This action runs Threagile as part of a GitHub workflow.
Required The name of the Threagile model input file. Default "threagile.yaml".
The output is usually handled as files via artifacts (see below).
on:
push:
paths:
- 'threagile.yaml' # useful to filter this job to execute only when the threat model changes
jobs:
threagile_job:
runs-on: ubuntu-latest
name: Threat Model Analysis
steps:
# Checkout the repo
- name: Checkout Workspace
uses: actions/checkout@v4
# Run Threagile
- name: Run Threagile
id: threagile
uses: pritchyspritch/run-threagile-action@v2
with:
model-file: 'threagile.yaml'
output-dir: 'put/files/here' # default: threagile/output
optional-args: '-create-example-model'
# Archive resulting files as artifacts
- name: Archive Results
uses: actions/upload-artifact@v4
with:
name: threagile-report
path: threagile/output
# Optional step to link from repo's README.md if you want. This can also be committed to a separate branch if desired.
- name: Commit & Push Report and DFD Diagram
run: |
git config --local user.email "[email protected]" # customize as desired
git config --local user.name "Threagile" # customize as desired
git add threagile/output/report.pdf
git add threagile/output/data-flow-diagram.png
git commit -m "Update threat model report and data-flow diagram by Threagile" # customize as desired
git push
## Threat Model Analysis
The open-source toolkit for agile threat modeling, Threagile, was used to model and analyze potential threats.
### Data-Flow Diagram (DFD)
The following DFD was generated by Threagile during threat model analysis:
### Threat Model Report
The following report was generated by Threagile during threat model analysis:
[Threat Model Report](/threagile/output/report.pdf?raw=true)