This action runs Threagile as part of a GitHub workflow.
Required The name of the Threagile model input file. Default "threagile.yaml"
.
The output is usually handled as files via artifacts (see below).
on:
push:
paths:
- 'threagile.yaml' # useful to filter this job to execute only when the threat model changes
jobs:
threagile_job:
runs-on: ubuntu-latest
name: Threat Model Analysis
steps:
# Checkout the repo
- name: Checkout Workspace
uses: actions/checkout@v2
# Run Threagile
- name: Run Threagile
id: threagile
uses: threagile/run-threagile-action@v1
with:
model-file: 'threagile.yaml'
# Archive resulting files as artifacts
- name: Archive Results
uses: actions/upload-artifact@v2
with:
name: threagile-report
path: threagile/output
# Optional step to link from repo's README.md if you want. This can also be committed to a separate branch if desired.
- name: Commit & Push Report and DFD Diagram
run: |
git config --local user.email "threagile@example.com" # customize as desired
git config --local user.name "Threagile" # customize as desired
git add threagile/output/report.pdf
git add threagile/output/data-flow-diagram.png
git commit -m "Update threat model report and data-flow diagram by Threagile" # customize as desired
git push
## Threat Model Analysis
The open-source toolkit for agile threat modeling, Threagile, was used to model and analyze potential threats.
### Data-Flow Diagram (DFD)
The following DFD was generated by Threagile during threat model analysis:
![Data-Flow Diagram (DFD)](/threagile/output/data-flow-diagram.png?raw=true "Data-Flow Diagram (DFD)")
### Threat Model Report
The following report was generated by Threagile during threat model analysis:
[Threat Model Report](/threagile/output/report.pdf?raw=true)