OWASP Threat Dragon

note that this page is out of date, see the latest version 1.x documentation

Threat Dragon comes in two variants, a desktop application and a web application.

Desktop application install instructions

Installers can be downloaded from the OWASP GitHub area:

  • Windows (64 bit) installer
  • MacOS installer
  • Linux snap, AppImage, debian and rpm installers

Linux installer and AppImage

It is probably simpler to use the AppImage for most Linux platforms, but packages for both Debian and Fedora Linux on AMD64 and X86-64bit platforms can also be downloaded from the github release area.

Alternatively a platform independent Snap image is available via the official snapcraft distribution.

MacOS installer

Download the .dmg MacOS installer from the github release area. Open the download and drag ‘OWASP Threat Dragon’ to the application directory. When the copy has finished then Threat Dragon can be run from Apple Launchpad or using Finder -> Applications.

Threat Dragon is notarized by Apple, but if an error message pops up when running for the first time, along the lines of ‘“OWASP-Threat-Dragon” can’t be opened because Apple cannot check it for malicious software’ then follow this FAQ to resolve this.

There may be different error messages for older versions of Threat Dragon, in which case try this FAQ for a solution.

If you decide to use the MacOS .zip file then be sure to read this FAQ first. If you run into problems then consider using the .dmg download instead.

Windows installer

Download the Windows .exe NSIS installer from the github release area. Run the installer and invoke the application from the shortcut.

Windows may warn you that this is an application downloaded from the internet and ask you if you want to keep it. Assuming that you can trust the github download site, agree to keep the file and the installer will then run.

Windows download warning

Run the installer either from the file icon in your download area or from a command line:

.\OWASP-Threat-Dragon-Setup-1.6.1.exe /S /D=C:\Test

Uninstall using a similar command: 'C:\tmp\Uninstall OWASP-Threat-Dragon.exe'. Note the single quotes because there is a space in the uninstall command name.

Command line using npm

For the latest versions of code between releases, npm can be used to install and run Threat Dragon Desktop locally:

git clone https://github.com/owasp/threat-dragon
cd threat-dragon/td.desktop
npm install
npm run build

Then to run it:

npm start

There is a command line interface, run help to see what commands are available:

npm run help

For example to export a given threat model file to pdf :

npm run pdf ./threat-model.json