Dethernety

Open-source, graph-native threat modeling platform
Website · Getting started · Documentation · Videos · Contributing

---

Overview

Dethernety is a graph-native threat modeling tool. Your models are stored as actual graph structures (Neo4j or Memgraph) -- components, data flows, boundaries, and controls are nodes and relationships, not rows in a table. This is what makes attack path traversal, impact analysis, and dependency mapping across your architecture possible. You build models visually with a drag-and-drop editor, then run security analysis to surface findings mapped to MITRE ATT&CK techniques and D3FEND countermeasures.

Everything domain-specific -- component types, analysis logic, security controls, issue types -- is provided by executable JavaScript modules. The platform ships with two: a default Dethernety Module and a MITRE frameworks module. See Module system for how to build your own.

Quick start

Demo (recommended)

The fastest way to try Dethernety. No OIDC provider needed — authentication is disabled for local evaluation.

Prerequisites: Node.js 18+, pnpm 9+, Docker (with Compose v2). Python 3 is optional (needed for MITRE ATT&CK/D3FEND data).

cd demo
./demo.sh   # builds, starts, and installs modules

Open http://localhost:3003 — no login required.

The script builds the workspace, creates a Docker image, starts three services (Memgraph + OPA + Dethernety), and installs modules. Subsequent runs skip the build. See demo/README.md for details and troubleshooting.

From source

Prerequisites: Node.js 18+, pnpm 9.13+, Neo4j or Memgraph, an OIDC provider.

git clone https://github.com/dether-net/dethernety-oss.git
cd dethernety-oss

pnpm install

cp env.production.template .env
# Edit .env with your database and OIDC settings

pnpm m-ingest    # Load MITRE framework data
pnpm dev         # Start development servers

Frontend: http://localhost:3005 | GraphQL API: http://localhost:3003/graphql

Production

Production deployment requires configuring authentication (OIDC), database, policy engine, and module installation. See the Configuration Guide for the full setup.

Features

• Visual modeling -- Drag-and-drop data flow editor with components, boundaries, and trust zones
• Graph-native storage -- Models stored as graph structures, enabling attack path traversal and impact analysis
• Executable module system -- Component classes, analysis logic, controls, and integrations are all provided by JavaScript modules loaded at runtime
• MITRE ATT&CK / D3FEND -- Exposure-to-technique mapping and defensive countermeasure recommendations
• File-based persistence -- Export models as JSON files you can version-control alongside your code, edit offline, and re-import
• Issue tracking -- Create issues from findings with automatic element association, filtering, and merge
• Dethereal — Claude Code plugin -- 14 slash commands, 4 specialized AI agents, 22 MCP tools, and an 11-step guided workflow for AI-assisted threat modeling. Includes a per-Control library mirrored to local files (controls/<id>.json) with shared-ownership safety prompts on push, an append-only control-decision audit log, and a WAL-protected ID-rebinding mechanism for crash-safe greenfield Controls. See Dethereal Plugin docs.

Architecture

┌─────────────┐     GraphQL/WS     ┌─────────────┐    Bolt/Cypher    ┌─────────────┐
│   dt-ui     │ <────────────────> │             │ <───────────────> │  Neo4j /    │
│  (Vue 3)    │                    │             │                   │  Memgraph   │
└─────────────┘                    │   dt-ws     │                   └─────────────┘
                                   │  (NestJS)   │
┌─────────────┐      GraphQL       │             │
│  dethereal  │ <────────────────> │             │
│ (CC plugin) │                    └─────────────┘
└─────────────┘                           │
                                     Module System
                                          │
                                    ┌─────┴──────┐
                                    │  Modules   │
                                    │ (dt-module)│
                                    └────────────┘

Two complementary frontends share the same GraphQL backend: dt-ui for visual modeling in the browser, and dethereal (a Claude Code plugin) for AI-assisted modeling driven from your terminal or IDE. The plugin stores models as version-controlled JSON next to the code, fitting a DevSecOps shift-left workflow — threat models reviewed in PRs, evolved with the system, kept honest by the same source-control discipline that gates application code.

Built with Vue 3, NestJS, Neo4j/Memgraph, GraphQL, OPA/Rego, and TypeScript MCP. OIDC authentication end-to-end.

Documentation

User guides

Guide	Description
Building Your First Model	Step-by-step tutorial for creating a threat model
Component Configuration	Component setup, class assignment, and attributes
Security Analysis	Running analysis and interpreting results
Security Controls	Creating, configuring, and assigning controls
Modules	How the module system works
Issue Management	Issue creation, filtering, merging, and integration
Dethereal Plugin	AI-assisted threat modeling with the Claude Code plugin

Architecture

Document	Description
Backend	NestJS backend, GraphQL API, module registry
Frontend	Vue.js frontend, stores, data flow editor
Module System	Module interfaces, base classes, packaging
Data Access Layer	Shared TypeScript interfaces and graph operations
Dethereal	Claude Code plugin architecture — skills, agents, MCP tools, control library, sync/publish model
Architecture Decision Records	Rationale behind major technical decisions
Configuration	Environment variables and deployment settings
Security Model	Security architecture and protections
Glossary	Domain terminology reference

Module system

Modules are executable JavaScript/TypeScript code, not static configuration or templates. A module can define component classes for threat modeling, implement analysis logic, provide security controls, create issue types, or integrate with external systems. Because they're real code, there's no hard limit on what a module can do -- anything you can write in JS is fair game.

You don't have to start from scratch. The platform ships with a base class library (dt-module) that handles registration, schema definition, and lifecycle management. For analysis, modules can use built-in OPA/Rego policy evaluation to write detection rules declaratively, or implement their own logic. The included Dethernety Module is a working reference implementation.

See the development guide for building your own.

Project structure

dethernety-oss/
├── apps/
│   ├── dt-ui/              Vue 3 frontend (Vuetify + Vue Flow)
│   ├── dt-ws/              NestJS backend (GraphQL + Bolt/Cypher)
│   └── dethereal/          Claude Code plugin (skills, agents, MCP server) for AI-assisted threat modeling
├── packages/
│   ├── dt-core/            Shared TypeScript interfaces and utilities
│   ├── dt-module/          Module system base classes
│   ├── eslint-config/      Shared ESLint configuration
│   └── typescript-config/  Shared TypeScript configuration
├── modules/
│   ├── dethernety-module/  Default threat modeling module
│   └── mitre-frameworks/   MITRE ATT&CK and D3FEND data
├── docs/                   Documentation
├── demo/                   One-command demo (Memgraph + OPA + Dethernety)
└── scripts/                Build scripts and module-manager CLI

Contributing

We welcome contributions. Please read CONTRIBUTING.md before submitting pull requests. By participating, you agree to follow our Code of Conduct.

All contributors must sign the Contributor License Agreement.

Security

To report vulnerabilities, see SECURITY.md. Do not open public issues for security reports.

License

GNU Affero General Public License v3.0 (AGPL-3.0-only).

Copyright 2025-2026 dether-net.