Threagile

Threagile Threat Model file

Type object
File match threagile.yaml threat-model.yaml
Schema URL https://catalog.lintel.tools/schemas/schemastore/threagile/latest.json
Source https://raw.githubusercontent.com/Threagile/threagile/refs/heads/master/support/schema.json

Validate with Lintel

npx @lintel/lintel check
Type: object

Agile Threat Modeling

Properties

threagile_version string required

Version of the Threagile toolkit

title string required

Title of the model

author object required

Author of the model

3 nested properties
name string | null required

Author name

contact string | null

Author contact info

homepage string | null

Author homepage

business_criticality string required

Business criticality of the target

Values: "archive" "operational" "important" "critical" "mission-critical"
tags_available array | null required

Tags are used to add custom metadata to model elements, enabling filtering, classification, and the creation of tailored risk rules. They help provide context and drive more precise, organization-specific threat modeling.

uniqueItems=true
data_assets Record<string, object> required

Data assets represent types of data processed, stored, or transmitted in the system, such as personal data, credentials, or logs—along with their sensitivity, confidentiality, and integrity requirements. They help assess the impact of risks based on the value of the data involved.

uniqueItems=true
technical_assets Record<string, object> required

Any hardware, software, or system component that supports the processing, storage, or transmission of data, such as servers, applications, databases, or network devices.

uniqueItems=true
shared_runtimes Record<string, object> required

Shared runtimes

uniqueItems=true
includes array | null

Include other yaml files into the model

uniqueItems=true
date string | null

Date of the model

format=date
contributors array | null

Contributors to the model

uniqueItems=true
management_summary_comment string | null

Individual management summary for the report

application_description object

General description of the application, its purpose and functionality.

2 nested properties
description string | null

Application description for the report

images array | null

Application images for the report

uniqueItems=true
business_overview object

Individual business overview for the report

2 nested properties
description string | null

Individual business overview for the report

images array | null

Custom images for the report

uniqueItems=true
technical_overview object

Individual technical overview for the report

2 nested properties
description string | null

Individual technical overview for the report

images array | null

Custom images for the report

uniqueItems=true
questions object | null

Custom questions for the report

uniqueItems=true
abuse_cases object | null

Custom abuse cases for the report

uniqueItems=true
security_requirements object | null

Custom security requirements for the report

uniqueItems=true
trust_boundaries Record<string, object>

Trust boundaries

uniqueItems=true
individual_risk_categories Record<string, object>

Individual risk categories

uniqueItems=true
risk_tracking Record<string, object>

Risk tracking

uniqueItems=true
diagram_tweak_suppress_edge_labels boolean | null

Diagram tweak suppress edge labels

diagram_tweak_layout_left_to_right boolean | null

Diagram tweak layout left to right

diagram_tweak_edge_layout string | null

Diagram tweak edge layout

Values: "" "ortho" "spline" "polyline" "false" "curved"
diagram_tweak_nodesep integer | null

Diagram tweak nodesep

diagram_tweak_ranksep integer | null

Diagram tweak ranksep

diagram_tweak_invisible_connections_between_assets array | null

Diagram tweak invisible connections between assets

uniqueItems=true
diagram_tweak_same_rank_assets array | null

Diagram tweak same rank assets

uniqueItems=true