Releases: bogdanticu88/threatmap
v2.1.0 - Extended MITRE, PASTA & GraphQL API
What's New
🎯 Extended MITRE ATT&CK Framework
- Expanded from 3 to 11 threat rules
- Added resource-aware TTP (Tactic & Technique) mapping
- New techniques for IAM, storage, containers, and lateral movement
- Technique details mapping with proper tactic categorization
🍝 Expanded PASTA Framework
- Expanded from 5 to 12 threat rules
- Fixed threat actor determination logic
- Enhanced asset classification with infrastructure category
- Improved scenario selection for compliance and defense evasion
- Proper PastaElement mapping (Asset, Actor, Vulnerability, Countermeasure)
🔗 New GraphQL API
- Full Strawberry GraphQL integration
- Query types:
health,version,rules - Mutation:
analyzefor threat modeling across frameworks - Automatic type conversion from internal models to GraphQL types
- JSON scalar support for dynamic responses
📊 Updated REST API
- Enhanced
ThreatResponsemodel with STRIDE category, MITRE TTPs, and PASTA threat context - New response models:
MitreTtpResponse,PastaThreatResponse - Updated
/rulesendpoint with real threat rule counts - GraphQL endpoint at
/graphql
🐳 Docker Support
- v2.1.0 image pushed to Docker Hub:
bogdynn/threatmap:2.1.0 - Latest tag also updated
📦 PyPI Release
- Published to PyPI:
pip install threatmap==2.1.0 - Python 3.9, 3.10, 3.11, 3.12 support verified
Framework Coverage
| Framework | Rules |
|---|---|
| STRIDE | 73 |
| MITRE ATT&CK | 11 |
| PASTA | 12 |
Supported IaC Formats
- Terraform
- AWS CloudFormation
- Kubernetes YAML
API Endpoints
- REST:
/api/analyze,/api/rules,/health - GraphQL:
/graphql
Testing
All tests passing across Python 3.9-3.12 with GitHub Actions CI/CD.
See README.md for full documentation and usage examples.
v1.1.7 - Banner Fix
Release v1.1.7: Ensure the banner and random security jokes are displayed when running the tool without arguments.
v1.1.6 - Stability Fix
Release v1.1.6: Fixed cross-version compatibility for the help menu.
v1.1.5 - CLI Fix
Release v1.1.5: Fixed a TypeError in the CLI when no arguments were provided.
v1.1.4 - Security Humor
Release v1.1.4: Added random security-themed jokes to the CLI banner.
v1.1.3 - Improved UX
Release v1.1.3: Automatically display help menu when no arguments are provided.
v1.1.2 - CLI Version Support
Release v1.1.2: Added support for --version flag.
v1.1.1 - PyPI Patch
Initial PyPI release for threatmap.
v1.1.0 - Graph Intelligence, Custom Rules & Reporters
Release v1.1.0: Add Attack Path Analysis, SARIF/HTML reporters, Custom Rules engine, and Remediation Hints.
v1.0.0
threatmap v1.0.0
Initial release.
What it does
Parses Terraform (HCL), CloudFormation (YAML/JSON), and Kubernetes manifests and applies STRIDE rules to produce a structured threat model report with a Mermaid data flow diagram. Fully offline — no cloud credentials, no network calls.
Supported formats and providers
| Format | Provider |
|---|---|
| Terraform HCL | AWS, Azure, GCP |
| CloudFormation | AWS |
| Kubernetes manifests | Kubernetes |
Rule coverage
| Provider | Rules |
|---|---|
| AWS | 22 |
| Azure | 19 |
| GCP | 15 |
| Kubernetes | 17 |
| Total | 73 |
Install
```bash
pip install -e .
```
Usage
```bash
Markdown report
threatmap scan ./infra/ --output report.md
CI gate — exit 1 if HIGH or CRITICAL found
threatmap scan ./infra/ --fail-on HIGH --output report.md
JSON output
threatmap scan ./infra/ --format json --output report.json
```