How does tm-tests know which threats to test?

It integrates with the Threat Modeling Toolkit by reading the state files located in your .threatmodel directory to identify existing threats and controls.

Which test frameworks are supported by tm-tests?

The skill currently supports generating test code for Jest (TypeScript/JavaScript), Pytest (Python), and Playwright, as well as Markdown for documentation purposes.

Can I generate tests for a specific security control?

Yes, you can use the --control flag followed by the control ID to generate targeted verification tests for a specific mitigation.

What is the security coverage matrix?

It is a generated JSON file that maps your test suite to your threat model, showing exactly which threats are covered by tests and which remain untested.

Threat Model Security Testing

Name: Threat Model Security Testing
Author: josemlopez

byjosemlopez

セキュリティとテスト

Generates automated security test cases and attack scenarios directly from threat models to verify controls and prevent regressions.

概要

The tm-tests skill bridges the gap between security design and implementation by automatically transforming threat models into actionable test suites. It utilizes data from STRIDE or PASTA frameworks to generate negative attack tests and positive control verification tests in formats like Jest, Pytest, and Playwright. By providing a detailed coverage matrix, it ensures that every identified threat has a corresponding verification mechanism, helping teams maintain a robust security posture throughout the development lifecycle.

主な機能

0 GitHub stars
Comprehensive coverage matrix mapping tests to threats and controls
Multi-format support for Jest, Pytest, Playwright, and Markdown
Automated generation of attack scenarios based on identified threats
Automated identification of untested threats and security gaps
Positive and negative test generation for security boundary validation

ユースケース

Building automated security regression suites for CI/CD pipelines
Generating documentation for manual penetration testing and security audits
Verifying the effectiveness of specific security controls against STRIDE threats

概要

主な機能

0 GitHub stars
Comprehensive coverage matrix mapping tests to threats and controls
Multi-format support for Jest, Pytest, Playwright, and Markdown
Automated generation of attack scenarios based on identified threats
Automated identification of untested threats and security gaps
Positive and negative test generation for security boundary validation

ユースケース

Building automated security regression suites for CI/CD pipelines
Generating documentation for manual penetration testing and security audits
Verifying the effectiveness of specific security controls against STRIDE threats