OWASP Threat Dragon
Threat Dragon comes in two variants, desktop application and web application.
Installers can be downloaded from the OWASP GitHub area:
- Windows (64 bit) installer
- MacOS installer
- Linux snap, AppImage, debian and rpm installers
It is probably simpler to use the AppImage for most Linux platforms, but packages for both Debian and Fedora Linux on AMD64 and X86-64bit platforms can also be downloaded from the github release area.
Alternatively a platform independent Snap image is available via the official snapcraft distribution.
Download the .dmg MacOS installer from the github release area. Open the download and drag ‘OWASP Threat Dragon’ to the application directory. When the copy has finished then Threat Dragon can be run from Apple Launchpad or using Finder -> Applications.
Threat Dragon is notarized by Apple, but if an error message pops up when running for the first time, along the lines of ‘“OWASP-Threat-Dragon” can’t be opened because Apple cannot check it for malicious software’ then follow this FAQ to resolve this.
There may be different error messages for older versions of Threat Dragon, in which case try this FAQ.
Download the Windows .exe NSIS installer from the github release area. Run the installer and invoke the application from the shortcut.
The current Windows version of the desktop application is not code-signed, so you may get a warning when running for the first time. For the time being accept the warning, we are working on this and hope to get this application signed soon.
For the latest versions of code between releases,
npm can be used to install and run Threat Dragon Desktop locally:
git clone https://github.com/owasp/threat-dragon cd threat-dragon/td.desktop npm install npm run build
Then to run it:
There is a command line interface, run help to see what commands are available:
npm run help
For example to export a given threat model file to pdf :
npm run pdf ./threat-model.json