Get Started with ThreatMitigator

Start identifying security threats in your infrastructure configurations in minutes.

Installation

1
2
# Install
cargo install --path crates/threatmitigator-cli

For enterprise customers, pre-built binaries are available for Linux (x86_64, ARM64), macOS (Intel, Apple Silicon), and Windows (x86_64). Contact sales@threatmitigator.app for access.

Quick Start

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
# Initialize threat modeling in your project
threatmitigator init

# Scan Terraform files
threatmitigator scan terraform ./infra

# Get AI-powered remediation advice
export ANTHROPIC_API_KEY="your-key"
threatmitigator query THREAT-ID "How do I fix this?"

# CI/CD drift detection
threatmitigator check-drift ./infra --format sarif --severity-threshold high

CLI Commands

Command	Alias	Description
`scan terraform <PATH>`	`s tf`	Scan Terraform files for security threats
`scan python <PATH>`	`s py`	Scan Python code for vulnerabilities
`scan dfd <PATH>`	`s dfd`	Generate threat model from DFD specification
`discover <PATH>`	`d`	Scan source code for network connections and generate DFDs
`query <ID> <QUESTION>`	`q`	Get AI-powered mitigation suggestions for a specific threat
`init [TARGET]`	`i`	Initialize threat modeling in a project
`check-drift <PATH>`	`drift`	CI-optimized security drift detection
`completions <SHELL>`	-	Generate shell completions (bash, zsh, fish, PowerShell)

Global Flags

Flag	Description
`--verbose` / `-v`	Increase logging verbosity (repeatable: `-v`, `-vv`, `-vvv`)
`--quiet` / `-q`	Suppress non-essential output
`--no-color`	Disable colored output
`--config` / `-c`	Path to configuration file
`--format`	Output format (json, yaml, sarif, markdown, pdf, table)

Configuration

Configuration File

All options can be set in .threatmitigator.toml:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
[scan]
format = "yaml"
min_severity = "low"
categories = ["Spoofing", "Tampering", "InformationDisclosure"]

[ai]
provider = "anthropic"
model = "claude-3-5-sonnet-20241022"

[output]
colorize = true

[[plugins]]
name = "custom-scanner"
path = "/usr/local/bin/threatmitigator-plugin-custom"
timeout_secs = 30

Configuration Precedence

Command-line flags (highest priority)
Environment variables (THREATMITIGATOR_* prefix)
Configuration file (.threatmitigator.toml)
Built-in defaults

Severity Filtering

1
2
3
4
5
6
7
8
# Only show High and Critical threats
threatmitigator scan terraform ./infra --min-severity high

# Exclude specific rules
threatmitigator scan terraform ./infra --exclude-rules "TM-S3-001,TM-IAM-003"

# Filter by STRIDE category
threatmitigator scan terraform ./infra --categories "Spoofing,Tampering"

Review Detected Threats

Examine the results:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
threats:
  - id: T-AWS-S3-001
    category: InformationDisclosure
    severity: high
    title: S3 bucket allows public access
    description: Bucket exposes data to the internet
    resource: aws_s3_bucket.example
    file: main.tf
    line: 15
    mitigation: Enable S3 Block Public Access

Enable AI Remediation (Optional)

Get intelligent fix recommendations:

1
2
3
4
5
# Set up your API key
export ANTHROPIC_API_KEY="sk-ant-..."

# Query specific threats
threatmitigator query T-AWS-S3-001 "How do I fix this?"

Supported providers:

OpenAI: Set OPENAI_API_KEY
Anthropic: Set ANTHROPIC_API_KEY
Ollama: Set OLLAMA_HOST (e.g., http://localhost:11434)

Track Threats Over Time

Mark threats as accepted, mitigated, or false positive:

1
2
3
4
5
6
7
8
# Accept a risk
threatmitigator accept T-AWS-S3-001 --reason "Public website bucket"

# Mark as mitigated
threatmitigator mitigate T-AWS-S3-002 --reason "Added encryption"

# Mark as false positive
threatmitigator dismiss T-AWS-S3-003 --reason "Not actually public"

Commit .threatmodel.yaml to version control to track changes over time.

Next Steps

Read the Documentation - Full documentation
Create Custom Policies - Custom policies guide
Contact Support - Get help from our team at support@threatmitigator.app

Need Help?

Documentation: docs.threatmitigator.app
Support: support@threatmitigator.app
Sales: sales@threatmitigator.app