Schema committed to repo as JSON schema

[johnandersen777]

Describe what problem your feature request solves

Would like to be able to validate conformity of serialized threat models using standard tooling (JSON schema validation).

Describe the solution you'd like

If there could be a docs/development/schema/owasp.threat-dragon.schema.json would be great, then we could do validation.

Additional context

The Open Architecture Working Group would like to consume threat models from Threat Dragon, and one of the core principles of the Open Architecture is to understand the schema of data being referenced within each domain specific format. The Open Architecture is a proxy format for domain specific representations of architecture. Threat Dragon's format is among one of the first we are targeting.

• Alice intel/dffml#1369 (reply in thread)
• https://github.com/intel/dffml/tree/alice/docs/tutorials/rolling_alice

[jgadsden]

Hello @pdxjohnny

Apologies for not responding sooner, I was on vacation in a place without internet (hard to find, but they still exist :)

This looks a good addition to Threat Dragon, and it is great that Threat Dragon is among the first you would like to target.

Do you have a solution that you would like to see, a suggested owasp.threat-dragon.schema.json ?

[johnandersen777]

Hey no worries at all hope you had fun!

Yes, that would be a perfect filename. Our goal is to have the file URL include both the format name and format version, this way we can validate contents with the schema respective to its version. When releases are tagged we’ll be able to grab the version from the tagged raw URL to the schema file.

Thank you!

[jgadsden]

beginning work on this because is it will help with Threat Dragon version 2.0 backward compatibility with version 1.x models

The schema format definition at docs/development/schema.md should follow the schema shown in the Open Threat Model github project.

The json schema itself is following Understanding JSON Schema

[jgadsden]

Hello @pdxjohnny
Just checking what you need from Threat Dragon. We have the following, which one did you need?

1. Docs type markdown (in progress)
2. JSON schema definition (in progress)
3. Various existing threat models, for example

[johnandersen777]

(2) was the original intent of this issue’s scope.

Thank you!

[jgadsden]

Cool, thanks @pdxjohnny - will work on this schema and the .md docs can follow in their own time
Once the pull request is ready I will put you down as a reviewer

[jgadsden]

Hello @pdxjohnny, the the completed json schema is in #508 . Is this looking OK? I have put it all in one 400 line file ... hope that is normal thing to do

[johnandersen777]

Thank you! It looks great. I’ll run some code today and play around with it and get back to you in the PR to confirm.