Skip to content

v0.1.0 Release Notes

Release Date: 2026-03-01

This is the initial release of Threat Model Spec, providing a JSON-based intermediate representation for security threat modeling diagrams with D2 rendering and STIX 2.1 export.

Highlights

  • πŸ’» JSON-based intermediate representation for threat modeling diagrams with D2 and STIX 2.1 export
  • πŸ—ΊοΈ Comprehensive security framework mappings: MITRE ATT&CK, MITRE ATLAS, OWASP Top 10 (API/LLM/Web), CWE, CVSS, STRIDE

What's New

Go Packages

Package Description
ir Intermediate representation types for elements, boundaries, flows, attacks, actors, and messages
diagram Programmatic diagram construction with D2 rendering
stix STIX 2.1 export (Bundle, AttackPattern, ThreatActor, Infrastructure, Indicator, Vulnerability)
stride STRIDE threat category types and color mappings
killchain MITRE ATT&CK tactics and Lockheed Martin Cyber Kill Chain phases

CLI Tool (tms)

The tms command-line tool provides:

  • tms generate β€” Generate D2 diagrams or STIX 2.1 bundles
  • tms validate β€” Validate threat model JSON files
  • tms version β€” Print version information

Generate Options

# Generate D2 diagram
tms generate model.json -o diagram.d2

# Also render to SVG
tms generate model.json -o diagram.d2 --svg

# Export to STIX 2.1
tms generate model.json --stix -o model.stix.json

Diagram Types

Type Description Key Fields
dfd Data Flow Diagram elements, boundaries, flows
attack-chain Attack Chain elements, attacks, targets
sequence Sequence Diagram actors, messages, phases

Framework Mappings

Full support for mapping threats to industry security frameworks:

  • MITRE ATT&CK β€” Adversary tactics and techniques
  • MITRE ATLAS β€” AI/ML threat matrix
  • OWASP Top 10 β€” Web, API, and LLM security risks
  • STRIDE β€” Microsoft threat categorization
  • CWE β€” Common Weakness Enumeration
  • CVSS β€” Common Vulnerability Scoring System

D2 Style Library

Color-coded styles for visual threat modeling:

  • STRIDE threat badges and boxes
  • DFD element styles (process, datastore, external entity, etc.)
  • Trust boundary containers (browser, localhost, network, etc.)
  • Attack flow arrows

Examples

  • OpenClaw WebSocket Vulnerability β€” Complete case study with DFD, attack chain, and sequence diagrams demonstrating a localhost takeover vulnerability

Documentation

  • MkDocs site with Material theme
  • Installation and quick start guides
  • JSON IR specification reference
  • D2 style documentation
  • CLI command reference

Installation

Go Library

go get github.com/grokify/threat-model-spec

CLI Tool

go install github.com/grokify/threat-model-spec/cmd/tms@latest

Requirements

  • Go 1.24+
  • D2 v0.6+ (for SVG rendering)