pytmlisted

# Threat Modeling with pytm ## Overview pytm is a Python library for programmatic threat modeling based on the STRIDE methodology. It enables security engineers to define system architecture as code, automatically generate data flow diagrams (DFDs), identify security threats across trust boundaries, and produce comprehensive threat reports. This approach integrates threat modeling into CI/CD pipelines, enabling shift-left security and continuous threat analysis. ## Quick Start Create a basic threat model: ```python #!/usr/bin/env python3 from pytm import TM, Server, Dataflow, Boundary, Actor # Initialize threat model tm = TM("Web Application Threat Model") tm.description = "E-commerce web application" # Define trust boundaries internet = Boundary("Internet") dmz = Boundary("DMZ") internal = Boundary("Internal Network") # Define actors and components user = Actor("Customer") user.inBoundary = internet web = Server("Web Server") web.inBoundary = dmz db = Server("Database") db.inBoundary = internal # Define data flows user_to_web = Dataflow(user, web, "HTTPS Request") user_to_web.protocol = "HTTPS" user_to_web.data = "credentials, payment info" user_to_web.isEncrypted = True web_to_db = Dataflow(web, db, "Database Query") web_to_db.protocol = "SQL/TLS" web_to_db.data = "user data, transactions" # Generate threat report and diagram tm.process() ``` Install pytm: ```bash pip install pytm # Also requires graphviz for diagram generation brew install graphviz # macOS #