| title | layout | tab | order | tags |
|---|---|---|---|---|
Roadmap |
true |
4 |
threatdragon |
- provide an API for CI/CD pipelines
- provide a CLI for scripting based on TD's existing use of yargs
- provide multiple methods of authentication and access similar to draw.io login page
- automated threats (both by element and by OATS)
Threat model access for web app:
- load models from various repos :
- github enterprise
- gitlab
- github enterprise
- BitBucket
Stable version of 2.x.x with bug fixes and usable diagram tools. Still not feature complete:
- missing CLI for scripting based
- missing automated threats (both by element and by OATS)
migrate to a combined application for both desktop and webapp:
- be strictly open source
- use Vue for frontend application
- use @antv/g6 for the drawing library
- frontend logging using bunyan and optional logging to the console during development
- use electron to wrap webapp for desktop
- provide auto-update using electron
- expand electron unit tests using WDIO Electron Service
- webapp unit test framework Jest
- component test Vue testing library
- end-to-end test cypress
- set up ZAP to provide security testing on commit
- design files are to be backwardly compatible to Threat Dragon json
demonstration pages:
- an online demonstration to be provided on threat dragon's site
- demo should either be a snapshot or a release version
- written in javascript ES6 / ECMAScript 2015 or compatible
- run on node.js server
- use express for backend application
- provide a dockerfile for running in docker, similar to existing TD
- static code analysis using ESLint
- webapp test runner Karma with Jasmine for Vue Test Utils
- backend unit test framework MochaJS and assertions from chai
- bundle the application and api for production using webpack
- be strictly open source, avoiding using languages or frameworks maintained outside the open source community
documentation:
- documentation should be updated at the threat dragon github pages
- version 1.x docs are preserved and migrated to version 2.0
- docs should be static pages based on Jekyll and markdown
Mike Goodwin's initial roadmap for the project is archived here. The original roadmap had various milestones, most of which were achieved by late 2020.
Milestone 4: Dev lifecycle integration
- Some CLI interface available mid 2020
Milestone 3: Release 1.0
- production version released February 2020
- version 1.3.1 released October 2020
Milestone 2: Beta release: Threat/mitigation rule engine
- achieved May 2017 with version 0.1.26
Milestone 1: Alpha release - Basic threat modelling experience
- achieved October 2015