OWASP Threat Dragon
Threat Dragon can be run from the command line and there is a command line interface which can be used to access some Threat Dragon features.
With the desktop version of Threat Dragon installed, and if the executable is in the environment path, then Threat Dragon can be run from the command line.
For example on MacOS and Linux:
or after installing on Windows:
AppImage does not need installation, so after downloading version 1.3.1 (for example) just run:
The command line interface can be used to directly access some of Threat Dragon’s functionality.
Ensure that the executable is in the environment path and run this command to get help :
A threat model file can be exported to pdf :
OWASP-Threat-Dragon --pdf ./threat-model.json --verbose
Or for Windows:
OWASP-Threat-Dragon.exe --pdf .\threat-model.json --verbose
or using AppImage (using version 1.3.1 for example):
./OWASP-Threat-Dragon-1.3.1.AppImage --pdf ./threat-model.json --verbose
Note that the path to the JSON file needs to be resolvable, so use the full path or the ‘./’ if the file is in the working directory.
Here is the help contents for version 1.3.1 :
OWASP-Threat-Dragon --help Usage: OWASP-Threat-Dragon <command> [options] Commands: OWASP-Threat-Dragon edit <json> Edit JSON threat model [aliases: e] OWASP-Threat-Dragon open <json> Open JSON threat model [aliases: o] OWASP-Threat-Dragon pdf <json> Export JSON threat model as PDF [aliases: p] OWASP-Threat-Dragon print <json> Print JSON threat model [aliases: p] OWASP-Threat-Dragon run Run threat dragon application[aliases: r, x] Options: --version Show version number [boolean] --verbose, -v Increasing levels of verbosity [count] --help Show help [boolean]
Verbosity can be increased from the default of ‘error’:
-v add warnings and info
-vv add verbose and debug
-vvv all levels of logging