Open Source Security Atlas

Name: github-integration-example
Author: Threagile

github-integration-example: An Open Source Template for Governance, Risk, and Compliance (GRC) | Open Source Security Atlas

Back to Browse

Governance, Risk, and Compliance (GRC)

Template

github-integration-example

A template repository demonstrating how to integrate the Threagile agile threat modeling tool into GitHub workflows for automated risk assessment and compliance auditing.

Visit Website View on GitHub

About This Tool

Example of how to integrate Threagile into GitHub workflows

Primary Use Case

This repository serves as a practical example for security teams and DevOps engineers to automate threat modeling within their CI/CD pipelines using GitHub Actions. It is designed to trigger threat model analysis and generate comprehensive security reports whenever the threat model input file changes, enabling continuous risk assessment and governance compliance.

Key Features

Integration of Threagile into GitHub workflows
Automated execution on changes to threagile.yaml threat model file
Generation of data-flow diagrams (DFD), PDF reports, Excel and JSON exports
Preservation of generated artifacts in GitHub Actions
Storage of output files within the repository for easy referencing
Open-source GitHub Action usage (run-threagile-action)
Template repository for customization to fit specific workflows

Insights & Recommendations

This repository is a template and does not contain a real project source code; users should replace the example threagile.yaml with their actual threat model input. The workflow depends on the open-source run-threagile-action available in the GitHub Actions marketplace. Best practice is to customize the workflow and threat model input to fit the specific security governance and compliance requirements of your project.

Installation

Fork or clone this example repository
Modify or replace the threagile.yaml file with your own threat model input
Customize the GitHub workflow (.github/workflows/main.yaml) if needed
Commit and push changes to trigger the workflow automatically

Usage

Push changes to threagile.yaml

Triggers the GitHub workflow to run the run-threagile-action and generate threat modeling outputs

Smart Usage Notes

Integrate this template into existing CI/CD pipelines to enable continuous threat modeling and automated risk assessment.
Use generated threat model reports to prioritize remediation efforts and compliance auditing.
Customize the workflow to trigger on additional events such as pull requests or scheduled scans for proactive security posture management.
Leverage output artifacts for automated security documentation and audit evidence.
Combine with vulnerability scanning tools to enrich threat models with real-time findings.