Threat Persistence and Tracking
Track threats across scans with a git-friendly threat model file. Manage threat lifecycle from detection through resolution with drift detection.
Scan results saved to .threatmodel.yaml, creating a persistent record designed to be committed to your repository.
Manage threats through new, accepted, mitigated, and false_positive statuses.
Compare current infrastructure against saved threat model to identify new, changed, and resolved threats.
YAML format with clean diffs, designed for pull request reviews and version control workflows.
How It Works
Scan results are saved to .threatmodel.yaml (configurable), creating a persistent record of all detected threats. This file is designed to be committed to your repository.
Threat Lifecycle
| Status | Meaning |
|---|---|
new | Newly detected threat |
accepted | Risk acknowledged and accepted |
mitigated | Remediation applied |
false_positive | Determined to be non-applicable |
Managing Threats
| |
Commit .threatmodel.yaml to version control to track changes over time.
Drift Detection
The check-drift command compares current infrastructure against the saved threat model to identify:
- New threats introduced since last scan
- Previously accepted threats that have changed
- Resolved threats that are no longer detected
| |
The check-drift command never modifies .threatmodel.yaml, making it safe for CI pipelines.
See it in action
Track threats across scans with persistent state and drift detection for continuous security monitoring.
Ready to Secure Your Infrastructure?
Join teams already using ThreatMitigator to identify security threats in their Terraform, CloudFormation, Docker, and Helm configurations.