pytm

Solid

Python-based threat modeling using pytm library for programmatic STRIDE analysis, data flow diagram generation, and automated security threat identification. Use when: (1) Creating threat models programmatically using Python code, (2) Generating data flow diagrams (DFDs) with automatic STRIDE threat identification, (3) Integrating threat modeling into CI/CD pipelines and shift-left security practices, (4) Analyzing system architecture for security threats across trust boundaries, (5) Producing threat reports with STRIDE categories and mitigation recommendations, (6) Maintaining threat models as code for version control and automation.

AI & Automation 335 stars 29 forks Updated today

Install

View on GitHub

Quality Score: 85/100

Stars 20%

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

Description 5%

100

Skill Content

# Threat Modeling with pytm ## Overview pytm is a Python library for programmatic threat modeling based on the STRIDE methodology. It enables security engineers to define system architecture as code, automatically generate data flow diagrams (DFDs), identify security threats across trust boundaries, and produce comprehensive threat reports. This approach integrates threat modeling into CI/CD pipelines, enabling shift-left security and continuous threat analysis. ## Quick Start Create a basic threat model: ```python #!/usr/bin/env python3 from pytm import TM, Server, Dataflow, Boundary, Actor # Initialize threat model tm = TM("Web Application Threat Model") tm.description = "E-commerce web application" # Define trust boundaries internet = Boundary("Internet") dmz = Boundary("DMZ") internal = Boundary("Internal Network") # Define actors and components user = Actor("Customer") user.inBoundary = internet web = Server("Web Server") web.inBoundary = dmz db = Server("Database") db.inBoundary = internal # Define data flows user_to_web = Dataflow(user, web, "HTTPS Request") user_to_web.protocol = "HTTPS" user_to_web.data = "credentials, payment info" user_to_web.isEncrypted = True web_to_db = Dataflow(web, db, "Database Query") web_to_db.protocol = "SQL/TLS" web_to_db.data = "user data, transactions" # Generate threat report and diagram tm.process() ``` Install pytm: ```bash pip install pytm # Also requires graphviz for diagram generation brew install graphviz # macOS #...

Details

Author: aiskillstore
Repository: aiskillstore/marketplace
Created: 5 months ago
Last Updated: today
Language: Python
License: None

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

threat-model

Use to conduct STRIDE threat modeling for a system or feature design.

30 Updated today

haabe

AI & Automation Solid

threat-modeler

Generate threat models using STRIDE, PASTA, or VAST methodologies

1,160 Updated today

a5c-ai

AI & Automation Solid

senior-security

Security engineering toolkit for threat modeling, vulnerability analysis, secure architecture, and penetration testing. Includes STRIDE analysis, OWASP guidance, cryptography patterns, and security scanning tools. Use when the user asks about security reviews, threat analysis, vulnerability assessments, secure coding practices, security audits, attack surface analysis, CVE remediation, or security best practices.

16,782 Updated 3 days ago

alirezarezvani

AI & Automation Listed

senior-security

2 Updated 2 days ago

mdnaimul22

AI & Automation Listed

performing-threat-modeling-with-owasp-threat-dragon

Use OWASP Threat Dragon to create data flow diagrams, identify threats using STRIDE and LINDDUN methodologies, and generate threat model reports for secure design review.

1 Updated 3 days ago

pinkpixel-dev