Security●●Solid
TMDD – continuous threat modelling that makes your code more secure
Threat models as code with AI-agent integration, but addresses a niche audience within security.
Big BrainNiche GemSolve My Problem
attasec
303mo ago
Back to browse
GitHub Repository
AI-maintained security annotations for code. Continuous threat modeling, enforced in CI.
16 starsTypeScript
GuardLink – A threat model that lives in your source code
by animesh93·Feb 23, 2026·2 points·1 comment
AI Analysis
●●SolidSolve My ProblemBig BrainShip It
Threat models that auto-update with your code via AI-maintained annotations.
Strengths
- •Annotation-in-code approach means threat context stays with code, not in abandoned Confluence.
- •AI-driven maintenance reduces manual update burden; CI enforcement prevents drift.
- •Structured comments with STRIDE/DREAD/PASTA analysis and CWE mapping.
Weaknesses
- •AI agent training/cost unclear; depends on whose Claude/GPT agent maintains annotations.
- •Only 2 GitHub stars and no evidence of multi-team validation or production use yet.
Category
Target Audience
Security engineers, development teams adopting threat modeling in CI/CD
Similar To
Semgrep · Snyk · GitHub Advanced Security
Similar Projects
Security●●Solid
MCP Security Checklist – security controls for MCP server deployments
36 controls across MCP security domains, but is a checklist—not a tool, agent, or enforcement mechanism.
Solve My ProblemCozy
Siri_D
203mo ago
Security●Mid
External Threat Protection in GitHub Agentic Workflow
MCP wrapper for SafeDep; valuable but depends entirely on Agentic Workflow adoption.
Ship It
knlsn
103mo ago
Security●●Solid
Secure SDLC Agents for Claude and Cursor (MCP)
Eight specialist agents catch what Claude Code misses, but it's prompts not actual code analysis.
Niche GemSolve My Problem
kirumachi
102mo ago
Security●●Solid
10-min AI threat model (STRIDE and MAESTRO), assumption-driven
Maps AI-specific threats (including MAESTRO/agentic risks) to STRIDE and spits out a concise PDF with data flows, a 5x5 risk matrix, and compliance pointers — useful for teams that need a fast, documented starting point. The smart part is surfacing and labeling assumptions so reviewers can correct the model; what's missing is transparency about how those assumptions affect risk scores and integrations (editable diagrams, CI/CD hooks, or sample reports would sell it).
Niche GemSolve My Problem
agairola
104mo ago
Developer Tools●Mid
HTML/React/Tailwind snippet preview, annotation and secure sharing tool
Annotation-to-HTML-comment conversion is neat, but CodePen and JSFiddle already exist.
CozyShip It
pdyc
102mo ago