threatcl
« Back to VersTracker
Description:
Documenting your Threat Models with HCL
Type: Formula  |  Latest Version: 0.3.0@0  |  Tracked Since: Nov 15, 2025
Links: Homepage  |  GitHub  |  formulae.brew.sh
Stars: 440  |  Forks: 22  |  Language: Go  |  Category: Security
Tags: threat-modeling security hcl devsecops cli
Install: brew install threatcl
About:
threatcl is a command-line interface (CLI) tool designed for creating and managing threat models using HashiCorp Configuration Language (HCL). It allows security engineers and developers to define assets, threats, and mitigations in a structured, version-controllable format. The tool validates these definitions and can generate reports, providing a programmatic and automated approach to security documentation.
Key Features:
  • Declarative threat modeling using HCL
  • Validation of threat model syntax and structure
  • Report generation in multiple formats (e.g., JSON, Markdown)
  • Integration into CI/CD pipelines for automated security checks
Use Cases:
  • Automating threat model creation within a DevSecOps workflow
  • Maintaining a version-controlled, machine-readable inventory of security threats and mitigations
  • Generating consistent and up-to-date security documentation for audits and reviews
Alternatives:
  • ThreatSpec – threatcl focuses on HCL-based definitions and CLI workflows, while ThreatSpec is another approach for linking threats directly to code.
  • Microsoft Threat Modeling Tool – threatcl is code-centric and integrates with developer workflows, whereas the Microsoft tool is a GUI-based application for drawing data flow diagrams.
Version History
Detected Version Rev Change Commit
Dec 26, 2025 5:22am 0.3.0 0 VERSION_BUMP c103bdb0
Dec 25, 2025 3:07am 0.2.8 0 VERSION_BUMP ec921d28
Nov 15, 2025 11:25am 0 VERSION_BUMP e42a0d4d
Sep 12, 2025 12:59am 0 VERSION_BUMP 98ec6ba6