How does tm-tests know which threats to test?

It integrates with the Threat Modeling Toolkit by reading the state files located in your .threatmodel directory to identify existing threats and controls.

Which test frameworks are supported by tm-tests?

The skill currently supports generating test code for Jest (TypeScript/JavaScript), Pytest (Python), and Playwright, as well as Markdown for documentation purposes.

Can I generate tests for a specific security control?

Yes, you can use the --control flag followed by the control ID to generate targeted verification tests for a specific mitigation.

What is the security coverage matrix?

It is a generated JSON file that maps your test suite to your threat model, showing exactly which threats are covered by tests and which remain untested.

Threat Model Security Testing

Name: Threat Model Security Testing
Author: josemlopez

byjosemlopez

0•

セキュリティとテスト

Generates automated security test cases and attack scenarios directly from threat models to verify controls and prevent regressions.

The tm-tests skill bridges the gap between security design and implementation by automatically transforming threat models into actionable test suites. It utilizes data from STRIDE or PASTA frameworks to generate negative attack tests and positive control verification tests in formats like Jest, Pytest, and Playwright. By providing a detailed coverage matrix, it ensures that every identified threat has a corresponding verification mechanism, helping teams maintain a robust security posture throughout the development lifecycle.

主な機能

010 GitHub stars

02Comprehensive coverage matrix mapping tests to threats and controls

03Multi-format support for Jest, Pytest, Playwright, and Markdown

04Automated generation of attack scenarios based on identified threats

05Automated identification of untested threats and security gaps

06Positive and negative test generation for security boundary validation

ユースケース

01Building automated security regression suites for CI/CD pipelines

02Generating documentation for manual penetration testing and security audits

03Verifying the effectiveness of specific security controls against STRIDE threats

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add josemlopez/threat-modeling-toolkit tm-tests

For use in Claude.ai and ChatGPT

Download Skill