遵循以下最佳实践的项目将能够自愿的自我认证,并显示他们已经实现了核心基础设施计划(OpenSSF)徽章。 显示详细资料
[](https://www.bestpractices.dev/projects/9266)
<a href="https://www.bestpractices.dev/projects/9266"><img src="https://www.bestpractices.dev/projects/9266/badge"></a>
Threat Dagon is an open source threat modeling tool and is one of the official OWASP projects. It is used to draw threat modeling diagrams and to list threats for elements in the diagram along with their remediations.
Threat Dragon is primarily a web application which can store threat model files on the local filesystem. In addition access can be configured for access to GitHub, Bitbucket, GitLab and Github Enterprise. The desktop versions of Threat Dragon stores the threat model files on the local filesystem only, with installers for Windows, MacOS and Linux.
Repository on GitHub, which uses git, is here: https://github.com/OWASP/threat-dragon git is common distributed version control software Repository on GitHub, which uses git. git is distributed.
Both the funtional testsand the unit tests for both the application and the back end are invoked using scripts contained in the Node.js package.json file, which is the standard way to run tests for a Node.js application, just type 'npm test' There is a documentation page on the unit tests: https://owasp.org/www-project-threat-dragon/docs-2/unit/ and on the functional end-to-end tests: https://owasp.org/www-project-threat-dragon/docs-2/e2e/
there are various github workflows that build Threat Dragon on push, release, pull-request and nightly : https://github.com/OWASP/threat-dragon/tree/main/.github/workflows
Found all required security hardening headers.
警告:需要URL,但找不到URL。
Threat Dragon is analysed by OWASP ZAP on pull-request and also on commits to the main branch, using github workflow pipelines : https://github.com/OWASP/threat-dragon/actions
No assertions are embedded in the Treat Dragon code, as this is not a generally used feature of Javascript
后退