This repository demonstrates a practical approach to managing threat models as versioned, reviewable, and enforceable artifacts within a modern delivery pipeline.
Threat modeling is treated as an engineering activity rather than a one-off documentation task. Models are defined declaratively, validated automatically, and enforced during pull requests.
- Keep threat models close to the code they describe
- Detect unmitigated high-risk threats early
- Enable consistent security decision-making
- Provide a clear audit trail for security reviews
- YAML-based threat definitions
- STRIDE-aligned categorisation
- Risk scoring based on impact and likelihood
- Policy-as-code enforcement using OPA
- Buildkite-based CI validation on Windows agents