Skip to content
This repository has been archived by the owner on Jul 8, 2021. It is now read-only.

FAQs

Jump to bottom
Jon Gadsden edited this page Mar 15, 2021 · 7 revisions

Threat dragon desktop FAQs

Why do the earlier releases come from Mike Goodwin's repo, not the OWASP repo?

For more than 4 years Mike hosted Threat Dragon on his personal github area, and in mid-2020 he felt that the time was right for it to migrate to the OWASP organisation github space. This was done through June and July 2020 and with version 1.3 (released September 2020) the migration is almost complete. The demo page is still sourced from Mike's github account, which gives continuity to the origins of Threat Dragon.

Why do I get 'developer can not be verified' errors after installing on MacOS?

The Threat Dragon .dmg files are not code signed, so when running for the first time an error message will probably be shown in a pop-up window. This is along the lines of 'OWASP Threat Dragon cannot be opened because the developer cannot be verified' or '“OWASP ZAP” cannot be opened because the developer cannot be verified, macOS cannot verify that this app is free from malware'.

To resolve this:

  1. close the error message popup
  2. from the MacOS 'Apple', top left of display, go to "System Preferences" > "Security & Privacy"
  3. at the bottom of the dialog, see message saying that "OWASP-Threat-Dragon" was blocked. Next to it, click "Open anyway"
  4. the initial error message will pop up again, but this time have the option to click "Open" to run Threat Dragon despite the warning
  5. click 'Open' and Threat Dragon now runs OK
  6. this only has to be done once, after this Threat Dragon can be run as normal

Threat Dragon is now saved as an exception to your security settings, and you can run it in the future by double-clicking it just as you can any registered app.

Can I run Threat Dragon from a command line?

With the desktop version of Threat Dragon installed, and if the executable is in the environment path, then it can be run from the command line.

For example on MacOS and Linux:

OWASP-Threat-Dragon

or on Windows:

OWASP-Threat-Dragon.exe

AppImage does not need installation, so after downloading version 1.3.1 for example:

./OWASP-Threat-Dragon-1.3.1.AppImage

Is there a command line interface for Threat Dragon?

With the desktop version of Threat Dragon installed there is a command line interface which can be used if the executable is in the environment path. For example run this command to get help :

OWASP-Threat-Dragon --help

And to export a given threat model file to pdf :

OWASP-Threat-Dragon --pdf ./threat-model.json --verbose

or on Windows:

OWASP-Threat-Dragon.exe --pdf .\threat-model.json --verbose

or using AppImage (using version 1.3.1 for example):

./OWASP-Threat-Dragon-1.3.1.AppImage --pdf ./threat-model.json --verbose

Note that the path to the JSON file needs to be resolvable, so use the full path or the './' if the file is in the working directory.

Clone this wiki locally