Features
STRIDE Detection IaC Support Rego Policy Engine AI Analysis Discovery & DFDs CI/CD Integration Output Formats Plugin System Threat Tracking Performance
Security Documentation
Documentation Get Started
Code Analysis

Discovery and Data Flow Diagrams

Scan application source code to automatically detect network connections and generate Data Flow Diagrams for threat modeling.

Connection Detection

Identifies connections across 10 categories including HTTP, databases, gRPC, message queues, cloud SDKs, and more.

Security Annotations

Each connection is enriched with encryption status, authentication mechanism, trust zone classification, and data sensitivity.

Multi-Language Support

Scan Python, Go, and Rust source code to discover network connections for DFD generation.

Multiple Output Formats

Generate DFDs as YAML, JSON, or quick summary views for programmatic and human consumption.

Automatic Connection Discovery

The discover command scans application source code to automatically detect network connections and generate Data Flow Diagrams for threat modeling.

Connection Detection

Identifies connections across 10 categories:

CategoryExamples
HTTP/HTTPSREST APIs, webhooks, external service calls
DatabasesPostgreSQL, MySQL, MongoDB, Redis, DynamoDB
gRPCService-to-service RPC definitions
Message QueuesKafka, RabbitMQ, AMQP, SQS
Cloud SDKsAWS, Azure, GCP service clients
WebSocketsReal-time communication channels
EmailSMTP, SendGrid, SES integrations
File StorageS3, GCS, Azure Blob connections
AuthenticationOAuth, SAML, LDAP connections
CachingRedis, Memcached, ElastiCache

Application Code Scanning

LanguageDetection
PythonSecurity vulnerability scanning
GoNetwork connection discovery for DFD generation
RustNetwork connection discovery for DFD generation

Security Annotations

Each detected connection is enriched with:

  • Encryption status (TLS/plaintext)
  • Authentication mechanism
  • Trust zone classification
  • Data sensitivity level

This context feeds directly into STRIDE threat analysis, helping identify spoofing risks at unauthenticated endpoints, tampering risks on unencrypted connections, and information disclosure through unprotected data flows.

Output

1
2
3
4
5
6
7
8

# Generate DFD as YAML
threatmitigator discover ./src --format yaml --output dfd.yaml

# JSON for programmatic use
threatmitigator discover ./src --format json

# Quick summary
threatmitigator discover ./src --format summary

Example Output

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

scan_summary:
  languages_detected: [Python, Go]
  total_connections: 47
  scan_duration: 8.3s

database_connections:
  - type: PostgreSQL
    encryption: encrypted
    location: src/db/repository.py:15
    confidence: 95%

api_connections:
  - type: HTTPS
    protocol: REST
    location: src/api/client.go:45
    direction: outbound
    authentication: bearer_token

message_queues:
  - type: Kafka
    encryption: ssl
    location: src/streams/consumer.go:89
    brokers: [kafka-1:9093, kafka-2:9093]

Integration with IaC Scanning

ThreatMitigator combines Infrastructure as Code scanning with the Discovery command for complete coverage:

IaC Scanning Finds:

  • Cloud resource configurations (EC2, S3, RDS, etc.)
  • Network security groups and firewall rules
  • IAM policies and permissions

Discovery Adds:

  • Application-level API connections
  • Third-party service dependencies
  • Database connections from code
  • Message queue usage patterns
  • Authentication flow details

Combined Result: Complete attack surface map showing both infrastructure and application-level threats.

See it in action

Discover hidden attack surfaces by scanning application code for network connections and data flows.

Demo

Ready to Secure Your Infrastructure?

Join teams already using ThreatMitigator to identify security threats in their Terraform, CloudFormation, Docker, and Helm configurations.

Get Started Free View Documentation