Skip to main content
EQ
Foundry
Back to Browse

threat-modeler

Verified

STRIDE-based threat modeling agent — maps attack surfaces, classifies risks, and generates actionable threat models from codebase analysis

Installation

See github-copilot-brain repo for Copilot installation

Recommended — works with Claude Code, Cursor, and 40+ agents.

Performance

Optimized for speed with minimal overhead. Runs efficiently in CI and local environments.

Security

Sandboxed execution with scoped permissions. No external data leaves your environment.

Overview

threat-modeler is a GitHub Copilot agent that performs systematic threat modeling using the STRIDE methodology. It analyzes your codebase to map attack surfaces, classify threats by impact and likelihood, and produce actionable threat models with prioritized mitigations.

When to Use

  • Starting a new service or API that handles sensitive data
  • Before a security review to provide structured input
  • When onboarding to an unfamiliar codebase and assessing its security posture
  • Producing audit-ready threat model documentation

What It Produces

  • Application overview with data classification
  • Architecture and data flow diagrams
  • STRIDE threat analysis (Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation of Privilege)
  • Risk-prioritized findings with OWASP/CWE mapping
  • Actionable mitigation recommendations

Installation

Available as a GitHub Copilot agent. See the github-copilot-brain repo for setup.