Link Search Menu Expand Document

OWASP Threat Dragon

Threat Dragon comes in two variants, desktop application and web application.

Desktop application install instructions

Installers can be downloaded from the OWASP GitHub area:

  • Windows (64 bit) installer
  • MacOS installer
  • Linux snap, AppImage, debian and rpm installers

Linux installer and AppImage

It is probably simpler to use the AppImage for most Linux platforms, but packages for both Debian and Fedora Linux on AMD64 and X86-64bit platforms can also be downloaded from the github release area.

Alternatively a platform independent Snap image is available via the official snapcraft distribution.

MacOS installer

Download the .dmg MacOS installer from the github release area. Open the download and drag ‘OWASP Threat Dragon’ to the application directory. When the copy has finished then Threat Dragon can be run from Apple Launchpad or using Finder -> Applications.

Threat Dragon is notarized by Apple, but if an error message pops up when running for the first time, along the lines of ‘“OWASP-Threat-Dragon” can’t be opened because Apple cannot check it for malicious software’ then follow this FAQ to resolve this.

There may be different error messages for older versions of Threat Dragon, in which case try this FAQ.

Windows installer

Download the Windows .exe NSIS installer from the github release area. Run the installer and invoke the application from the shortcut.

The current Windows version of the desktop application is not code-signed, so you may get a warning when running for the first time. For the time being accept the warning, we are working on this and hope to get this application signed soon.

Command line using npm

For the latest versions of code between releases, npm can be used to install and run Threat Dragon Desktop locally:

git clone
cd threat-dragon/td.desktop
npm install
npm run build

Then to run it:

npm start

There is a command line interface, run help to see what commands are available:

npm run help

For example to export a given threat model file to pdf :

npm run pdf ./threat-model.json