Releases: OWASP/threat-dragon
Version 2.0.2
Patch version 2.0.2 fixes a collection of bugs from version 2.0.0:
- Add missing threat fields and a threat number on the report
- migrate docs to OWASP project pages
- Print to PDF missing from desktop version
- Unable to create a new threat model while using GitHub as provider
- Threat IDs are updating after edit
Web application
The web application is provided as a .tar.gz file or a .zip file
with software bills of materials (SBOMs)
Desktop version
| Platform | File | checksum |
|---|---|---|
| Windows NSIS installer | Threat-Dragon-ng-Setup-2.0.2.exe | latest.yml |
| MacOS installer | Threat-Dragon-ng-2.0.2.dmg | latest-mac.yml |
| Linux AppImage | Threat-Dragon-ng-2.0.2.AppImage | latest-linux.yml |
| Debian package, AMD64 | threat-dragon_2.0.2_amd64.deb | |
| Redhat package manager, X86 64 bit | threat-dragon-2.0.2.x86_64.rpm |
Installing on Windows
Depending on the security applied in your Windows, you may need to open the file properties
and check the 'Unblock' checkbox to allow Threat Dragon to run
Installing on MacOS
Use the disk image (.dmg) file to install on MacOS systems, the Threat Dragon .zip
is used for the automatic updates only
Selecting the Linux package to use
AppImage can be used for most Linux distributions and hardware platforms
The Snap image is available from the official snapcraft distribution
.rpm for Red Hat Linux, AIX, CentOS, Fedora
.deb for debian based Linux, such as Ubuntu, Trisqel and Debian itself
Docker container
Pull from docker hub using docker pull --platform linux/x86_64 owasp/threat-dragon:v2.0.2
Version 2.0.0
This is the new version 2.0 Threat Dragon, it has been rewritten from the previous version 1.x
There is some functionality that has yet to be carried over to this new version:
- Desktop version Print to PDF button (we are working on this). Instead use the print button and select a system PDF printer
- automated threat generation
- threat generation using OATs (OWASP Automated Threats)
- resizing of components
we will reinstate this functionality in the next versions.
Web Application
The web application is provided as a .tar.gz file or a .zip file
Desktop version
| Platform | File |
|---|---|
| Windows NSIS installer | Threat-Dragon-ng-Setup-2.0.0.exe |
| MacOS installer | Threat-Dragon-ng-2.0.0.dmg |
| Linux AppImage | Threat-Dragon-ng-2.0.0.AppImage |
| Debian package, AMD64 | threat-dragon_2.0.0_amd64.deb |
| Redhat package manager, X86 64 bit | threat-dragon-2.0.0.x86_64.rpm |
Running on Windows
Depending on the security applied in Windows, you may need open the file properties and check the 'Unblock' checkbox to allow Threat Dragon to run
Selecting the Linux package to use
AppImage can be used for most Linux distributions and hardware platforms
Snap image is available via official snapcraft distribution
.rpm for Red Hat Linux, AIX, CentOS, Fedora
.deb for debian based Linux, such as Ubuntu, Trisqel and Debian itself
Docker
Pull from docker hub using docker pull owasp/threat-dragon:v2.0.0
Version 1.6.1
- Docs now moved to a different site now that threatdragon.org is not accessible
Note that this is an interim release of 1.x before Threat Dragon version 2.0 is released early 2023
Web Application
The web application is provided as a .tar.gz file or a .zip file
Desktop version
| Platform | File |
|---|---|
| Windows NSIS installer | OWASP-Threat-Dragon.Setup.1.6.1.exe |
| MacOS installer | OWASP-Threat-Dragon-1.6.1.dmg |
| MacOS zip | OWASP-Threat-Dragon-1.6.1-mac.zip |
| Linux AppImage | OWASP-Threat-Dragon-1.6.1.AppImage |
| Debian package, AMD64 | threat-dragon-desktop-1.6.1.amd64.deb |
| Redhat package manager, X86 64 bit | threatdragon-1.6.1.x86_64.rpm |
Running on Windows
Depending on the security applied in Windows, you may need open the file properties and check the 'Unblock' checkbox to allow Threat Dragon to run
Selecting the Linux package to use
AppImage can be used for most Linux distributions and hardware platforms
Snap image is available via official snapcraft distribution
.rpm for Red Hat Linux, AIX, CentOS, Fedora
.deb for debian based Linux, such as Ubuntu, Trisqel and of course Debian itself
Version 1.6.0
- Automated threat and context threat generation, mainly based on OWASP Automated Threats
Note that this is intended to be the last release of 1.x before Threat Dragon migrates to version 2.0 next year
Web Application
The web application is provided as a .tar.gz file or a .zip file
Alternatively pull the Threat Dragon docker image using docker pull threatdragon/owasp-threat-dragon:v1.6.0
Desktop version
| Platform | File |
|---|---|
| Windows NSIS installer | OWASP-Threat-Dragon.Setup.1.6.0.exe |
| MacOS installer | OWASP-Threat-Dragon-1.6.0.dmg |
| MacOS zip | OWASP-Threat-Dragon-1.6.0-mac.zip |
| Linux AppImage | OWASP-Threat-Dragon-1.6.0.AppImage |
| Debian package, AMD64 | threat-dragon-desktop-1.6.0.amd64.deb |
| Redhat package manager, X86 64 bit | threatdragon-1.6.0.x86_64.rpm |
** Running on Windows
Depending on the security applied in Windows, you may need open the file properties and check the 'Unblock' checkbox to allow Threat Dragon to run
Selecting the Linux package to use
AppImage can be used for most Linux distributions and hardware platforms
Snap image is available via official snapcraft distribution
.rpm for Red Hat Linux, AIX, CentOS, Fedora
.deb for debian based Linux, such as Ubuntu, Trisqel and of course Debian itself
Version 1.5.8
- Shows NA threats as having been completed/ mitigated
- Fixes bug in threat engine present in the web application only
This new release now has signed binaries for Windows.
Web Application
The web application is provided as .tar.gz file or a .zip file
Alternatively pull the Threat Dragon docker image using docker pull threatdragon/owasp-threat-dragon:v1.5.8
Desktop version
| Platform | File |
|---|---|
| Windows NSIS installer | OWASP-Threat-Dragon.Setup.1.5.8.exe |
| MacOS installer | OWASP-Threat-Dragon-1.5.8.dmg |
| MacOS zip | OWASP-Threat-Dragon-1.5.8-mac.zip |
| Linux AppImage | OWASP-Threat-Dragon-1.5.8.AppImage |
| Debian package, AMD64 | threat-dragon-desktop-1.5.8.amd64.deb |
| Redhat package manager, X86 64 bit | threatdragon-1.5.8.x86_64.rpm |
Selecting the Linux package to use
AppImage can be used for most Linux distributions and hardware platforms
Snap image is available via official snapcraft distribution
.rpm for Red Hat Linux, AIX, CentOS, Fedora
.deb for debian based Linux, such as Ubuntu, Trisqel and of course Debian itself
Version 1.5.5
We are in the process of obtaining a Windows code-signing certificate and that should be available soon. Once that is available, a new release will be created with signed binaries for Windows.
Web Application
The web application is provided as .tar.gz file or a .zip file
Alternatively pull the Threat Dragon docker image using docker pull threatdragon/owasp-threat-dragon:v1.5.5
Desktop version
| Platform | File |
|---|---|
| Windows NSIS installer | OWASP-Threat-Dragon.Setup.1.5.5.exe |
| MacOS installer | OWASP-Threat-Dragon-1.5.5.dmg |
| MacOS zip | OWASP-Threat-Dragon-1.5.5-mac.zip |
| Linux AppImage | OWASP-Threat-Dragon-1.5.5.AppImage |
| Linux Snap, AMD64 | threatdragon-1.5.5.amd64.snap |
| Debian package, AMD64 | threat-dragon-desktop-1.5.5.amd64.deb |
| Redhat package manager, X86 64 bit | threatdragon-1.5.5.x86_64.rpm |
Selecting the Linux package to use
AppImage can be used for most Linux distributions and hardware platforms
Snap image is available via official snapcraft distribution
.rpm for Red Hat Linux, AIX, CentOS, Fedora
.deb for debian based Linux, such as Ubuntu, Trisqel and of course Debian itself
Version 1.5.3
Note: there is a bug in this release for Windows, where clicking on either the 'Get started by creating a completely new, empty threat model' or the 'Explore a sample model' will break. The work around for the moment is to select 'New' from the pull down menu.
There is a fix in place which will be released with version 1.5.5
- Fixes the "add a new threat per element" feature #258
- MacOS images are signed and notarized
- Snap image is available via official snapcraft distribution! https://snapcraft.io/threat-dragon
We are in the process of obtaining a code-signing certificate and that should be available soon. Once that is available, a new release will be created with signed binaries for Windows.
Web Application
The web application is provided as .tar.gz file or a .zip file
Alternatively pull the Threat Dragon docker image using docker pull threatdragon/owasp-threat-dragon:v1.5.3
Desktop version
| Platform | File |
|---|---|
| Windows NSIS installer | OWASP-Threat-Dragon.Setup.1.5.3.exe |
| MacOS installer | OWASP-Threat-Dragon-1.5.3.dmg |
| MacOS zip | OWASP-Threat-Dragon-1.5.3-mac.zip |
| Linux AppImage | OWASP-Threat-Dragon-1.5.3.AppImage |
| Linux Snap, AMD64 | threatdragon-1.5.3.amd64.snap |
| Debian package, AMD64 | threat-dragon-desktop-1.5.3.amd64.deb |
| Redhat package manager, X86 64 bit | threatdragon-1.5.3.x86_64.rpm |
Selecting the Linux package to use
AppImage can be used for most Linux distributions and hardware platforms
.rpm for Red Hat Linux, AIX, CentOS, Fedora
.deb for debian based Linux, such as Ubuntu, Trisqel and of course Debian itself
snap can be used across Linux distributions
Version 1.5.0
Note: this release has broken the 'add a new threat per element' functionality. If you use this method of adding threats it may be better to wait for version 1.5.1 which is due out August 2021
- provides script to transpile Microsoft Threat Model Tool
.tm7files to Threat Dragon.jsonfiles - adds Not Applicable as a threat-level option
- adds a UUID to individual threats
- removes trust boundary colour
Web Application
The web application is provided as .tar.gz file or a .zip file
Alternatively pull the Threat Dragon docker image using docker pull threatdragon/owasp-threat-dragon:v1.5.0
sha256: 9aa6ee00b287e2e663ac9a675d83b5f1f842f963d6f2eb234a5988186acae4ad
Desktop version
| Platform | File | SHA256 |
|---|---|---|
| Windows NSIS installer | OWASP-Threat-Dragon.Setup.1.5.0.exe | 49ce24ceba2b4c4317cf39b23b2758e6e718d671a8fc253cd7f5ed11e2d94ac8 |
| MacOS installer | OWASP-Threat-Dragon-1.5.0.dmg | b51b96beaf5f3012db6ccb4ba55f775636796b1f50c5d6b82caee37e8b136f6a |
| MacOS zip | OWASP-Threat-Dragon-1.5.0-mac.zip | 6f544fa3b33dead0146289a74a206fead5003ed6aefd30764d0aa4606466d1e4 |
| Linux AppImage | OWASP-Threat-Dragon-1.5.0.AppImage | 7d42a47a84ecc66df99fdeb2bcc77c0b316af320b6d85ac9630bc95786860434 |
| Linux Snap, AMD64 | threatdragon-1.5.0.amd64.snap | 6bcd155d312ee1dada49db9bbc9a4bbf74f4d07a1bd3dfc97019118f9ef24279 |
| Debian package, AMD64 | threat-dragon-desktop-1.5.0.amd64.deb | 959432a3788cae01bb5bdcb010fc583b048470dbdef6f6b55945965e1e76f1b0 |
| Redhat package manager, X86 64 bit | threatdragon-1.5.0.x86_64.rpm | fb7c8a5348e18b3a7035e19f83c324cffc02841a30bd558e46416e75c93fd40f |
MacOS Installation
There will most likely be a 'cannot check for malicious software' error when installing on MacOS. Until we notarize the image (and this work is in progress) please follow this FAQ.
Selecting the Linux package to use
AppImage can be used for most Linux distributions and hardware platforms
.rpm for Red Hat Linux, AIX, CentOS, Fedora
.deb for debian based Linux, such as Ubuntu, Trisqel and of course Debian itself
snap can be used across Linux distributions
Version 1.4.0
Provides dotenv for environment variables and updates to docker image.
Web Application
The web application is provide as .tar.gz file or a .zip file
Alternatively pull the docker image using docker pull threatdragon/owasp-threat-dragon:v1.4.0
sha256: a3aa7d555fd997b10bfbd26d8c86ae0a7fff4a6d5bdaad52768a5cf37a3f0cb0
Desktop version
| Platform | File | SHA256 |
|---|---|---|
| Windows installer | OWASP-Threat-Dragon-Setup-1.4.0.exe | 3c63889cd671fe886d1393e36e898c38089769ef5aaa5b0b294f7abe0342aadd |
| MacOS installer | OWASP-Threat-Dragon-1.4.0.dmg | d42ae717e033b007e0102faf6ff6c6db0aaf8878fff02ec05a6ac4949dbde214 |
| Linux AppImage | OWASP-Threat-Dragon-1.4.0.AppImage | 7d54ff7affad62eaaacf864f5fb56cd17e8c0be066e86a6f41fbf5cc1d4e24d1 |
| Linux Snap, AMD64 | threatdragon-1.4.0.amd64.snap | 90e63a225cd518f961cc88896fbd305b7f8a19367a5f233eb3d079e490ab7acb |
| Debian package, AMD64 | threatdragon-1.4.0.amd64.deb | fe5c5a18789f0eaa2b2da7a3cd11d5732fe7cb3df5242e62d00468d5fc28ff09 |
| Debian package, X86 64 bit | threatdragon-1.4.0.x86_64.deb | 933515e3ccda2f41c5d7b9f26f84cc2c22182c138af4182f72589c7fd057193f |
| Redhat package manager, AMD64 | threatdragon-1.4.0.amd64.rpm | d5189a105b5660f70c5eeba2d570660fcab55078592d648ea0133789b0bf7bc7 |
| Redhat package manager, X86 64 bit | threatdragon-1.4.0.x86_64.rpm | ab22258c4e175b09d9628fac7f7330b9559d34145069d57f135c1055a416036c |
MacOS Installation
There will most likely be a 'cannot check for malicious software' error when installing on MacOS. Until we notarize the installer
(and this work is in progress) please follow this FAQ.
Selecting the Linux package to use
AppImage can be used for most Linux distributions and hardware platforms
RPM for Red Hat Linux, AIX, CentOS, Fedora
DEB for debian based Linux, such as Ubuntu, Trisqel and of course Debian itself
SNAP can be used across Linux distributions, but is supplied here only for AMD64 hardware platforms
Version 1.3.1
Update documentation link to point to new docs page