Threat Dragon is a community project and new contributors are always welcome
When contributing:
- see if there is already an issue for what you want to do
- get started by following the developer notes
- keep the test coverage high with unit tests and functional tests
- follow our Code of Conduct
- ensure that unit tests have been extended or created for any code changes
- if the contribution changes the functionality then ensure that the functional tests are created or modified
- the use of generative AI is not prohibited but must be declared in the pull request
If you have a question or problem relating to using Threat Dragon then the first thing to do is to check the Frequently Asked Questions tab on the OWASP project page. Threat Dragon documentation is available online.
If this does not help then one of the leaders / collaborators should be able to help.
If you have found a bug then raise an issue on Threat Dragon, and make sure you have logged into github first.
It is worth checking to see if its already been reported, and including as much information as you can to help us diagnose your problem.
If you think you have found a vulnerability in Threat Dragon then please report it to our leaders / collaborators.
We are always very grateful to researchers who report vulnerabilities responsibly and are very happy to give all credit for the valuable assistance they provide.
If you have a suggestion for new functionality then you can raise this request as an issue on Threat Dragon.
Worth checking to see if its already been reported, and include as much information as you can so that we can fully understand your requirements.
There is always lots of coding to be done! Threat Dragon welcomes contributions and issues: TD github repo
Threat Dragon: making threat modeling less threatening