1.4.0 • Public • Published

    Note that this repository has been migrated from Mike Goodwin's original , which has the issues and pull requests from June 2016 up to June 2020.

    Threat Dragon Logo

    Build Status codecov.io GitHub license Language grade: JavaScript

    OWASP Threat Dragon

    Threat Dragon is a free, open-source, cross-platform threat modelling application including system diagramming and a rule engine to auto-generate threats/mitigations. It is an OWASP Incubator Project and follows the values and principles of the threat modeling manifesto. The roadmap for the project is a great UX, a powerful rule engine and integration with other development lifecycle tools.

    The application comes in two variants:

    1. A web application: For the web application, models files are stored in GitHub (other storage will become available). We are currently maintaining a working protoype in synch with the master code branch.

    2. A desktop application: This is based on Electron. There are installers available for both Windows and Mac OSX, as well as rpm and debian packages for Linux. For this variant models are stored on the local filesystem.

    End user help is available for both variants.

    This repository contains the core files and modules that are shared between both the web and desktop variant.

    Code of Conduct

    We ask that everyone who contributes to the Threat Dragon project follow the Code of Conduct.

    Installing and building

    Clone the repo and run

    npm install

    There are a number of test scripts included in package.json. For example:

    npm run test-client-chrome

    The main test script runs tests on PhantomJS and FireFox (and also lints the code):

    npm test

    There are two main build script, one to pre-compile the angular templates to JavaScript:

    npm run build-templates

    and one to bundle and minify the core CSS:

    npm run bundle-css

    Both of these can be run together using

    npm run build


    Pull requests, feature requests, bug reports and feedback of any kind are very welcome, please refer to the page for contributors.

    We are trying to keep the test coverage relatively high, so please try to include tests in any PRs and make PRs on the development branch. There are some developer notes to help get started.

    Vulnerability disclosure

    If you find a vulnerability in this project please let us know ASAP and we will fix it as a priority. For secure disclosure, please see the security policy.

    Project leaders




    npm i owasp-threat-dragon-core

    DownloadsWeekly Downloads






    Unpacked Size

    902 kB

    Total Files


    Last publish


    • mike.goodwin
    • jgadsden
    • akokoroko