-
Notifications
You must be signed in to change notification settings - Fork 16
Home
Mikhail edited this page Jul 3, 2022
·
5 revisions
TicTaaC solution may be used to identify threats related to an application architecture, design and development process. TicTaaC Core will automatically generate threats classified by Microsoft STRIDE and OWASP Top 10 according to the provided data flow diagram file described in a special lightweight format.
TicTaaC Core [--help]
[--threatModel <file(s) or folder path>] [--out ] [--outFormat ][--mitigations ]
[--failOnThreatRisk ] [--threatsLibrary ]
[--threatsLibraryAccessUsername ] [--threatsLibraryAccessPassword ]
| Parameter | Description |
|---|---|
| -h, --help | Print this help message |
| --threatModel | (Mandatory) Data flow diagram file(s) or a folder path to scan files to process. |
| --out | (Optional) The folder to write report(s) to. This defaults to the current directory. |
| --outFormat | (Optional) The report format (HTML, JSON). The default is HTML. |
| --mitigations | (Optional) The file(s) or folder path to scan these files with the mitigation strategy for the corresponding threats from the report. |
| --failOnThreatRisk | (Optional) Specifies if the build should be failed if a Threat Risk above a specified level is identified (Low, Medium, High). By default the build will never fail. |
| --threatsLibrary | (Optional) The path to the file with the rules containing threat-generating logic. It may be a path to a local file, a web-resource file path or a classpath. |
| --threatsLibraryAccessUsername | (Optional) If web-resource file with the rules protected with authorization, specify this parameter. |
| --threatsLibraryAccessPassword | (Optional) If web-resource file with the rules protected with authorization, specify this parameter. |
| -v, --version | Print the version information. |