Introduction

OWASP Threat Dragon

Threat Dragon is an open-source threat modelling tool from OWASP. It comes as a web application or an installable desktop application for MacOS, Windows and Linux.

The web application can store threat model files on the local filesystem; in addition access can be configured for :

• GitHub
• Bitbucket
• GitLab
• Github Enterprise

The desktop app saves your threat models on your local file system only, repository access is a future enhancement.

You can find the source code for Threat Dragon on GitHub, where you can also ask for changes or report any issues.