OWASP Threat Dragon
Threat Dragon comes in two variants, desktop application and web application.
Installable versions are available for download from the OWASP GitHub area:
- Windows (64 bit) installer
- MacOS installer
- Linux snap, AppImage, debian and rpm installers
Packages for both Debian and Fedora Linux on AMD64 and X86-64bit platforms can be downloaded from the releases folder. Alternatively a platform independent snap installer can be downloaded, or use the AppImage provided.
Download the .dmg MacOS installer from the releases folder. Open the download and drag ‘OWASP Threat Dragon’ to the application directory. When the copy has finished then Threat Dragon can be run from launchpad or Finder -> Applications.
If an error message pops up when running for the first time, along the lines of ‘OWASP Threat Dragon cannot be opened because the developer cannot be verified’ or “OWASP ZAP” cannot be opened because the developer cannot be verified, macOS cannot verify that this app is free from malware then follow this FAQ to resolve this.
Download the Windows .exe installer from the releases folder. Run the installer and invoke the application from the shortcut. The current versions of the desktop application are not code-signed, so you may get a warning when installing.
For the latest versions of code between releases,
npm can be used to install and run Threat Dragon locally:
git clone https://github.com/owasp/threat-dragon-desktop
Then to run it:
npm run start
There is a limited command line interface, with help:
npm run help
For example to export a given threat model file to pdf :
npm run pdf ./threat-model.json