Home
Packages for both Debian and Fedora Linux on AMD64 and X86-64bit platforms can be downloaded from the releases folder, along with Snap and AppImage images.
The .dmg installer for MacOS can be downloaded from the releases folder. Open the download and drag 'OWASP Threat Dragon' to the application directory. When the copy has finished then Threat Dragon can be run from launchpad or Finder -> Applications.
If an error message pops up when running for the first time, along the lines of 'OWASP Threat Dragon cannot be opened because the developer cannot be verified' or '"OWASP ZAP” cannot be opened because the developer cannot be verified, macOS cannot verify that this app is free from malware' then follow this FAQ to resolve this.
The .exe installer for Windows can be downloaded from the releases folder.
Windows will warn you that this is an application downloaded from the internet and ask you if you want to keep it. We assume that you trust the github download site, so agree to keep the file and the installer will then download. Run the installer either from the file icon in your download area or from a command line:
.\OWASP-Threat-Dragon-Setup-1.6.1.exe /S /D=C:\Test
Uninstall using a similar command: 'C:\tmp\Uninstall OWASP-Threat-Dragon.exe'.
Note the single quotes because there is a space in the uninstall command name.
For the latest versions of code between releases, npm can be used to install and run Threat Dragon locally:
git clone https://github.com/owasp/threat-dragon
cd threat-dragon/td.desktop
npm install
Then to run it:
npm run start
There is a limited command line interface, with help:
npm run help
For example to export a given threat model file to pdf :
npm run pdf ./threat-model.json