CI/CD Integration¶

Our tool FlowStrider can be easily integrated into a CI/CD pipeline.

You need to specify the location of your data-flow diagram (dfd) file. In our case, we use a folder named threat_models, which contains both the dfd and the corresponding management file. Additionally, we use the --fail-on-threat undecided option to ensure that the pipeline fails if any undecided threats are detected.

Below is a simple .gitlab-ci.yml configuration:

stages:
- security

default:
before_script:
    - git config --global user.email "you@example.com"
    - git config --global user.name "Your Name"
    - pip install -U pip
    - apt-get update && apt-get install -y graphviz

threat_modeling:
stage: security
image: python:3.10
script:
    - pip install flowstrider
    - echo "Running threat modeling..."
    - flowstrider elicit --output off --management-path $CI_PROJECT_DIR/threat_models/threat_management.json --fail-on-threat undecided $CI_PROJECT_DIR/threat_models/example_tool_paper.json
only:
    - main
    - merge_requests
allow_failure: False

CI/CD Integration¶

FlowStrider

Navigation

Related Topics