MCPcopy Index your code
hub / github.com/awslabs/threat-modeling-mcp-server

github.com/awslabs/threat-modeling-mcp-server @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
562 symbols 1,870 edges 37 files 510 documented · 91% updated 50d ago★ 62
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Threat Modeling MCP Server

A Model Context Protocol (MCP) server for comprehensive threat modeling with automatic code validation.

Table of Contents

Overview

This server provides tools for threat modeling, including business context analysis, architecture analysis, threat actor analysis, trust boundary analysis, asset flow analysis, code security validation and comprehensive report generation.

Architecture and Approach

This MCP Server calls the existing agent's LLM instead of making an external API or network call to a different service. It relies on existing client's LLM which could be Amazon-Q, Kiro or Cline.

This Threat Modeling MCP Server has three main functionalities: 1. Threat modeling phase or state management and prompt controlling. 2. Prompts steering, which controls the agent to go through a methodic approach to threat modeling using built in definitions of business risks, exposures, threat actors and use STRIDE in sequential order. 3. Data validation at every state or phase, which in turn produces actionable threat model report.

It also has tools to generate a final report in both Markdown and JSON exportable formats.

Key Advantages of this approach

  • This threat model follows the standard STRIDE approach to threat modeling in phases rather than quick conclusion of assets, boundaries and threats which can lead to hallucination or low quality output.
  • There is an effort by LLM to understand the business context of the project and make valid assumptions which can be controlled by the user.
  • The main advantage of using this local running threat modeling MCP server is that it leverages the client's existing LLM (Cline, Amazon-Q, Kiro). Any data which is processed or sent is limited to the client or other MCP servers you may have installed and invoked. This server doesn't call any other external APIs or send or receive data beyond calling the client's LLM or additional billing or tokens than what your client is already configured to use.
  • This threat modeling approach stores your threat model in the same repository as .threatmodel directory and you can evolve your threat model as your code, design and architecture evolves.
  • This threat model approach looks at the code if its present and updates the threats if they are already mitigated in the code level controls. You can rerun threat model once you fix your code and it should look at the fix to update the threat model quickly.

Quick Start Prompts and Examples on how to threat model with this MCP server

Note: Before using these prompts, you must first complete the Installation process to set up the MCP server.

Start a threat model

"Threat model this project using the threat modeling MCP Server"

Being specific in the prompt to use the threat modeling MCP Server will make sure the client (Cline/Kiro/etc) will follow the exact phases and methodology rather than taking short cut path and introduce hallucination in results.

Threat model a subproject or reduce the scope to a sub folder

"Threat model this subfolder using the threat modeling MCP Server"

Running it on a subfolder will limit the scope of threat model and code to that subfolder and save results as a .threatmodel directory within the subfolder.

Save the result of threat model

"Save the threat model report"

Validate the completeness of the threat modeling process

"Please complete all the phases in the threat model plan and then generate the final report."

Feed an architecture diagram image as input

"Threat model this project using the threat model MCP server and consider this architecture_image.png attached for this review"

Attempt remediating the threats

"Can you see if you can implement mitigation controls in the code based on the threats reported in the threat model"

Regenerate threat model based on code fixes

"Can you updated the threat model based on the code fixes which mitigated the reported threats"

More examples

# Set up context
"Set business context for an e-commerce payment system"

# Add architecture
"Add a web server component using AWS EC2"
"Add a database component using AWS RDS"

# Identify threats
"Add a threat where an attacker with network access performs SQL injection"

# Add mitigations
"Add a mitigation for input validation"

# Export results
"Export the threat model to my_model.json"

Key Features

  • Comprehensive Threat Modeling: Structured approach to identifying, evaluating, and addressing security risks
  • Automatic Code Validation: Detects code in the project directory and automatically validates the threat model against it
  • Business Context Analysis: Understand the business value and criticality of the system
  • Architecture Analysis: Document the system's technical architecture and data flows
  • Threat Actor Analysis: Identify potential adversaries and assess their capabilities
  • Trust Boundary Analysis: Identify trust zones and validate security controls at boundaries
  • Asset Flow Analysis: Track critical assets through the system
  • Threat Identification: Systematically identify potential threats using STRIDE methodology
  • Mitigation Planning: Develop strategies to address identified threats
  • Assumption Management: Tools for adding, listing, updating, and deleting assumptions in the threat model
  • Threat Generator: Tools for adding and managing threats in the model
  • Mitigation Management: Tools for managing mitigations and linking them to threats
  • Threat Model Guide: Step-by-step guidance through the threat modeling process
  • Data Model Types: Tools for exploring available data model types and enumerations

Prerequisites

Before installing the Threat Modeling MCP Server, ensure you have the following requirements:

Installation Requirements

  1. Install uvx from Astral or the GitHub README
  2. uvx is part of the uv package manager
  3. Verify installation: uvx --version

Installation

Once you have uvx installed and verified to be working, add the below configuation to your mcp.json config file. Depending on the what type of client your are using (kiro/cline/amazon-q) the location of this mcp.json will be different. Once you add the config and restart your IDE, the Threat Modeling MCP Server will be automatically be installed directly from this GitHub repository using uvx.

Note: The tools used by this mcp server for threat modeling are already added to the autoApprove for ease of user experience which enables seamless operation without manual approval prompts for each tool call. All tools are internal to the server and do not make external API calls. If you want to review each of the tools and approve it per invocation, then you need to replace the autoApprove array with this: "autoApprove": []

Configuration

Add the following to your MCP client configuration:

For Amazon Q (~/.aws/amazonq/mcp.json):

{
  "mcpServers": {
    "threat-modeling-mcp-server": {
      "command": "uvx",
      "args": [
        "--from",
        "git+https://github.com/awslabs/threat-modeling-mcp-server.git",
        "threat-modeling-mcp-server"
      ],
      "env": {
        "FASTMCP_LOG_LEVEL": "ERROR"
      },
      "disabled": false,
      "autoApprove": ["add_asset","add_assumption","add_component","add_component_to_zone","add_conn_to_crossing","add_connection","add_crossing_point","add_data_store","add_flow","add_mitigation","add_threat","add_threat_actor","add_trust_boundary","add_trust_zone","advance_phase","analyze_threat_actors","clear_architecture","clear_asset_flows","clear_business_context","clear_threat_actors","clear_trust_boundaries","delete_asset","delete_assumption","delete_component","delete_connection","delete_crossing_point","delete_data_store","delete_flow","delete_mitigation","delete_threat","delete_threat_actor","delete_trust_boundary","delete_trust_zone","execute_code_validation_step","execute_final_export_step","export_comprehensive_threat_model","export_threat_model_with_remediation_status","follow_threat_modeling_plan","generate_remediation_report","get_architecture_analysis_plan","get_asset","get_asset_flow_analysis_plan","get_assumption","get_business_context","get_business_context_analysis_plan","get_business_context_features","get_crossing_point","get_current_phase_status","get_data_model_types","get_flow","get_mitigation","get_phase_1_guidance","get_phase_2_guidance","get_phase_3_guidance","get_phase_4_guidance","get_phase_5_guidance","get_phase_6_guidance","get_phase_7_5_guidance","get_phase_7_guidance","get_phase_8_guidance","get_phase_9_guidance","get_threat","get_threat_actor","get_threat_model_progress","get_threat_modeling_plan","get_trust_boundary","get_trust_boundary_analysis_plan","get_trust_boundary_detection_plan","get_trust_zone","link_mitigation_to_threat","list_assets","list_assumptions","list_components","list_connections","list_crossing_points","list_data_models","list_data_stores","list_flows","list_mitigations","list_threat_actors","list_threats","list_trust_boundaries","list_trust_zones","remove_component_from_zone","remove_conn_from_crossing","reset_asset_flows","reset_threat_actors","set_business_context","set_threat_actor_priority","set_threat_actor_relevance","unlink_mitigation_from_threat","update_asset","update_assumption","update_component","update_connection","update_crossing_point","update_data_store","update_flow","update_mitigation","update_threat","update_threat_actor","update_trust_boundary","update_trust_zone","validate_business_context_completeness","validate_security_controls","validate_threat_model_against_code","validate_threat_remediation"]
    }
  }
}

For VSCode Cline:

{
  "mcpServers": {
    "threat-modeling-mcp-server": {
      "command": "uvx",
      "args": [
        "--from",
        "git+https://github.com/awslabs/threat-modeling-mcp-server.git",
        "threat-modeling-mcp-server"
      ],
      "env": {
        "FASTMCP_LOG_LEVEL": "ERROR"
      },
      "disabled": false,
      "autoApprove": ["add_asset","add_assumption","add_component","add_component_to_zone","add_conn_to_crossing","add_connection","add_crossing_point","add_data_store","add_flow","add_mitigation","add_threat","add_threat_actor","add_trust_boundary","add_trust_zone","advance_phase","analyze_threat_actors","clear_architecture","clear_asset_flows","clear_business_context","clear_threat_actors","clear_trust_boundaries","delete_asset","delete_assumption","delete_component","delete_connection","delete_crossing_point","delete_data_store","delete_flow","delete_mitigation","delete_threat","delete_threat_actor","delete_trust_boundary","delete_trust_zone","execute_code_validation_step","execute_final_export_step","export_comprehensive_threat_model","export_threat_model_with_remediation_status","follow_threat_modeling_plan","generate_remediation_report","get_architecture_analysis_plan","get_asset","get_asset_flow_analysis_plan","get_assumption","get_business_context","get_business_context_analysis_plan","get_business_context_features","get_crossing_point","get_current_phase_status","get_data_model_types","get_flow","get_mitigation","get_phase_1_guidance","get_phase_2_guidance","get_phase_3_guidance","get_phase_4_guidance","get_phase_5_guidance","get_phase_6_guidance","get_phase_7_5_guidance","get_phase_7_guidance","get_phase_8_guidance","get_phase_9_guidance","get_threat","get_threat_actor","get_threat_model_progress","get_threat_modeling_plan","get_trust_boundary","get_trust_boundary_analysis_plan","get_trust_boundary_detection_plan","get_trust_zone","link_mitigation_to_threat","list_assets","list_assumptions","list_components","list_connections","list_crossing_points","list_data_models","list_data_stores","list_flows","list_mitigations","list_threat_actors","list_threats","list_trust_boundaries","list_trust_zones","remove_component_from_zone","remove_conn_from_crossing","reset_asset_flows","reset_threat_actors","set_business_context","set_threat_actor_priority","set_threat_actor_relevance","unlink_mitigation_from_threat","update_asset","update_assumption","update_component","update_connection","update_crossing_point","update_data_store","update_flow","update_mitigation","update_threat","update_threat_actor","update_trust_boundary","update_trust_zone","validate_business_context_completeness","validate_security_controls","validate_threat_model_against_code","validate_threat_remediation"],
      "timeout": 60,
      "type": "stdio"
    }
  }
}

For Kiro (~/.kiro/settings/mcp.json): ```json { "mcpServers": { "threat-modeling-mcp-server": { "command": "uvx", "args": [ "--from", "git+https://github.com/awslabs/threat-modeling-mcp-server.git", "threat-modeling-mcp-server" ], "env": { "FASTMCP_LOG_LEVEL": "ERROR" }, "disabled": false, "autoApprove": ["add_asset","add_assumption","add_component","add_component_to_zone","add_conn_to_crossing","add_connection","add_crossing_point","add_data_store","add_flow","add_mitigation","add_threat","add_threat_actor","add_trust_boundary","add_trust_zone","advance_phase","analyze_threat_actors

Core symbols most depended-on inside this repo

batch_add
called by 37
threat_modeling_mcp_server/utils/batch_utils.py
validate_enum_with_enhanced_error
called by 37
threat_modeling_mcp_server/validation/enum_validator.py
get_phase_guidance
called by 25
threat_modeling_mcp_server/tools/step_orchestrator.py
add_threat_impl
called by 25
threat_modeling_mcp_server/tools/threat_generator.py
batch_delete
called by 22
threat_modeling_mcp_server/utils/batch_utils.py
initialize_trust_boundaries
called by 20
threat_modeling_mcp_server/tools/trust_boundary_analyzer.py
batch_update
called by 16
threat_modeling_mcp_server/utils/batch_utils.py
add_mitigation_impl
called by 15
threat_modeling_mcp_server/tools/threat_generator.py

Shape

Function 268
Method 180
Class 110
Route 4

Languages

Python100%

Modules by API surface

tests/test_models.py51 symbols
tests/test_threat_generator.py45 symbols
threat_modeling_mcp_server/tools/trust_boundary_analyzer.py44 symbols
tests/test_step_orchestrator.py43 symbols
threat_modeling_mcp_server/models/threat_models.py30 symbols
threat_modeling_mcp_server/tools/architecture_analyzer.py29 symbols
tests/test_batch_operations.py28 symbols
threat_modeling_mcp_server/tools/threat_generator.py27 symbols
threat_modeling_mcp_server/tools/asset_flow_analyzer.py27 symbols
tests/test_enum_validator.py24 symbols
threat_modeling_mcp_server/tools/threat_actor_analyzer.py22 symbols
threat_modeling_mcp_server/tools/step_orchestrator.py22 symbols

For agents

$ claude mcp add threat-modeling-mcp-server \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact