Loading...
Loading...
Run an AWS Security Agent threat model review on spec/design documents. Use when the user asks to review a spec for security, run a threat model, check if a design introduces security risks, review requirements.md or design.md for security posture changes, or STRIDE analysis.
npx skill4agent add aws/agent-toolkit-for-aws threat-modeling-with-aws-security-agentrequirements.mddesign.md.security-agent/config.jsonagent_space_idregionsetup-security-agent| Placeholder | How to resolve |
|---|---|
| |
| |
| |
| |
| |
requirements.mddesign.mdcd <absolute-workspace-path>
zip -r /tmp/source.zip . \
-x ".git/*" -x ".security-agent/*" -x "node_modules/*" \
-x "__pycache__/*" -x ".venv/*" -x "venv/*" \
-x "dist/*" -x "build/*" -x "target/*" \
-x ".mypy_cache/*" -x ".pytest_cache/*" -x ".tox/*" \
-x ".next/*" -x "cdk.out/*" -x ".DS_Store" -x "*.pyc"SCAN_ID="tm-$(date +%s)-$(openssl rand -hex 3)"
WORKSPACE_ID=$(printf '%s' "$(pwd)" | md5sum | cut -c1-12)
aws s3 cp /tmp/source.zip s3://<bucket>/security-scans/source/${WORKSPACE_ID}/source.zipaws s3 cp /path/to/requirements.md s3://<bucket>/security-scans/threat-models/${SCAN_ID}/specs/requirements.md
aws s3 cp /path/to/design.md s3://<bucket>/security-scans/threat-models/${SCAN_ID}/specs/design.mdaws securityagent create-threat-model --agent-space-id <id> --title <title> \
--service-role <role-arn> \
--assets sourceCode=[{s3Location=s3://<bucket>/security-scans/source/${WORKSPACE_ID}/source.zip}] \
--scope-docs '[{"s3Location":"s3://<bucket>/security-scans/threat-models/'${SCAN_ID}'/specs/requirements.md"},{"s3Location":"s3://<bucket>/security-scans/threat-models/'${SCAN_ID}'/specs/design.md"}]'threatModelIdaws securityagent start-threat-model-job --agent-space-id <id> --threat-model-id <tm-id>threatJobIdscans.jsonscan_type: "THREAT_MODEL"aws securityagent batch-get-threat-model-jobs --agent-space-id <id> --threat-model-job-ids <tj-id>aws securityagent list-threats --agent-space-id <id> --threat-job-id <tj-id>nextToken--next-tokenstatementseveritystridethreatImpactrecommendationimpactedAssets🟣 CRITICAL: {statement}
STRIDE: {stride}
Impact: {threatImpact}
Assets: {impactedAssets}
Recommendation: {recommendation}
🔴 HIGH: {statement}
....security-agent/findings-{scan_id}.mdthreat-model-<feature-name>