StartLeft is an automation tool for generating Threat Models written in the Open Threat Model (OTM) format from a variety of different sources such as IaC files, diagrams or projects exported from Threat Modelling tools.
Home Page: https://iriusrisk.github.io/startleft/
License: Apache License 2.0
StartLeft is an automation tool for generating Threat Models written in the Open Threat Model (OTM) format from a variety of different sources such as IaC files, diagrams or projects exported from Threat Modeling tools.
All you need to know about StartLeft is available in our documentation.
All release notes are documented in Releases Section.
the c4 models is very popular in software architecture stage. I suggest to support parse c4 models in startleft.
Using legacy 'setup.py install' for pygraphviz, since package 'wheel' is not installed.
Installing collected packages: zipp, sniffio, rpds-py, idna, exceptiongroup, attrs, typing-extensions, referencing, packaging, MarkupSafe, importlib-resources, anyio, urllib3, tomli, starlette, six, setuptools, pydantic, pluggy, platformdirs, pkgutil-resolve-name, numpy, lark, jsonschema-specifications, Jinja2, iniconfig, importlib-metadata, h11, filelock, distlib, deprecation, click, charset-normalizer, certifi, vsdx, virtualenv, uvicorn, types-PyYAML, shapely, setuptools-scm, requests, pyyaml, python-multipart, python-magic, python-hcl2, pytest, pyproject-api, pygraphviz, ordered-set, networkx, jsonschema, jmespath, httpcore, google-re2, fastapi, dependency-injector, defusedxml, deepmerge, colorama, chardet, cachetools, tox, startleft, responses, pytest-runner, pytest-mock, httpx, deepdiff, coverage
Attempting uninstall: setuptools
Found existing installation: setuptools 56.0.0
Uninstalling setuptools-56.0.0:
Successfully uninstalled setuptools-56.0.0
Running setup.py install for pygraphviz ... error
ERROR: Command errored out with exit status 1:
command: /Users/m.khan/tools/startleft/startleft/venv/bin/python3 -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/private/var/folders/9h/k99tbk6n0vz456t433hyhcrs629579/T/pip-install-kmyhn_ry/pygraphviz_19d94bd2da6c4225a948b1c01b9e187f/setup.py'"'"'; file='"'"'/private/var/folders/9h/k99tbk6n0vz456t433hyhcrs629579/T/pip-install-kmyhn_ry/pygraphviz_19d94bd2da6c4225a948b1c01b9e187f/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(file) if os.path.exists(file) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' install --record /private/var/folders/9h/k99tbk6n0vz456t433hyhcrs629579/T/pip-record-pnwve_ji/install-record.txt --single-version-externally-managed --compile --install-headers /Users/m.khan/tools/startleft/startleft/venv/include/site/python3.8/pygraphviz
cwd: /private/var/folders/9h/k99tbk6n0vz456t433hyhcrs629579/T/pip-install-kmyhn_ry/pygraphviz_19d94bd2da6c4225a948b1c01b9e187f/
Complete output (87 lines):
running install
/Users/m.khan/tools/startleft/startleft/venv/lib/python3.8/site-packages/setuptools/_distutils/cmd.py:66: SetuptoolsDeprecationWarning: setup.py install is deprecated.
!!
********************************************************************************
Please avoid running ``setup.py`` directly.
Instead, use pypa/build, pypa/installer, pypa/build or
other standards-based tools.
See https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html for details.
********************************************************************************
!!
self.initialize_options()
running build
running build_py
creating build
creating build/lib.macosx-11-universal2-cpython-38
creating build/lib.macosx-11-universal2-cpython-38/pygraphviz
copying pygraphviz/scraper.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz
copying pygraphviz/graphviz.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz
copying pygraphviz/__init__.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz
copying pygraphviz/agraph.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz
copying pygraphviz/testing.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz
creating build/lib.macosx-11-universal2-cpython-38/pygraphviz/tests
copying pygraphviz/tests/test_unicode.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz/tests
copying pygraphviz/tests/test_scraper.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz/tests
copying pygraphviz/tests/test_readwrite.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz/tests
copying pygraphviz/tests/test_string.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz/tests
copying pygraphviz/tests/__init__.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz/tests
copying pygraphviz/tests/test_html.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz/tests
copying pygraphviz/tests/test_node_attributes.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz/tests
copying pygraphviz/tests/test_drawing.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz/tests
copying pygraphviz/tests/test_repr_mimebundle.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz/tests
copying pygraphviz/tests/test_subgraph.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz/tests
copying pygraphviz/tests/test_close.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz/tests
copying pygraphviz/tests/test_edge_attributes.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz/tests
copying pygraphviz/tests/test_clear.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz/tests
copying pygraphviz/tests/test_layout.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz/tests
copying pygraphviz/tests/test_attribute_defaults.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz/tests
copying pygraphviz/tests/test_graph.py -> build/lib.macosx-11-universal2-cpython-38/pygraphviz/tests
running egg_info
writing pygraphviz.egg-info/PKG-INFO
writing dependency_links to pygraphviz.egg-info/dependency_links.txt
writing top-level names to pygraphviz.egg-info/top_level.txt
ERROR setuptools_scm._file_finders.git listing git files failed - pretending there aren't any
reading manifest file 'pygraphviz.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
warning: no files found matching '*.png' under directory 'doc'
warning: no files found matching '*.txt' under directory 'doc'
warning: no files found matching '*.css' under directory 'doc'
warning: no previously-included files matching '*~' found anywhere in distribution
warning: no previously-included files matching '*.pyc' found anywhere in distribution
warning: no previously-included files matching '.svn' found anywhere in distribution
no previously-included directories found matching 'doc/build'
adding license file 'LICENSE'
writing manifest file 'pygraphviz.egg-info/SOURCES.txt'
copying pygraphviz/graphviz.i -> build/lib.macosx-11-universal2-cpython-38/pygraphviz
copying pygraphviz/graphviz_wrap.c -> build/lib.macosx-11-universal2-cpython-38/pygraphviz
running build_ext
building 'pygraphviz._graphviz' extension
creating build/temp.macosx-11-universal2-cpython-38
creating build/temp.macosx-11-universal2-cpython-38/pygraphviz
gcc -Wno-unused-result -Wsign-compare -Wunreachable-code -fno-common -dynamic -DNDEBUG -g -fwrapv -O3 -Wall -arch arm64 -arch x86_64 -g -DSWIG_PYTHON_STRICT_BYTE_CHAR -I/Users/m.khan/tools/startleft/startleft/venv/include -I/Library/Frameworks/Python.framework/Versions/3.8/include/python3.8 -c pygraphviz/graphviz_wrap.c -o build/temp.macosx-11-universal2-cpython-38/pygraphviz/graphviz_wrap.o
pygraphviz/graphviz_wrap.c:1756:7: warning: 'tp_print' is deprecated [-Wdeprecated-declarations]
0, /* tp_print */
^
/Library/Frameworks/Python.framework/Versions/3.8/include/python3.8/cpython/object.h:260:5: note: 'tp_print' has been explicitly marked deprecated here
Py_DEPRECATED(3.8) int (*tp_print)(PyObject *, FILE *, int);
^
/Library/Frameworks/Python.framework/Versions/3.8/include/python3.8/pyport.h:515:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) __attribute__((__deprecated__))
^
pygraphviz/graphviz_wrap.c:1923:7: warning: 'tp_print' is deprecated [-Wdeprecated-declarations]
0, /* tp_print */
^
/Library/Frameworks/Python.framework/Versions/3.8/include/python3.8/cpython/object.h:260:5: note: 'tp_print' has been explicitly marked deprecated here
Py_DEPRECATED(3.8) int (*tp_print)(PyObject *, FILE *, int);
^
/Library/Frameworks/Python.framework/Versions/3.8/include/python3.8/pyport.h:515:54: note: expanded from macro 'Py_DEPRECATED'
#define Py_DEPRECATED(VERSION_UNUSED) __attribute__((__deprecated__))
^
pygraphviz/graphviz_wrap.c:2711:10: fatal error: 'graphviz/cgraph.h' file not found
#include "graphviz/cgraph.h"
^~~~~~~~~~~~~~~~~~~
2 warnings and 1 error generated.
error: command '/usr/bin/gcc' failed with exit code 1
----------------------------------------
ERROR: Command errored out with exit status 1: /Users/m.khan/tools/startleft/startleft/venv/bin/python3 -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/private/var/folders/9h/k99tbk6n0vz456t433hyhcrs629579/T/pip-install-kmyhn_ry/pygraphviz_19d94bd2da6c4225a948b1c01b9e187f/setup.py'"'"'; file='"'"'/private/var/folders/9h/k99tbk6n0vz456t433hyhcrs629579/T/pip-install-kmyhn_ry/pygraphviz_19d94bd2da6c4225a948b1c01b9e187f/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(file) if os.path.exists(file) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, file, '"'"'exec'"'"'))' install --record /private/var/folders/9h/k99tbk6n0vz456t433hyhcrs629579/T/pip-record-pnwve_ji/install-record.txt --single-version-externally-managed --compile --install-headers /Users/m.khan/tools/startleft/startleft/venv/include/site/python3.8/pygraphviz Check the logs for full command output.
Hello. Iām looking for example otm files that conform to the current schema. Ideally Iām looking for a few simple files containing a handful of components, single trust boundary line, and simple data flows. Also if there are more complex examples with mesh looking dataflows, multiple trust boundaries, etc, that would be ideal,
Ideally, examples would be incorporated into unit tests in this repo and kept up to date as the otm schema evolves.
For example, in CloudFormation you can have a VPCGatewayAttachment that associates a Gateway with a VPC. For a Gateway to be included in the threat model with a parent of the VPC, it would be necessary to map the parent of the gateway to the VPC via the Attachment:
GatewayToInternet:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
VpcId:
Ref: "VPC"
InternetGatewayId:
Ref: "InternetGateway"
One possible approach could be to leverage the $source action and ensure that values are carried through as needed.
I'm trying to install startleft on MacOS. I've also installed the libmagic via brew install libmagic. But when I run startleft --version, I found this error
Traceback (most recent call last):
File "/opt/homebrew/bin/startleft", line 5, in <module>
File "/opt/homebrew/lib/python3.11/site-packages/startleft/startleft/cli/cli.py", line 11, in <module>
File "/opt/homebrew/lib/python3.11/site-packages/_sl_build/secure_importer.py", line 38, in _secure_importer
File "/opt/homebrew/lib/python3.11/site-packages/sl_util/sl_util/file_utils.py", line 7, in <module>
File "/opt/homebrew/lib/python3.11/site-packages/_sl_build/secure_importer.py", line 38, in _secure_importer
File "/opt/homebrew/lib/python3.11/site-packages/magic/__init__.py", line 209, in <module>
File "/opt/homebrew/lib/python3.11/site-packages/magic/loader.py", line 49, in load_lib
ImportError: failed to find libmagic. Check your installation
Do you have any ideas?
I get the following error when I attempt to run startleft parse ....
PS C:\Users\ktest\OneDrive - Synergy\Documents\Threat Modelling\IriusRisk\Terraform> startleft parse --iac-type slp_tf --mapping-file default-slp_tf-mapping.yaml --output-file elb.otm --project-name "Terraform ELB" --project-id "terraform-elb" elb.tf > error.txt Traceback (most recent call last): File "C:\Users\ktest\AppData\Local\Programs\Python\Python310\Scripts\startleft-script.py", line 33, in <module> File "C:\Users\ktest\AppData\Local\Programs\Python\Python310\Scripts\startleft-script.py", line 25, in importlib_load_entry_point File "C:\Users\ktest\AppData\Local\Programs\Python\Python310\lib\importlib\metadata\__init__.py", line 171, in load File "C:\Users\ktest\AppData\Local\Programs\Python\Python310\lib\importlib\__init__.py", line 126, in import_module File "<frozen importlib._bootstrap>", line 1050, in _gcd_import File "<frozen importlib._bootstrap>", line 1027, in _find_and_load File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 688, in _load_unlocked File "<frozen importlib._bootstrap_external>", line 883, in exec_module File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed File "C:\Users\ktest\AppData\Local\Programs\Python\Python310\lib\site-packages\startleft\startleft\cli\cli.py", line 17, in <module> File "C:\Users\ktest\AppData\Local\Programs\Python\Python310\lib\site-packages\_sl_build\secure_importer.py", line 42, in _secure_importer File "<frozen importlib._bootstrap>", line 1129, in __import__ File "<frozen importlib._bootstrap>", line 1050, in _gcd_import File "<frozen importlib._bootstrap>", line 1027, in _find_and_load File "<frozen importlib._bootstrap>", line 992, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed File "<frozen importlib._bootstrap>", line 1050, in _gcd_import File "<frozen importlib._bootstrap>", line 1027, in _find_and_load File "<frozen importlib._bootstrap>", line 992, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed File "<frozen importlib._bootstrap>", line 1050, in _gcd_import File "<frozen importlib._bootstrap>", line 1027, in _find_and_load File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 688, in _load_unlocked File "<frozen importlib._bootstrap_external>", line 883, in exec_module File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed File "C:\Users\ktest\AppData\Local\Programs\Python\Python310\lib\site-packages\slp_cft\__init__.py", line 12, in <module> File "C:\Users\ktest\AppData\Local\Programs\Python\Python310\lib\site-packages\_sl_build\secure_importer.py", line 42, in _secure_importer File "<frozen importlib._bootstrap>", line 1133, in __import__ File "<frozen importlib._bootstrap>", line 1050, in _gcd_import File "<frozen importlib._bootstrap>", line 1027, in _find_and_load File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 688, in _load_unlocked File "<frozen importlib._bootstrap_external>", line 883, in exec_module File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed File "C:\Users\ktest\AppData\Local\Programs\Python\Python310\lib\site-packages\slp_cft\slp_cft\__init__.py", line 1, in <module> File "C:\Users\ktest\AppData\Local\Programs\Python\Python310\lib\site-packages\_sl_build\secure_importer.py", line 42, in _secure_importer File "<frozen importlib._bootstrap>", line 1133, in __import__ File "<frozen importlib._bootstrap>", line 1050, in _gcd_import File "<frozen importlib._bootstrap>", line 1027, in _find_and_load File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 688, in _load_unlocked File "<frozen importlib._bootstrap_external>", line 883, in exec_module File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed File "C:\Users\ktest\AppData\Local\Programs\Python\Python310\lib\site-packages\slp_cft\slp_cft\cft_processor.py", line 11, in <module> File "C:\Users\ktest\AppData\Local\Programs\Python\Python310\lib\site-packages\_sl_build\secure_importer.py", line 42, in _secure_importer File "<frozen importlib._bootstrap>", line 1129, in __import__ File "<frozen importlib._bootstrap>", line 1050, in _gcd_import File "<frozen importlib._bootstrap>", line 1027, in _find_and_load File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 688, in _load_unlocked File "<frozen importlib._bootstrap_external>", line 883, in exec_module File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed File "C:\Users\ktest\AppData\Local\Programs\Python\Python310\lib\site-packages\slp_cft\slp_cft\validate\cft_validator.py", line 3, in <module> File "C:\Users\ktest\AppData\Local\Programs\Python\Python310\lib\site-packages\_sl_build\secure_importer.py", line 42, in _secure_importer File "<frozen importlib._bootstrap>", line 1129, in __import__ File "<frozen importlib._bootstrap>", line 1050, in _gcd_import File "<frozen importlib._bootstrap>", line 1027, in _find_and_load File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 688, in _load_unlocked File "<frozen importlib._bootstrap_external>", line 883, in exec_module File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed File "C:\Users\ktest\AppData\Local\Programs\Python\Python310\lib\site-packages\magic\__init__.py", line 209, in <module> File "C:\Users\ktest\AppData\Local\Programs\Python\Python310\lib\site-packages\magic\loader.py", line 49, in load_lib ImportError: failed to find libmagic. Check your installation
A commonly used tool for drawing data flow diagrams is diagrams.net (formerly known as draw.io)
It would be great, if startleft could convert its files into an OTM document.
Hi, we are just putting in https://www.orbussoftware.com/solutions/enterprise-architecture for our solution architecture modelling. Also considering Iriusrisk for cyber security threat modelling. Does anyone have an existing OTM translator for this?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ššš
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ā¤ļø Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.