Threat Dagon is an open source threat modeling tool and is an official OWASP project. It is used to draw threat modeling diagrams and to list threats for elements in the diagram
OWASP Threat Dragon is a free, open-source, cross-platform threat modeling application. It is used to draw threat modeling diagrams and to list threats for elements in the diagram along with their remediations.
Threat Dragon is designed to be accessible for various types of teams, with an emphasis on flexibility and simplicity. It is an OWASP Lab Project and follows the values and principles of the threat modeling manifesto
Integration with OWASP Cornucopia with new Threat Dragon EoP Games diagrams
Threat model templates when using github repositories or the web application local filesystem
Web application
The web application is provided as a .tar.gz file or a .zip file
along with SBOMs.
Docker containers
The docker images are available from Dockerhub:
For X86 platforms pull the image: docker pull --platform linux/x86_64 owasp/threat-dragon:v2.6.0
Alternatively for ARM64 platforms: docker pull --platform linux/arm64 owasp/threat-dragon:v2.6.0-arm64
Desktop version
──────────────────────────────────┬─────────────────────────────────────┬───────────────────────────
Platform │File │SHA512
──────────────────────────────────┼─────────────────────────────────────┼───────────────────────────
Windows NSIS installer │Threat-Dragon-ng-Setup-2.6.0.exe │checksum.yml
──────────────────────────────────┼─────────────────────────────────────┼───────────────────────────
MacOS installer x86 │Threat-Dragon-ng-2.6.0.dmg │checksum-mac.yml
──────────────────────────────────┼─────────────────────────────────────┼───────────────────────────
MacOS installer ARM64 │Threat-Dragon-ng-2.6.0-arm64.dmg │checksum-mac-arm64.yml
──────────────────────────────────┼─────────────────────────────────────┼───────────────────────────
Linux AppImage │Threat-Dragon-ng-2.6.0.AppImage │checksum-linux.yml
──────────────────────────────────┼─────────────────────────────────────┼───────────────────────────
Debian package, AMD64 │threat-dragon_2.6.0_amd64.deb │
──────────────────────────────────┼─────────────────────────────────────┼───────────────────────────
Redhat package manager, X86 64 bit│threat-dragon-2.6.0.x86_64.rpm │
──────────────────────────────────┼─────────────────────────────────────┼───────────────────────────
Linux Snap │direct from Snapcraft │
──────────────────────────────────┴─────────────────────────────────────┴───────────────────────────
Software Bill of Materials
SBOMs are provided for the server and for the frontend application including desktop.
Installing on Windows
Download and run the NSIS executable. Depending on the security applied in your Windows system,
you may need to open the file properties and check the 'Unblock' checkbox to allow Threat Dragon to run
Installing on MacOS
To install on MacOS systems download and run the disk image .dmg file , either the x86 or arm64 version.
Note that the MacOS .zip files are used for automatic updates, and are not recommended for installation.
Installing on Linux
Select the method that is most convenient for your distribution of Linux:
AppImage can be used for most Linux distributions and hardware platforms
a Snap image is available from the official Snapcraft distribution
.rpm for Red Hat Linux, AIX, CentOS, Fedora
.deb for debian based Linux such as Ubuntu, Trisqel and Debian itself
What's Changed
Fix threat severity and status icons by @Stuw in #1339
Update zh.js by @yolylight in #1356
Integrate Cornucopia cards by @gerardocanedoUCU in #1414
Extendable EoP games diagram by @javiermorenov1203 in #1418
fix(github): Resolve branch name issue for protected branches by @eratio08 in #1415
Feature/trust boundary data flow by @dlewburg in #1397
Fix SVG/PNG export to exclude selection decorations by @sn3ha-dev278 in #1424
Fix image export affected by zoom level by @sn3ha-dev278 in #1430
Fix possible loss of diagram changes when using Save/Save As in desktop menu by @sn3ha-dev278 in #1437
Fix link formatting in vulnerability reporting section by @lreading in #1443
Update threat model schema to version 1.0.2 by @jgadsden in #1453
reusable templates feature (Web and Github only) by @Ajith-Penmatsa-GGL in #1444
Fix/gitlab error opening models by @Ajith-Penmatsa-GGL in #1454
Fix: Broken link in model select page by @Ajith-Penmatsa-GGL in #1461
updated the link so that the unit test passes by @Ajith-Penmatsa-GGL in #1462
Fix: Add Cornucopia MobileApp Deck to EoP Games diagram (#1447) by @Mahaboobunnisa123 in #1459
New Contributors
@Stuw made their first contribution in #1339
@Krishiv-Mahajan made their first contribution in #1372
@gerardocanedoUCU made their first contribution in #1414
@javiermorenov1203 made their first contribution in #1418
@eratio08 made their first contribution in #1415
@dlewburg made their first contribution in #1397
@sn3ha-dev278 made their first contribution in #1424
@Ajith-Penmatsa-GGL made their first contribution in #1444
@Mahaboobunnisa123 made their first contribution in #1459
Full Changelog: v2.5.0...v2.6.0
