mirror of
https://github.com/github/awesome-copilot.git
synced 2026-04-12 19:25:55 +00:00
afba5b86b8
* Add threat-model-analyst skill: STRIDE-A threat modeling for repositories Add a comprehensive threat model analysis skill that performs security audits using STRIDE-A (STRIDE + Abuse) threat modeling, Zero Trust principles, and defense-in-depth analysis. Supports two modes: - Single analysis: full STRIDE-A threat model producing architecture overviews, DFD diagrams, prioritized findings, and executive assessments - Incremental analysis: security posture diff between baseline report and current code, producing standalone reports with embedded comparison Includes bundled reference assets: - Orchestrator workflows (full and incremental) - Analysis principles and verification checklists - Output format specifications and skeleton templates - DFD diagram conventions and TMT element taxonomy * Address PR review comments from Copilot reviewer - Fix SKILL.md description: use single-quoted scalar, rename mode (2) to 'Incremental analysis' with accurate description - Replace 'Compare Mode (Deprecated)' sections with 'Comparing Commits or Reports' redirect (no deprecated language for first release) - Fix skeleton-findings.md: move Tier 1 table rows under header, add CONDITIONAL-EMPTY block after END-REPEAT (matching Tier 2/3 structure) - Fix skeleton-threatmodel.md and skeleton-architecture.md: use 4-backtick outer fences to avoid nested fence conflicts with inner mermaid fences - Fix skeleton-incremental-html.md: correct section count from 9 to 8 - Fix output-formats.md: change status 'open' to 'Open' in JSON example, move stride_category warning outside JSON fence as blockquote - Fix incremental-orchestrator.md: replace stale compare-output-formats.md reference with inline color conventions - Regenerate docs/README.skills.md with updated description * Address second round of Copilot review comments - Fix diagram-conventions.md: bidirectional flow notation now uses <--> matching orchestrator.md and DFD templates - Fix tmt-element-taxonomy.md: normalize SE.DF.SSH/LDAP/LDAPS to use SE.DF.TMCore.* prefix consistent with all other data flow IDs - Fix output-formats.md: correct TMT category example from SQLDatabase to SQL matching taxonomy, fix component type from 'datastore' to 'data_store' matching canonical enum, remove DaprSidecar from inbound_from per no-standalone-sidecar rule - Fix 5 skeleton files: clarify VERBATIM instruction to 'copy the template content below (excluding the outer code fence)' to prevent agents from wrapping output in markdown fences - Genericize product-specific names in examples: replace edgerag with myapp, BitNetManager with TaskProcessor, AzureLocalMCP with MyApp.Core, AzureLocalInfra with OnPremInfra, MilvusVectorDB with VectorDB * Address third round of Copilot review comments - Fix diagram-conventions.md: second bidirectional two-arrow pattern in Quick Reference section now uses <--> - Fix incremental-orchestrator.md: renumber HTML sections 5-9 to 4-8 matching skeleton-incremental-html.md 8-section structure - Fix output-formats.md: add incremental-comparison.html to File List as conditional output for incremental mode - Fix skeleton-inventory.md: add tmt_type, sidecars, and boundary_kind fields to match output-formats.md JSON schema example
5.3 KiB
5.3 KiB
Skeleton: threat-inventory.json
⛔ Use EXACT field names shown below. Common errors:
display_name(wrong→display),category(wrong→stride_category),name(wrong→title). ⛔ The template below is shown inside a code fence for readability only — do NOT include the fence in the output file. The.jsonfile must start with{on line 1.
{
"schema_version": "[FILL: 1.0 for standalone, 1.1 for incremental]",
"report_folder": "[FILL: threat-model-YYYYMMDD-HHmmss]",
"commit": "[FILL: short SHA]",
"commit_date": "[FILL: commit date UTC]",
"branch": "[FILL]",
"repository": "[FILL: remote URL]",
"analysis_timestamp": "[FILL: UTC timestamp]",
"model": "[FILL]",
"components": [
[REPEAT: sorted by id]
{
"id": "[FILL: PascalCase]",
"display": "[FILL: display name — NOT display_name]",
"type": "[FILL: process / external_service / data_store / external_interactor]",
"tmt_type": "[FILL: SE.P.TMCore.* / SE.EI.TMCore.* / SE.DS.TMCore.* from tmt-element-taxonomy.md]",
"boundary": "[FILL: boundary ID]",
"boundary_kind": "[FILL: MachineBoundary / NetworkBoundary / ClusterBoundary / ProcessBoundary / PrivilegeBoundary / SandboxBoundary]",
"aliases": [],
"source_files": ["[FILL: relative paths]"],
"source_directories": ["[FILL: relative dirs]"],
"fingerprint": {
"component_type": "[FILL: process / external_service / data_store / external_interactor]",
"boundary_kind": "[FILL: MachineBoundary / NetworkBoundary / ClusterBoundary / ProcessBoundary / PrivilegeBoundary / SandboxBoundary]",
"source_files": ["[FILL: relative paths]"],
"source_directories": ["[FILL: relative dirs — MUST NOT be empty for process-type]"],
"class_names": ["[FILL]"],
"namespace": "[FILL]",
"config_keys": [],
"api_routes": [],
"dependencies": [],
"inbound_from": ["[FILL: component IDs that send data TO this component]"],
"outbound_to": ["[FILL: component IDs this component sends data TO]"],
"protocols": ["[FILL: gRPC / HTTPS / SQL / etc.]"]
},
"sidecars": ["[FILL: co-located sidecar names, or empty array]"]
}
[END-REPEAT]
],
"boundaries": [
[REPEAT: sorted by id]
{
"id": "[FILL: PascalCase boundary ID]",
"display": "[FILL]",
"kind": "[FILL: MachineBoundary / NetworkBoundary / ClusterBoundary / ProcessBoundary / PrivilegeBoundary / SandboxBoundary]",
"aliases": [],
"contains": ["[FILL: component IDs]"],
"contains_fingerprint": "[FILL: sorted pipe-delimited component IDs]"
}
[END-REPEAT]
],
"flows": [
[REPEAT: sorted by id]
{
"id": "[FILL: DF_Source_to_Target]",
"from": "[FILL: component ID]",
"to": "[FILL: component ID]",
"protocol": "[FILL]",
"description": "[FILL: 1 sentence max]"
}
[END-REPEAT]
],
"threats": [
[REPEAT: sorted by id then identity_key.component_id]
{
"id": "[FILL: T##.X]",
"title": "[FILL: short title — REQUIRED]",
"description": "[FILL: 1 sentence — REQUIRED]",
"stride_category": "[FILL: S/T/R/I/D/E/A — SINGLE LETTER, NOT full word]",
"tier": [FILL: 1/2/3],
"prerequisites": "[FILL]",
"status": "[FILL: Open/Mitigated/Platform]",
"mitigation": "[FILL: 1 sentence or empty]",
"identity_key": {
"component_id": "[FILL: PascalCase — MUST be inside identity_key, NOT top-level]",
"data_flow_id": "[FILL: DF_Source_to_Target]",
"stride_category": "[FILL: S/T/R/I/D/E/A]",
"attack_surface": "[FILL: brief description of the attack surface]"
}
}
[END-REPEAT]
],
"findings": [
[REPEAT: sorted by id then identity_key.component_id]
{
"id": "[FILL: FIND-##]",
"title": "[FILL]",
"severity": "[FILL: Critical/Important/Moderate/Low]",
"cvss_score": [FILL: N.N],
"cvss_vector": "[FILL: CVSS:4.0/AV:...]",
"cwe": "[FILL: CWE-###]",
"owasp": "[FILL: A##:2025]",
"tier": [FILL: 1/2/3],
"effort": "[FILL: Low/Medium/High]",
"related_threats": ["[FILL: T##.X]"],
"evidence_files": ["[FILL: relative paths]"],
"component": "[FILL: display name]",
"identity_key": {
"component_id": "[FILL: PascalCase]",
"vulnerability": "[FILL: CWE-###]",
"attack_surface": "[FILL: file:key or endpoint]"
}
}
[END-REPEAT]
],
"metrics": {
"total_components": [FILL],
"total_boundaries": [FILL],
"total_flows": [FILL],
"total_threats": [FILL],
"total_findings": [FILL],
"threats_by_tier": { "T1": [FILL], "T2": [FILL], "T3": [FILL] },
"findings_by_tier": { "T1": [FILL], "T2": [FILL], "T3": [FILL] },
"threats_by_stride": { "S": [FILL], "T": [FILL], "R": [FILL], "I": [FILL], "D": [FILL], "E": [FILL], "A": [FILL] },
"findings_by_severity": { "Critical": [FILL], "Important": [FILL], "Moderate": [FILL], "Low": [FILL] }
}
}
MANDATORY field name compliance:
"display"— NOT"display_name","name""stride_category"— NOT"category"— SINGLE LETTER (S/T/R/I/D/E/A)"title"AND"description"— both required on every threatidentity_key.component_id— component link INSIDE identity_key, NOT top-level- Sort all arrays deterministically before writing