• NEW: the colormap and RevealMD template features.

What's Changed

• Added a first draft for #234 by @raphaelahrens in https://github.com/izar/pytm/pull/235
• Update scorecard.yml by @izar in https://github.com/izar/pytm/pull/236
• Added prerequisites and likelihood to Threat by @raphaelahrens in https://github.com/izar/pytm/pull/241
• Fixed #221 Got an error "AttributeError: 'str' ... by @raphaelahrens in https://github.com/izar/pytm/pull/242
• Revealjs & update scorecard action version by @izar in https://github.com/izar/pytm/pull/240

Full Changelog: izar/pytm@v1.3.0...v1.3.1

• colormap flag added to paint risk on DFDs
• many bug fixes

What's Changed

• Update docs by @nineinchnick in https://github.com/izar/pytm/pull/161
• Added datastore.png to setup.py by @raphaelahrens in https://github.com/izar/pytm/pull/162
• Finding.id should be a str by @nineinchnick in https://github.com/izar/pytm/pull/158
• Add missing dependencies in Dockerfile by @nineinchnick in https://github.com/izar/pytm/pull/164
• Fixed sample threat model in README.md by @jnk22 in https://github.com/izar/pytm/pull/168
• [Snyk] Security upgrade python from 3.9.5-alpine3.13 to 3.10.0rc1-alpine3.13 by @snyk-bot in https://github.com/izar/pytm/pull/166
• Added the list-element command by @raphaelahrens in https://github.com/izar/pytm/pull/167
• Added the --list-elements command to the readme by @raphaelahrens in https://github.com/izar/pytm/pull/169
• An empty threat model with ignoreUnused throws an error by @raphaelahrens in https://github.com/izar/pytm/pull/170
• Removed the obsolete use of Strings as data by @raphaelahrens in https://github.com/izar/pytm/pull/171
• HTML escaping missed the 'target' field when cleaning Findings by @izar in https://github.com/izar/pytm/pull/173
• Added output encoding for each Element's findings data by @nozmore in https://github.com/izar/pytm/pull/176
• Assumptions by @nozmore in https://github.com/izar/pytm/pull/182
• Updated report test to write the generated report file to disk, simil… by @nozmore in https://github.com/izar/pytm/pull/181
• Fix: Excluded threat IDs are ignored when using --exclude argument by @jnk22 in https://github.com/izar/pytm/pull/174
• Add enum for DatastoreType used in Datastore objects, removed isSQL, … by @nozmore in https://github.com/izar/pytm/pull/179
• Added Controls class as an Element instance variable, moved control b… by @nozmore in https://github.com/izar/pytm/pull/177
• TemplateEngine improvements, updated template.md by @nozmore in https://github.com/izar/pytm/pull/155
• [Snyk] Security upgrade python from 3.10.0rc1-alpine3.13 to 3.10-alpine3.13 by @snyk-bot in https://github.com/izar/pytm/pull/185
• [Snyk] Security upgrade python from 3.10.0rc1-alpine3.13 to 3-alpine3.13 by @snyk-bot in https://github.com/izar/pytm/pull/184
• [Snyk] Security upgrade python from 3-alpine3.13 to 3.11.0a5-slim-bullseye by @snyk-bot in https://github.com/izar/pytm/pull/189
• [Snyk] Security upgrade python from 3.11.0a5-slim-bullseye to 3.11-rc-slim by @snyk-bot in https://github.com/izar/pytm/pull/191
• Adding uniqueId and includeOrder by @per-oestergaard in https://github.com/izar/pytm/pull/190
• Revert "Adding uniqueId and includeOrder" by @izar in https://github.com/izar/pytm/pull/192
• Improve testing by @per-oestergaard in https://github.com/izar/pytm/pull/193
• Correct base image to use Python's Alpine image by @xee5ch in https://github.com/izar/pytm/pull/197
• Update LICENSE by @colesmj in https://github.com/izar/pytm/pull/199
• Include all tests (test_*.py) by @per-oestergaard in https://github.com/izar/pytm/pull/194
• Adding in the Controls and DatastoreType classes to documentation by @jharnois4512 in https://github.com/izar/pytm/pull/201
• Add additional test cases for threat DE01 by @danieldavidson in https://github.com/izar/pytm/pull/205
• [Snyk] Security upgrade python from 3.11-rc-alpine to 3.12-rc-alpine by @izar in https://github.com/izar/pytm/pull/206
• Upgrade CodeSee workflow to version 2 in https://github.com/izar/pytm/pull/209
• Bringing things up to snuff by @izar in https://github.com/izar/pytm/pull/217
• Limit permissions by @izar in https://github.com/izar/pytm/pull/210
• Fixing issue 218 by @izar in https://github.com/izar/pytm/pull/219
• Corrected the Overide example by @raphaelahrens in https://github.com/izar/pytm/pull/225
• Added Error handling for User errors by @raphaelahrens in https://github.com/izar/pytm/pull/226
• fix 'make MODEL=bla' which is currently broken in master by @dglynos in https://github.com/izar/pytm/pull/227
• README : updated the #creating-a-threat-model with an example of a Da… by @FinestMaximus in https://github.com/izar/pytm/pull/228
• Colormap by @izar in https://github.com/izar/pytm/pull/229

New Contributors

• @jnk22 made their first contribution in https://github.com/izar/pytm/pull/168
• @snyk-bot made their first contribution in https://github.com/izar/pytm/pull/166
• @per-oestergaard made their first contribution in https://github.com/izar/pytm/pull/190
• @xee5ch made their first contribution in https://github.com/izar/pytm/pull/197
• @jharnois4512 made their first contribution in https://github.com/izar/pytm/pull/201
• @danieldavidson made their first contribution in https://github.com/izar/pytm/pull/205
• @dglynos made their first contribution in https://github.com/izar/pytm/pull/227
• @FinestMaximus made their first contribution in https://github.com/izar/pytm/pull/228

Full Changelog: izar/pytm@v1.2.0...v1.3.0

In this release, we are aiming at clearer reports and some more data-oriented facilities.

Breaking changes

• Replace usesLatestTLSversion with minTLSVersion in assets and tlsVersion in data flows #123
• When the data attribute of elements is initialied with a string, convert it to a Data object with undefined as name and the string as description; change the default classification from PUBLIC to UNKNOWN #148

New features

• Separate actors and assets from elements when dumping the model to JSON #150
• Add unique Finding ids #154
• Allow to associate the threat model script with source code files and check their age difference #145
• Adapt the DFD3 notation #143
• Allow to override findings (threats) attributes #137
• Allow to mark data as PII or credentials and check if it's protected #127
• Added '--levels' - every element now has a 'levels' attribute, a list of integers denoting different DFD levels for rendering
• Added HTML docs using pdoc #110
• Added checksDestinationRevocation attribute to account for certificate revocation checks #109

Bug fixes

• Escape HTML entities in Threat attributes #149
• Fix generating reports for models with a Datastore that has isEncryptedAtRest set and a Data that has isStored set #141
• Fix condition on the Data Leak threat so it does not always match #139
• Fixed printing the data attribute in reports #123
• Added a markdown file with threats #126
• Fixed drawing nested boudnaries #117
• Add missing provideIntegrity attribute in Actor and Asset classes #116

• Added Poetry #108
• Fix drawing DFDs for nested Boundaries #107

Breaking changes

• Removed HandlesResources attribute from the Process class, which duplicates handlesResources
• Change default Dataflow.dstPort attribute value from 10000 to -1

New features

• Add dump of elements and findings to sqlite database using "--sqldump " (with result in ./sqldump/) #103
• Add Data element and DataLeak finding to support creation of a data dictionary separate from the model #104
• Add JSON input #105
• Add JSON output #102
• Use numbered dataflow labels in sequence diagram #94
• Move authenticateDestination to base Element #88
• Assign inputs and outputs to all elements #89
• Allow detecting and/or hiding duplicate dataflows by setting TM.onDuplicates #100
• Ignore unused elements if TM.ignoreUnused is True #84
• Assign findings to elements #86
• Add description to class attributes #91
• New Element methods to be used in threat conditions #82
• Provide a Docker image and allow running make targets in a container #87
• Dataflow inherits source and/or sink attribute values #79
• Merge edges in DFD when TM.mergeResponses is True; allow marking Dataflow as responses #76
• Automatic ordering of dataflows when TM.isOrdered is True #66
• Loading a custom threats file by setting TM.threatsFile #68
• Setting properties on init #67
• Wrap long labels in DFDs #65

Bug fixes

• Ensure all items have correct color, based on scope #93
• Add missing server isResilient property #63
• Advanced templates in repeat blocks #81
• Produce stable diagrams #79
• Allow overriding classes #64

pytm-1.1.0.tar.gz