Skip to content

Commit

Permalink
readme update
Browse files Browse the repository at this point in the history
  • Loading branch information
rusakovichma committed May 14, 2022
1 parent 459f056 commit 8597076
Showing 1 changed file with 41 additions and 0 deletions.
41 changes: 41 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,47 @@ we just waned to get the threats list for our product. Nothing else"
The idea behind this product is clear - I want to create something simple that would help to solve this difficult problem.
Ideally, with <em>one click</em> or <em>a command</em> and with a possibility to integrate it into a pipeline if needed. Inspired by <em>dependency-check</em> architecture and simplicity plus taking in mind that <em>developers just love mapping</em> everything in code, I've created <strong>"TicTaaC"</strong>, which means <em>"Threat modeling-as-a-Code in a Tick"</em>

## Usage
All the tool is needed is a <strong>data flow code file</strong> described in the <em>yml-like format</em> specially designed for this.<br>
<strong>The examples</strong> of these files with verbose comments describing every aspect may be found [here](https://github.com/rusakovichma/TicTaaC/tree/master/expl). <br>

### Command Line
More detailed instructions can be found on the
[github wiki](https://github.com/rusakovichma/TicTaaC/wiki).
The latest CLI can be downloaded from github in the [releases section](https://github.com/rusakovichma/TicTaaC/releases). <br>
On *nix
```
$ ./bin/tic-taac.sh -h
$ ./bin/tic-taac.sh --out . --threatModel [path to threat model file]
```
On Windows
```
> .\bin\tic-taac.bat -h
> .\bin\tic-taac.bat --out . --threatModel [path to threat model file]
```

### Docker
See [TicTaaC Docker Hub repository](https://hub.docker.com/r/rusakovichma/tic-taac).
```console
#!/bin/sh

TT_VERSION="latest"
THREAT_MODEL_DIR=$HOME/threat-model

# Make sure we are using the latest version
docker pull rusakovichma/tic-taac:$TT_VERSION

docker run --rm \
-e user=$USER \
-u $(id -u ${USER}):$(id -g ${USER}) \
--volume $THREAT_MODEL_DIR:/threat-model:z \
--volume $(pwd)/report:/report:z \
rusakovichma/tic-taac:$TT_VERSION \
--threatModel /threat-model/simpest-threat-model.yml \
--outFormat html \
--out /report
# Set mitigation strategy for the corresponding threats
# --mitigations /threat-model/mitigations.yml
```
### Jenkins pipeline
For TicTaaC usage at Jenkins pipeline, see [Jenkinsfile example](https://github.com/rusakovichma/TicTaaC/blob/master/cicd/Jenkinsfile).

0 comments on commit 8597076

Please sign in to comment.