom security requirements for the report",
+ "type": [
+ "object",
+ "null"
+ ],
+ "uniqueItems": true
+ },
+ "tags_available": {
+ "description": "Tags available",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true,
+ "items": {
+ "type": "string"
+ }
+ },
+ "data_assets": {
+ "description": "Data assets",
+ "type": "object",
+ "uniqueItems": true,
+ "additionalProperties": {
+ "type": "object",
+ "properties": {
+ "id": {
+ "description": "ID",
+ "type": "string"
+ },
+ "description": {
+ "description": "Description",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "usage": {
+ "description": "Usage",
+ "type": "string",
+ "enum": [
+ "business",
+ "devops"
+ ]
+ },
+ "tags": {
+ "description": "Tags",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true,
+ "items": {
+ "type": "string"
+ }
+ },
+ "origin": {
+ "description": "Origin",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "owner": {
+ "description": "Owner",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "quantity": {
+ "description": "Quantity",
+ "type": "string",
+ "enum": [
+ "very-few",
+ "few",
+ "many",
+ "very-many"
+ ]
+ },
+ "confidentiality": {
+ "description": "Confidentiality",
+ "type": "string",
+ "enum": [
+ "public",
+ "internal",
+ "restricted",
+ "confidential",
+ "strictly-confidential"
+ ]
+ },
+ "integrity": {
+ "description": "Integrity",
+ "type": "string",
+ "enum": [
+ "archive",
+ "operational",
+ "important",
+ "critical",
+ "mission-critical"
+ ]
+ },
+ "availability": {
+ "description": "Availability",
+ "type": "string",
+ "enum": [
+ "archive",
+ "operational",
+ "important",
+ "critical",
+ "mission-critical"
+ ]
+ },
+ "justification_cia_rating": {
+ "description": "Justification of the rating",
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "required": [
+ "id",
+ "description",
+ "usage",
+ "quantity",
+ "confidentiality",
+ "integrity",
+ "availability"
+ ]
+ }
+ },
+ "technical_assets": {
+ "description": "Technical assets",
+ "type": "object",
+ "uniqueItems": true,
+ "additionalProperties": {
+ "type": "object",
+ "properties": {
+ "id": {
+ "description": "ID",
+ "type": "string"
+ },
+ "description": {
+ "description": "Description",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "description": "Type",
+ "type": "string",
+ "enum": [
+ "external-entity",
+ "process",
+ "datastore"
+ ]
+ },
+ "usage": {
+ "description": "Usage",
+ "type": "string",
+ "enum": [
+ "business",
+ "devops"
+ ]
+ },
+ "used_as_client_by_human": {
+ "description": "Used as client by human",
+ "type": "boolean"
+ },
+ "out_of_scope": {
+ "description": "Out of scope",
+ "type": "boolean"
+ },
+ "justification_out_of_scope": {
+ "description": "Justification of out of scope",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "size": {
+ "description": "Size",
+ "type": "string",
+ "enum": [
+ "system",
+ "service",
+ "application",
+ "component"
+ ]
+ },
+ "technology": {
+ "description": "Technology",
+ "type": "string",
+ "enum": [
+ "unknown-technology",
+ "client-system",
+ "browser",
+ "desktop",
+ "mobile-app",
+ "devops-client",
+ "web-server",
+ "web-application",
+ "application-server",
+ "database",
+ "file-server",
+ "local-file-system",
+ "erp",
+ "cms",
+ "web-service-rest",
+ "web-service-soap",
+ "ejb",
+ "search-index",
+ "search-engine",
+ "service-registry",
+ "reverse-proxy",
+ "load-balancer",
+ "build-pipeline",
+ "sourcecode-repository",
+ "artifact-registry",
+ "code-inspection-platform",
+ "monitoring",
+ "ldap-server",
+ "container-platform",
+ "batch-processing",
+ "event-listener",
+ "identity-provider",
+ "identity-store-ldap",
+ "identity-store-database",
+ "tool",
+ "cli",
+ "task",
+ "function",
+ "gateway",
+ "iot-device",
+ "message-queue",
+ "stream-processing",
+ "service-mesh",
+ "data-lake",
+ "report-engine",
+ "ai",
+ "mail-server",
+ "vault",
+ "hsm",
+ "waf",
+ "ids",
+ "ips",
+ "scheduler",
+ "mainframe",
+ "block-storage",
+ "library"
+ ]
+ },
+ "tags": {
+ "description": "Tags",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true,
+ "items": {
+ "type": "string"
+ }
+ },
+ "internet": {
+ "description": "Internet",
+ "type": "boolean"
+ },
+ "machine": {
+ "description": "Machine",
+ "type": "string",
+ "enum": [
+ "physical",
+ "virtual",
+ "container",
+ "serverless"
+ ]
+ },
+ "encryption": {
+ "description": "Encryption",
+ "type": "string",
+ "enum": [
+ "none",
+ "transparent",
+ "data-with-symmetric-shared-key",
+ "data-with-asymmetric-shared-key",
+ "data-with-end-user-individual-key"
+ ]
+ },
+ "owner": {
+ "description": "Owner",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "confidentiality": {
+ "description": "Confidentiality",
+ "type": "string",
+ "enum": [
+ "public",
+ "internal",
+ "restricted",
+ "confidential",
+ "strictly-confidential"
+ ]
+ },
+ "integrity": {
+ "description": "Integrity",
+ "type": "string",
+ "enum": [
+ "archive",
+ "operational",
+ "important",
+ "critical",
+ "mission-critical"
+ ]
+ },
+ "availability": {
+ "description": "Availability",
+ "type": "string",
+ "enum": [
+ "archive",
+ "operational",
+ "important",
+ "critical",
+ "mission-critical"
+ ]
+ },
+ "justification_cia_rating": {
+ "description": "Justification of the rating",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "multi_tenant": {
+ "description": "Multi tenant",
+ "type": "boolean"
+ },
+ "redundant": {
+ "description": "Redundant",
+ "type": "boolean"
+ },
+ "custom_developed_parts": {
+ "description": "Custom developed parts",
+ "type": "boolean"
+ },
+ "data_assets_processed": {
+ "description": "Data assets processed; ; all data assets stored or sent or received via a communication link (be it as a source or a target) are implicitly also processed and do not need to be listed here.",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true,
+ "items": {
+ "type": "string"
+ }
+ },
+ "data_assets_stored": {
+ "description": "Data assets stored",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true,
+ "items": {
+ "type": "string"
+ }
+ },
+ "data_formats_accepted": {
+ "description": "Data formats accepted",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true,
+ "items": {
+ "type": "string",
+ "enum": [
+ "json",
+ "xml",
+ "serialization",
+ "file",
+ "csv",
+ "yaml"
+ ]
+ }
+ },
+ "diagram_tweak_order": {
+ "description": "diagram tweak order (affects left to right positioning)",
+ "type": "integer"
+ },
+ "communication_links": {
+ "description": "Communication links",
+ "type": [
+ "object",
+ "null"
+ ],
+ "uniqueItems": true,
+ "additionalProperties": {
+ "type": "object",
+ "properties": {
+ "target": {
+ "description": "Target",
+ "type": "string"
+ },
+ "description": {
+ "description": "Description",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "protocol": {
+ "description": "Protocol",
+ "type": "string",
+ "enum": [
+ "unknown-protocol",
+ "http",
+ "https",
+ "ws",
+ "wss",
+ "reverse-proxy-web-protocol",
+ "reverse-proxy-web-protocol-encrypted",
+ "mqtt",
+ "jdbc",
+ "jdbc-encrypted",
+ "odbc",
+ "odbc-encrypted",
+ "sql-access-protocol",
+ "sql-access-protocol-encrypted",
+ "nosql-access-protocol",
+ "nosql-access-protocol-encrypted",
+ "binary",
+ "binary-encrypted",
+ "text",
+ "text-encrypted",
+ "ssh",
+ "ssh-tunnel",
+ "smtp",
+ "smtp-encrypted",
+ "pop3",
+ "pop3-encrypted",
+ "imap",
+ "imap-encrypted",
+ "ftp",
+ "ftps",
+ "sftp",
+ "scp",
+ "ldap",
+ "ldaps",
+ "jms",
+ "nfs",
+ "smb",
+ "smb-encrypted",
+ "local-file-access",
+ "nrpe",
+ "xmpp",
+ "iiop",
+ "iiop-encrypted",
+ "jrmp",
+ "jrmp-encrypted",
+ "in-process-library-call",
+ "inter-process-communication",
+ "container-spawning"
+ ]
+ },
+ "authentication": {
+ "description": "Authentication",
+ "type": "string",
+ "enum": [
+ "none",
+ "credentials",
+ "session-id",
+ "token",
+ "client-certificate",
+ "two-factor",
+ "externalized"
+ ]
+ },
+ "authorization": {
+ "description": "Authorization",
+ "type": "string",
+ "enum": [
+ "none",
+ "technical-user",
+ "end-user-identity-propagation"
+ ]
+ },
+ "tags": {
+ "description": "Tags",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true,
+ "items": {
+ "type": "string"
+ }
+ },
+ "vpn": {
+ "description": "VPN",
+ "type": "boolean"
+ },
+ "ip_filtered": {
+ "description": "IP filtered",
+ "type": "boolean"
+ },
+ "readonly": {
+ "description": "readonly",
+ "type": "boolean"
+ },
+ "usage": {
+ "description": "Usage",
+ "type": "string",
+ "enum": [
+ "business",
+ "devops"
+ ]
+ },
+ "data_assets_sent": {
+ "description": "Data assets sent",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true,
+ "items": {
+ "type": "string"
+ }
+ },
+ "data_assets_received": {
+ "description": "Data assets received",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true,
+ "items": {
+ "type": "string"
+ }
+ },
+ "diagram_tweak_weight": {
+ "description": "diagram tweak weight",
+ "type": "integer"
+ },
+ "diagram_tweak_constraint": {
+ "description": "diagram tweak constraint",
+ "type": "boolean"
+ }
+ },
+ "required": [
+ "target",
+ "description",
+ "protocol",
+ "authentication",
+ "authorization",
+ "vpn",
+ "ip_filtered",
+ "readonly",
+ "usage"
+ ]
+ }
+ }
+ },
+ "required": [
+ "id",
+ "description",
+ "type",
+ "usage",
+ "used_as_client_by_human",
+ "out_of_scope",
+ "size",
+ "technology",
+ "internet",
+ "machine",
+ "encryption",
+ "owner",
+ "confidentiality",
+ "integrity",
+ "availability",
+ "multi_tenant",
+ "redundant",
+ "custom_developed_parts",
+ "data_assets_processed",
+ "data_assets_stored",
+ "data_formats_accepted",
+ "communication_links"
+ ]
+ }
+ },
+ "trust_boundaries": {
+ "description": "Trust boundaries",
+ "type": "object",
+ "uniqueItems": true,
+ "additionalProperties": {
+ "type": "object",
+ "properties": {
+ "id": {
+ "description": "ID",
+ "type": "string"
+ },
+ "description": {
+ "description": "Description",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "type": {
+ "description": "Type",
+ "type": "string",
+ "enum": [
+ "network-on-prem",
+ "network-dedicated-hoster",
+ "network-virtual-lan",
+ "network-cloud-provider",
+ "network-cloud-security-group",
+ "network-policy-namespace-isolation",
+ "execution-environment"
+ ]
+ },
+ "tags": {
+ "description": "Tags",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true,
+ "items": {
+ "type": "string"
+ }
+ },
+ "technical_assets_inside": {
+ "description": "Technical assets inside",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true,
+ "items": {
+ "type": "string"
+ }
+ },
+ "trust_boundaries_nested": {
+ "description": "Trust boundaries nested",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true,
+ "items": {
+ "type": "string"
+ }
+ }
+ },
+ "required": [
+ "id",
+ "description",
+ "type",
+ "technical_assets_inside",
+ "trust_boundaries_nested"
+ ]
+ }
+ },
+ "shared_runtimes": {
+ "description": "Shared runtimes",
+ "type": "object",
+ "uniqueItems": true,
+ "additionalProperties": {
+ "type": "object",
+ "properties": {
+ "id": {
+ "description": "ID",
+ "type": "string"
+ },
+ "description": {
+ "description": "Description",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "tags": {
+ "description": "Tags",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true,
+ "items": {
+ "type": "string"
+ }
+ },
+ "technical_assets_running": {
+ "description": "Technical assets running",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true,
+ "items": {
+ "type": "string"
+ }
+ }
+ },
+ "required": [
+ "id",
+ "description",
+ "technical_assets_running"
+ ]
+ }
+ },
+ "individual_risk_categories": {
+ "description": "Individual risk categories",
+ "type": [
+ "object",
+ "null"
+ ],
+ "uniqueItems": true,
+ "additionalProperties": {
+ "type": "object",
+ "properties": {
+ "id": {
+ "description": "ID",
+ "type": "string"
+ },
+ "description": {
+ "description": "Description",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "impact": {
+ "description": "Impact",
+ "type": "string"
+ },
+ "asvs": {
+ "description": "ASVS",
+ "type": "string"
+ },
+ "cheat_sheet": {
+ "description": "Cheat sheet",
+ "type": "string"
+ },
+ "action": {
+ "description": "Action",
+ "type": "string"
+ },
+ "mitigation": {
+ "description": "Mitigation",
+ "type": "string"
+ },
+ "check": {
+ "description": "Check",
+ "type": "string"
+ },
+ "function": {
+ "description": "Function",
+ "type": "string",
+ "enum": [
+ "business-side",
+ "architecture",
+ "development",
+ "operations"
+ ]
+ },
+ "stride": {
+ "description": "STRIDE",
+ "type": "string",
+ "enum": [
+ "spoofing",
+ "tampering",
+ "repudiation",
+ "information-disclosure",
+ "denial-of-service",
+ "elevation-of-privilege"
+ ]
+ },
+ "detection_logic": {
+ "description": "Detection logic",
+ "type": "string"
+ },
+ "risk_assessment": {
+ "description": "Risk assessment",
+ "type": "string"
+ },
+ "false_positives": {
+ "description": "False positives",
+ "type": "string"
+ },
+ "model_failure_possible_reason": {
+ "description": "Model failure possible reason",
+ "type": "boolean"
+ },
+ "cwe": {
+ "description": "CWE",
+ "type": "integer"
+ },
+ "risks_identified": {
+ "description": "Risks identified",
+ "type": "object",
+ "uniqueItems": true,
+ "additionalProperties": {
+ "type": "object",
+ "properties": {
+ "severity": {
+ "description": "Severity",
+ "type": "string",
+ "enum": [
+ "low",
+ "medium",
+ "elevated",
+ "high",
+ "critical"
+ ]
+ },
+ "exploitation_likelihood": {
+ "description": "Exploitation likelihood",
+ "type": "string",
+ "enum": [
+ "unlikely",
+ "likely",
+ "very-likely",
+ "frequent"
+ ]
+ },
+ "exploitation_impact": {
+ "description": "Exploitation impact",
+ "type": "string",
+ "enum": [
+ "low",
+ "medium",
+ "high",
+ "very-high"
+ ]
+ },
+ "data_breach_probability": {
+ "description": "Data breach probability",
+ "type": "string",
+ "enum": [
+ "improbable",
+ "possible",
+ "probable"
+ ]
+ },
+ "data_breach_technical_assets": {
+ "description": "Data breach technical assets",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true,
+ "items": {
+ "type": "string"
+ }
+ },
+ "most_relevant_data_asset": {
+ "description": "Most relevant data asset",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "most_relevant_technical_asset": {
+ "description": "Most relevant technical asset",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "most_relevant_communication_link": {
+ "description": "Most relevant communication link",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "most_relevant_trust_boundary": {
+ "description": "Most relevant trust boundary",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "most_relevant_shared_runtime": {
+ "description": "Most relevant shared runtime",
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ }
+ }
+ }
+ },
+ "required": [
+ "id",
+ "description",
+ "impact",
+ "asvs",
+ "cheat_sheet",
+ "action",
+ "mitigation",
+ "check",
+ "function",
+ "stride",
+ "detection_logic",
+ "risk_assessment",
+ "false_positives",
+ "model_failure_possible_reason",
+ "cwe",
+ "risks_identified"
+ ]
+ }
+ },
+ "risk_tracking": {
+ "description": "Risk tracking",
+ "type": [
+ "object",
+ "null"
+ ],
+ "uniqueItems": true,
+ "additionalProperties": {
+ "type": "object",
+ "properties": {
+ "status": {
+ "description": "Status",
+ "type": "string",
+ "enum": [
+ "unchecked",
+ "in-discussion",
+ "accepted",
+ "in-progress",
+ "mitigated",
+ "false-positive"
+ ]
+ },
+ "justification": {
+ "description": "Justification",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "ticket": {
+ "description": "Ticket",
+ "type": [
+ "string",
+ "null"
+ ]
+ },
+ "date": {
+ "description": "Date",
+ "type": [
+ "string",
+ "null"
+ ],
+ "format": "date"
+ },
+ "checked_by": {
+ "description": "Checked by",
+ "type": [
+ "string",
+ "null"
+ ]
+ }
+ },
+ "required": [
+ "status",
+ "justification",
+ "ticket",
+ "date",
+ "checked_by"
+ ]
+ }
+ },
+ "diagram_tweak_suppress_edge_labels": {
+ "description": "Diagram tweak suppress edge labels",
+ "type": [
+ "boolean",
+ "null"
+ ]
+ },
+ "diagram_tweak_layout_left_to_right": {
+ "description": "Diagram tweak layout left to right",
+ "type": [
+ "boolean",
+ "null"
+ ]
+ },
+ "diagram_tweak_edge_layout": {
+ "description": "Diagram tweak edge layout",
+ "type": [
+ "string",
+ "null"
+ ],
+ "enum": [
+ "",
+ "ortho",
+ "spline",
+ "polyline",
+ "false",
+ "curved"
+ ]
+ },
+ "diagram_tweak_nodesep": {
+ "description": "Diagram tweak nodesep",
+ "type": [
+ "integer",
+ "null"
+ ]
+ },
+ "diagram_tweak_ranksep": {
+ "description": "Diagram tweak ranksep",
+ "type": [
+ "integer",
+ "null"
+ ]
+ },
+ "diagram_tweak_invisible_connections_between_assets": {
+ "description": "Diagram tweak invisible connections between assets",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true,
+ "items": {
+ "type": "string"
+ }
+ },
+ "diagram_tweak_same_rank_assets": {
+ "description": "Diagram tweak same rank assets",
+ "type": [
+ "array",
+ "null"
+ ],
+ "uniqueItems": true,
+ "items": {
+ "type": "string"
+ }
+ }
+ },
+ "required": [
+ "threagile_version",
+ "title",
+ "author",
+ "business_criticality",
+ "tags_available",
+ "data_assets",
+ "technical_assets",
+ "shared_runtimes"
+ ]
+}
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
new file mode 100644
index 0000000..71de926
--- /dev/null
+++ b/.vscode/extensions.json
@@ -0,0 +1,8 @@
+{
+ "recommendations": [
+ "ckolkman.vscode-postgres"
+ ]
+ "yaml.schemas": {
+ "./.threagile/schema.json": ["threagile.yaml"]
+ }
+}
diff --git a/100/README.md b/100/README.md
new file mode 100644
index 0000000..4ab52b0
--- /dev/null
+++ b/100/README.md
@@ -0,0 +1 @@
+# 100 - Introduction
diff --git a/200/README.md b/200/README.md
new file mode 100644
index 0000000..feee683
--- /dev/null
+++ b/200/README.md
@@ -0,0 +1 @@
+# 200 - Requirements
diff --git a/300/README.md b/300/README.md
new file mode 100644
index 0000000..80ab99f
--- /dev/null
+++ b/300/README.md
@@ -0,0 +1 @@
+# 300 - Building Our Application
diff --git a/400/README.md b/400/README.md
new file mode 100644
index 0000000..fd99805
--- /dev/null
+++ b/400/README.md
@@ -0,0 +1 @@
+# 400 - Conclusion
diff --git a/DOCUMENTATION.md b/DOCUMENTATION.md
new file mode 100644
index 0000000..c95fe76
--- /dev/null
+++ b/DOCUMENTATION.md
@@ -0,0 +1,3 @@
+# Documentation
+
+Read the Docs: [REPOSITORY-NAME](https://vanheemstrasystems-REPOSITORY-NAME.readthedocs.io/en/latest/)
diff --git a/GLOSSARY.md b/GLOSSARY.md
new file mode 100644
index 0000000..9a7779c
--- /dev/null
+++ b/GLOSSARY.md
@@ -0,0 +1,3 @@
+# Glossary
+
+- **OTLP**: OpenTelemetry Protocol
diff --git a/IMAGES.md b/IMAGES.md
new file mode 100644
index 0000000..e8f9539
--- /dev/null
+++ b/IMAGES.md
@@ -0,0 +1,5 @@
+# Images
+
+## Docker Images
+
+- MyImage: https://hub.docker.com/repository/docker/vanheemstrasystems/myimage
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..2b5f777
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 van Heemstra Systems
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.ar.md b/README.ar.md
new file mode 100644
index 0000000..395c1e1
--- /dev/null
+++ b/README.ar.md
@@ -0,0 +1,31 @@
+اسم المستودع
+
+# اسم المستودع
+
+> سلوجلاين
+
+- [التوثيق](./DOCUMENTATION.md)
+- [مسرد](./GLOSSARY.md)
+- [الصور](./IMAGES.md)
+- [مراجع](./REFERENCES.md)
+- [القياس عن بعد](./TELEMETRY.md)
+
+**ملخص تنفيذي**
+
+نص
+
+## 100- مقدمة
+
+يرى[README.md](./100/README.md)
+
+## 200 - المتطلبات
+
+يرى[README.md](./200/README.md)
+
+## 300 – بناء تطبيقنا
+
+يرى[README.md](./300/README.md)
+
+## 400 - الخاتمة
+
+يرى[README.md](./400/README.md)
diff --git a/README.de.md b/README.de.md
new file mode 100644
index 0000000..63bfc7b
--- /dev/null
+++ b/README.de.md
@@ -0,0 +1,31 @@
+Repository-Name
+
+# Repository-Name
+
+> Slugline
+
+- [Documentation](./DOCUMENTATION.md)
+- [Glossar](./GLOSSARY.md)
+- [Bilder](./IMAGES.md)
+- [Referenzen](./REFERENCES.md)
+- [Telemetrie](./TELEMETRY.md)
+
+**Zusammenfassung**
+
+Text
+
+## 100 - Einführung
+
+Sehen[README.md](./100/README.md)
+
+## 200 – Anforderungen
+
+Sehen[README.md](./200/README.md)
+
+## 300 – Erstellen unserer Anwendung
+
+Sehen[README.md](./300/README.md)
+
+## 400 – Fazit
+
+Sehen[README.md](./400/README.md)
diff --git a/README.es.md b/README.es.md
new file mode 100644
index 0000000..ede097d
--- /dev/null
+++ b/README.es.md
@@ -0,0 +1,31 @@
+nombre-repositorio
+
+# Nombre del repositorio
+
+> línea de bala
+
+- [Documentación](./DOCUMENTATION.md)
+- [Glosario](./GLOSSARY.md)
+- [Imágenes](./IMAGES.md)
+- [Referencias](./REFERENCES.md)
+- [Telemetria](./TELEMETRY.md)
+
+**Resumen ejecutivo**
+
+Text
+
+## 100 - Introducción
+
+Ver[README.md](./100/README.md)
+
+## 200 - Requisitos
+
+Ver[README.md](./200/README.md)
+
+## 300 - Construyendo nuestra aplicación
+
+Ver[README.md](./300/README.md)
+
+## 400 - Conclusión
+
+Ver[README.md](./400/README.md)
diff --git a/README.fr.md b/README.fr.md
new file mode 100644
index 0000000..c74d060
--- /dev/null
+++ b/README.fr.md
@@ -0,0 +1,31 @@
+nom du référentiel
+
+# Nom du référentiel
+
+> Slugline
+
+- [Documentation](./DOCUMENTATION.md)
+- [Glossaire](./GLOSSARY.md)
+- [Images](./IMAGES.md)
+- [Références](./REFERENCES.md)
+- [Télémétrie](./TELEMETRY.md)
+
+**Résumé exécutif**
+
+Texte
+
+## 100 - Introduction
+
+Voir[README.md](./100/README.md)
+
+## 200 - Exigences
+
+Voir[README.md](./200/README.md)
+
+## 300 - Construire notre application
+
+Voir[README.md](./300/README.md)
+
+## 400 - Conclusion
+
+Voir[README.md](./400/README.md)
diff --git a/README.hi.md b/README.hi.md
new file mode 100644
index 0000000..10fe7d0
--- /dev/null
+++ b/README.hi.md
@@ -0,0 +1,31 @@
+भंडार-नाम
+
+# भंडार का नाम
+
+> स्लगलाइन
+
+- [प्रलेखन](./DOCUMENTATION.md)
+- [शब्दकोष](./GLOSSARY.md)
+- [इमेजिस](./IMAGES.md)
+- [संदर्भ](./REFERENCES.md)
+- [टेलीमेटरी](./TELEMETRY.md)
+
+**कार्यकारी सारांश**
+
+मूलपाठ
+
+## 100 - परिचय
+
+देखना[README.md](./100/README.md)
+
+## 200 - आवश्यकताएँ
+
+देखना[README.md](./200/README.md)
+
+## 300 - हमारे एप्लिकेशन का निर्माण
+
+देखना[README.md](./300/README.md)
+
+## 400 - निष्कर्ष
+
+देखना[README.md](./400/README.md)
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..fc9433d
--- /dev/null
+++ b/README.md
@@ -0,0 +1,30 @@
+repository-name
+# Repository Name
+
+> Slugline
+
+- [Documentation](./DOCUMENTATION.md)
+- [Glossary](./GLOSSARY.md)
+- [Images](./IMAGES.md)
+- [References](./REFERENCES.md)
+- [Telemetry](./TELEMETRY.md)
+
+**Executive Summary**
+
+Text
+
+## 100 - Introduction
+
+See [README.md](./100/README.md)
+
+## 200 - Requirements
+
+See [README.md](./200/README.md)
+
+## 300 - Building Our Application
+
+See [README.md](./300/README.md)
+
+## 400 - Conclusion
+
+See [README.md](./400/README.md)
diff --git a/README.nl.md b/README.nl.md
new file mode 100644
index 0000000..a1f8fbe
--- /dev/null
+++ b/README.nl.md
@@ -0,0 +1,31 @@
+repositorynaam
+
+# Naam van opslagplaats
+
+> Slaklijn
+
+- [Documentatie](./DOCUMENTATION.md)
+- [Glossarium](./GLOSSARY.md)
+- [Afbeeldingen](./IMAGES.md)
+- [Referenties](./REFERENCES.md)
+- [Telemetrie](./TELEMETRY.md)
+
+**Samenvatting**
+
+Tekst
+
+## 100 - Inleiding
+
+Zien[README.md](./100/README.md)
+
+## 200 - Vereisten
+
+Zien[README.md](./200/README.md)
+
+## 300 - Onze applicatie bouwen
+
+Zien[README.md](./300/README.md)
+
+## 400 - Conclusie
+
+Zien[README.md](./400/README.md)
diff --git a/README.rst b/README.rst
new file mode 100644
index 0000000..c7c3a90
--- /dev/null
+++ b/README.rst
@@ -0,0 +1,15 @@
+Readme
+=======================================
+
+SLUGLINE
+
+Description
+
+https://github.com/vanHeemstraSystems/REPOSITORY_NAME
+
+Read-the-Docs
+
+- Read: https://vanheemstrasystems-REPOSITORY-NAME.readthedocs.io/en/latest/
+
+- Manage (NEW): https://app.readthedocs.org/projects/vanheemstrasystems-REPOSITORY-NAME/
+- Manage (OLD): https://readthedocs.org/dashboard/
diff --git a/README.zh-CN.md b/README.zh-CN.md
new file mode 100644
index 0000000..066f837
--- /dev/null
+++ b/README.zh-CN.md
@@ -0,0 +1,31 @@
+存储库名称
+
+# 存储库名称
+
+> 斯拉格莱恩
+
+- [文档](./DOCUMENTATION.md)
+- [词汇表](./GLOSSARY.md)
+- [图片](./IMAGES.md)
+- [参考](./REFERENCES.md)
+- [遥测](./TELEMETRY.md)
+
+**执行摘要**
+
+文本
+
+## 100 - 简介
+
+看[README.md](./100/README.md)
+
+## 200 - 要求
+
+看[README.md](./200/README.md)
+
+## 300 - 构建我们的应用程序
+
+看[README.md](./300/README.md)
+
+## 400 - 结论
+
+看[README.md](./400/README.md)
diff --git a/README.zh-TW.md b/README.zh-TW.md
new file mode 100644
index 0000000..484dfbf
--- /dev/null
+++ b/README.zh-TW.md
@@ -0,0 +1,31 @@
+儲存庫名稱
+
+# 儲存庫名稱
+
+> 斯拉格萊恩
+
+- [文件](./DOCUMENTATION.md)
+- [Glossary](./GLOSSARY.md)
+- [Images](./IMAGES.md)
+- [參考](./REFERENCES.md)
+- [遙測](./TELEMETRY.md)
+
+**執行摘要**
+
+文字
+
+## 100 - 簡介
+
+看[README.md](./100/README.md)
+
+## 200 - 要求
+
+看[README.md](./200/README.md)
+
+## 300 - 建立我們的應用程式
+
+看[README.md](./300/README.md)
+
+## 400 - 結論
+
+看[README.md](./400/README.md)
diff --git a/REFERENCES.md b/REFERENCES.md
new file mode 100644
index 0000000..9fe19f4
--- /dev/null
+++ b/REFERENCES.md
@@ -0,0 +1,3 @@
+# References
+
+- [Reference Name](https://example.com)
diff --git a/TELEMETRY.md b/TELEMETRY.md
new file mode 100644
index 0000000..28dbe6a
--- /dev/null
+++ b/TELEMETRY.md
@@ -0,0 +1,13 @@
+# Telemetry
+
+https://app.uptrace.dev/
+
+To start sending tracing data to Uptrace, you need to configure OpenTelemetry Tracing SDK. To view and collect metrics, see the Metrics navigation section on the right.
+
+Use the following DSN to configure OpenTelemetry for your programming language:
+
+```
+export UPTRACE_DSN="https://4u5UnSF8ck63yJD33QZTrg@api.uptrace.dev?grpc=4317"
+```
+
+See [Monitor Flask performance with OpenTelemetry](https://uptrace.dev/get/instrument/opentelemetry-flask.html)
diff --git a/docs/Makefile b/docs/Makefile
new file mode 100644
index 0000000..d0c3cbf
--- /dev/null
+++ b/docs/Makefile
@@ -0,0 +1,20 @@
+# Minimal makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line, and also
+# from the environment for the first two.
+SPHINXOPTS ?=
+SPHINXBUILD ?= sphinx-build
+SOURCEDIR = source
+BUILDDIR = build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+ @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+.PHONY: help Makefile
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile
+ @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
diff --git a/docs/make.bat b/docs/make.bat
new file mode 100644
index 0000000..9534b01
--- /dev/null
+++ b/docs/make.bat
@@ -0,0 +1,35 @@
+@ECHO OFF
+
+pushd %~dp0
+
+REM Command file for Sphinx documentation
+
+if "%SPHINXBUILD%" == "" (
+ set SPHINXBUILD=sphinx-build
+)
+set SOURCEDIR=source
+set BUILDDIR=build
+
+if "%1" == "" goto help
+
+%SPHINXBUILD% >NUL 2>NUL
+if errorlevel 9009 (
+ echo.
+ echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
+ echo.installed, then set the SPHINXBUILD environment variable to point
+ echo.to the full path of the 'sphinx-build' executable. Alternatively you
+ echo.may add the Sphinx directory to PATH.
+ echo.
+ echo.If you don't have Sphinx installed, grab it from
+ echo.http://sphinx-doc.org/
+ exit /b 1
+)
+
+%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
+goto end
+
+:help
+%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
+
+:end
+popd
diff --git a/docs/requirements.txt b/docs/requirements.txt
new file mode 100644
index 0000000..53fc1f3
--- /dev/null
+++ b/docs/requirements.txt
@@ -0,0 +1,2 @@
+sphinx==7.1.2
+sphinx-rtd-theme==1.3.0rc1
diff --git a/docs/source/api.rst b/docs/source/api.rst
new file mode 100644
index 0000000..5244001
--- /dev/null
+++ b/docs/source/api.rst
@@ -0,0 +1,7 @@
+API
+===
+
+.. autosummary::
+ :toctree: generated
+
+ PROJECT_NAME
diff --git a/docs/source/conf.py b/docs/source/conf.py
new file mode 100644
index 0000000..a6a420c
--- /dev/null
+++ b/docs/source/conf.py
@@ -0,0 +1,35 @@
+# Configuration file for the Sphinx documentation builder.
+
+# -- Project information
+
+project = 'PROJECT_NAME'
+copyright = '2024 - present, van Heemstra Systems'
+author = 'Willem van Heemstra'
+
+release = '0.1'
+version = '0.1.0'
+
+# -- General configuration
+
+extensions = [
+ 'sphinx.ext.duration',
+ 'sphinx.ext.doctest',
+ 'sphinx.ext.autodoc',
+ 'sphinx.ext.autosummary',
+ 'sphinx.ext.intersphinx',
+]
+
+intersphinx_mapping = {
+ 'python': ('https://docs.python.org/3/', None),
+ 'sphinx': ('https://www.sphinx-doc.org/en/master/', None),
+}
+intersphinx_disabled_domains = ['std']
+
+templates_path = ['_templates']
+
+# -- Options for HTML output
+
+html_theme = 'sphinx_rtd_theme'
+
+# -- Options for EPUB output
+epub_show_urls = 'footnote'
diff --git a/docs/source/index.rst b/docs/source/index.rst
new file mode 100644
index 0000000..6a1e131
--- /dev/null
+++ b/docs/source/index.rst
@@ -0,0 +1,22 @@
+Welcome to PROJECT_NAME's documentation!
+===================================
+
+**PROJECT_NAME** (/pro'ject/) is a NOUN for PURPOSE
+that LIST_OF_FEATURES.
+See EXTERNAL_RELATIONS at `LINK_TITLE `_
+and offers a *ADJECTIVE* and *ADJECTIVE* BENEFIT.
+
+Check out the :doc:`usage` section for further information, including
+how to :ref:`installation` the project.
+
+.. note::
+
+ This project is under active development.
+
+Contents
+--------
+
+.. toctree::
+
+ usage
+ api
diff --git a/docs/source/usage.rst b/docs/source/usage.rst
new file mode 100644
index 0000000..f74c995
--- /dev/null
+++ b/docs/source/usage.rst
@@ -0,0 +1,33 @@
+Usage
+=====
+
+.. _installation:
+
+Installation
+------------
+
+To use APPLICATION_NAME, first install it using pip:
+
+.. code-block:: console
+
+ (.venv) $ pip install PACKAGE_NAME
+
+Getting Started
+----------------
+
+To retrieve a list of random ingredients,
+you can use the ``PACKAGE_NAME.get_random_ingredients()`` function:
+
+.. autofunction:: PACKAGE_NAME.get_random_ingredients
+
+The ``kind`` parameter should be either ``"meat"``, ``"fish"``,
+or ``"veggies"``. Otherwise, :py:func:`PACKAGE_NAME.get_random_ingredients`
+will raise an exception.
+
+.. autoexception:: PACKAGE_NAME.InvalidKindError
+
+For example:
+
+>>> import PACKAGE_NAME
+>>> PACKAGE_NAME.get_random_ingredients()
+['shells', 'gorgonzola', 'parsley']
diff --git a/pyproject.toml b/pyproject.toml
new file mode 100644
index 0000000..8470b4e
--- /dev/null
+++ b/pyproject.toml
@@ -0,0 +1,8 @@
+[build-system]
+requires = ["flit_core >=3.2,<4"]
+build-backend = "flit_core.buildapi"
+
+[project]
+name = "YOUR_PROJECT_NAME"
+authors = [{name = "Willem van Heemstra", email = "wvanheemstra@icloud.com"}]
+dynamic = ["version", "description"]
diff --git a/schemas/.schemastore b/schemas/.schemastore
new file mode 100644
index 0000000..e115e63
--- /dev/null
+++ b/schemas/.schemastore
@@ -0,0 +1 @@
+https://www.schemastore.org/
diff --git a/threagile.bat b/threagile.bat
new file mode 100644
index 0000000..e55987c
--- /dev/null
+++ b/threagile.bat
@@ -0,0 +1 @@
+docker run --rm -it -v %cd%:/app/work threagile/threagile %*
diff --git a/threagile.sh b/threagile.sh
new file mode 100644
index 0000000..6ebc25e
--- /dev/null
+++ b/threagile.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+sudo chmod a+rwx -R "$(pwd)"
+docker run --rm -it -v "$(pwd)":/app/work threagile/threagile "$@"
diff --git a/threagile.yaml b/threagile.yaml
new file mode 100644
index 0000000..491170d
--- /dev/null
+++ b/threagile.yaml
@@ -0,0 +1,3 @@
+threagile_version: 1.0.0
+
+title: