AWS securityagent documentation change
Summary
Added documentation for threat modeling feature including configuration, inputs, and output details
Security assessment
This adds extensive documentation about threat modeling capabilities (STRIDE analysis, system overviews, actionable recommendations) which is a security feature. No evidence shows it addresses a specific vulnerability.
Diff
diff --git a/securityagent/latest/userguide/understand-lifecycle.md b/securityagent/latest/userguide/understand-lifecycle.md index cb34e1b46..cce94003a 100644 --- a//securityagent/latest/userguide/understand-lifecycle.md +++ b//securityagent/latest/userguide/understand-lifecycle.md @@ -34,0 +35 @@ Resource | What it is | Why it’s scoped per application +**Threat models** | Threat modeling assessments that build a system overview and identify threats from source code, design documents, or both | Each application has its own code and design, and is threat modeled independently. Threat models are reusable configurations that you can re-run as your code and design evolve. @@ -109,0 +111,13 @@ Both modes use your configured code review settings (security vulnerabilities, c +### Threat models: Reusable configurations with on-demand runs + +Threat models use a configuration-and-run model that supports iterative assessment of your architecture: + + * **Create once, run many times** – Define a threat model by selecting source code as sources, uploading design documents as scope docs, or both. Run it on demand and re-run it as your code and design evolve. + + * **Flexible inputs** – Run a threat model on source code only, design documents only, or both. Scope docs define what the agent focuses its analysis on; source code provides context about your existing system. + + * **System overview and threats** – Each run produces a system overview describing your application’s architecture, trust boundaries, data flows, and security posture, along with a set of threats classified by STRIDE category with severity, evidence, and actionable recommendations. + + + + @@ -133 +147,3 @@ The hierarchy determines where you configure and access different resources: - * View findings from penetration tests, code reviews, and design reviews + * Create, manage, and run threat models against source code, scope docs, or both + + * View findings from penetration tests, code reviews, design reviews, and threat models