threat-model-workbench · STRIDE-for-LLM + ATLAS
YAML threat model + MITRE ATLAS mapper + Markdown report. Design-review checkpoint for any new LLM service.
services:
workbench:
image: python:3.11-slim
working_dir: /app
volumes:
- ./src:/app/src:ro
- ./threats:/app/threats:ro
- ./reports:/app/reports
- ./requirements.txt:/app/requirements.txt:ro
environment:
ATLAS_DB: /app/threats/atlas-techniques.json
STRIDE_REQUIRED: "S,T,R,I,D,E"
command: >-
bash -c "pip install -q -r requirements.txt && python -m src.lint /app/threats/threats.yml && python -m src.report /app/threats/threats.yml --out /app/reports/threat-model.md"
Make this the design-review checkpoint for any new LLM service. Drop a threats.yml next to the repo; gate PRs on green threat-model run; reviewers diff threat changes alongside code. Snap requires this before any new agent / RAG ships — caught a missing tool-allow-list before the agent went live last quarter.
threat-model-workbench · STRIDE-for-LLM + ATLAS
YAML threat model + MITRE ATLAS mapper + Markdown report. Design-review checkpoint for any new LLM service.
services:
workbench:
image: python:3.11-slim
working_dir: /app
volumes:
- ./src:/app/src:ro
- ./threats:/app/threats:ro
- ./reports:/app/reports
- ./requirements.txt:/app/requirements.txt:ro
environment:
ATLAS_DB: /app/threats/atlas-techniques.json
STRIDE_REQUIRED: "S,T,R,I,D,E"
command: >-
bash -c "pip install -q -r requirements.txt && python -m src.lint /app/threats/threats.yml && python -m src.report /app/threats/threats.yml --out /app/reports/threat-model.md"
Make this the design-review checkpoint for any new LLM service. Drop a threats.yml next to the repo; gate PRs on green threat-model run; reviewers diff threat changes alongside code. Snap requires this before any new agent / RAG ships — caught a missing tool-allow-list before the agent went live last quarter.