Overview
Self-Hosted Threat Modeling With Full Data Sovereignty
ThreatWerk is a self-hosted threat modeling platform that keeps your threat models, architecture diagrams, and vulnerability data entirely within your AWS account. No SaaS vendor ever accesses your security posture. Deploy to your EKS cluster via Helm chart, connect to your own RDS instance and AWS Secrets Manager, and maintain complete control over your data.
What You Achieve
- Faster threat model creation - Teams build Data Flow Diagrams, run STRIDE analysis, score risks with OWASP methodology, and map threats to MITRE ATT&CK and CAPEC frameworks in a single workspace.
- Continuous vulnerability awareness - The platform ingests CVEs from NVD, CISA KEV, and 14+ additional threat feeds, then auto-correlates them to your architecture via SBOM Package URLs or custom supply chain tags.
- EU Cyber Resilience Act readiness - Track compliance across all 13 Annex I requirements with built-in controls mapping, reducing manual audit preparation.
- AI-assisted security engineering - A built-in MCP server connects your threat models to AI coding assistants like Kiro, Claude, and Cursor, letting them query threats, add components, and score risks directly within developer workflows.
Real-Time Collaboration
Multiple engineers edit the same threat model simultaneously with real-time collaborative editing. Security architects, developers, and compliance teams work together without version conflicts or handoff delays.
Deploy in Your Environment
ThreatWerk deploys to your EKS cluster using a Helm chart. Infrastructure requirements include:
- Amazon EKS cluster
- Amazon RDS instance
- AWS Secrets Manager
- Standard IAM roles and policies
All data remains within your AWS account. Export everything in Open Threat Model format - no vendor lock-in.
Supply Chain Intelligence
The platform continuously monitors 16+ threat intelligence feeds and matches newly disclosed CVEs to your specific components using SBOM Package URLs. This shifts vulnerability management from reactive scanning to proactive, architecture-aware alerting.
Built for Security Teams
ThreatWerk is designed for application security engineers, security architects, and DevSecOps teams who need structured threat modeling integrated into their development lifecycle. The MCP server integration brings threat context directly into AI-assisted coding environments, making security a natural part of the build process rather than a separate gate.
Getting Started
ThreatWerk offers Team and Enterprise tiers. The Team tier provides collaborative threat modeling with full platform capabilities. Enterprise customers receive priority support with optional custom SLAs and dedicated onboarding assistance. Contact sales@threatwerk.com for enterprise inquiries or to schedule a guided deployment session.
Visit threatwerk.com for product documentation and the deployment guide.
Highlights
- Self-hosted with full data sovereignty. Your threat models, architecture diagrams, and vulnerability data never leave your AWS account. Deploy to EKS with a Helm chart, connect to your own RDS and Secrets Manager. No vendor lock-in - export everything in Open Threat Model format. Teams maintain complete control over sensitive security posture data without relying on external SaaS infrastructure.
- AI-native threat modeling that accelerates security engineering. Built-in MCP server lets Claude, Kiro, and Cursor query threats, add components, and score risks directly in developer workflows. Real-time collaborative editing enables multiple engineers to work on the same model simultaneously. STRIDE analysis, OWASP risk scoring, and MITRE ATT&CK mapping are unified in a single workspace.
- Continuous supply chain intelligence with automated CVE correlation. Ingests vulnerabilities from NVD, CISA KEV, and 14+ additional feeds, then auto-matches them to your architecture via SBOM Package URLs or custom supply chain tags. Shifts vulnerability management from reactive scanning to proactive alerting. EU Cyber Resilience Act compliance tracking covers all 13 Annex I requirements to reduce manual audit preparation.
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
Pricing
Dimension | Description | Cost/month |
|---|---|---|
Seats | Number of user seats included in the contract | $59.00 |
Vendor refund policy
ThreatWerk subscriptions are non-refundable. All plans include a 14-day free trial with full platform access, allowing you to evaluate the product before committing to a paid contract. Buyers may cancel their subscription at any time to prevent renewal, but no refunds are issued for the current billing period. For questions or concerns, contact support@threatwerk.com .
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
ThreatWerk Container Deployment (ECS)
- Amazon ECS
- Amazon EKS
Container image
Containers are lightweight, portable execution environments that wrap server application software in a filesystem that includes everything it needs to run. Container applications run on supported container runtimes and orchestration services, such as Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). Both eliminate the need for you to install and operate your own container orchestration software by managing and scheduling containers on a scalable cluster of virtual machines.
Version release notes
ThreatWerk 26.07 - Initial Release
Collaborative threat modeling platform with real-time multi-user editing.
Core features:
- Visual diagram editor with components, data flows, and trust boundaries
- STRIDE-based threat identification and management
- OWASP risk scoring with automatic severity calculation
- MITRE ATT&CK technique mapping per threat
- CAPEC attack pattern linking
- CRA Annex I requirements tracking
- Real-time collaborative editing with WebSocket sync
- Model version history with diff view
- OTM (Open Threat Model) import and export
- PDF report generation
Security and identity:
- Local authentication with TOTP 2FA and WebAuthn/passkey support
- SSO/OIDC integration (configurable via admin panel)
- Team-based access control with role inheritance
- Per-model access grants (owner, editor, viewer)
Supply chain intelligence:
- CVE/vulnerability intel feed (NVD, GHSA, OTX)
- Automatic matching of CVEs to model components via supply chain tags
- SBOM ingestion from S3 with scheduled sync
- ATT&CK heatmap showing coverage vs exposure
- Intel campaigns for tracking related vulnerabilities
Infrastructure:
- Helm chart deployment for EKS and self-managed Kubernetes
- AWS Secrets Manager integration for credential management
- AWS License Manager integration for entitlement validation
- SES email notifications (optional)
- Horizontal scaling with stateless backend pods
Template library:
- Built-in infrastructure templates (AWS services, databases, messaging)
- Personal and team-scoped custom templates
- Stamp templates onto diagrams with pre-defined threats
MCP server:
- Model Context Protocol interface for AI-assisted threat modeling
- Full CRUD for models, components, data flows, threats, and risk scores
Additional details
Usage instructions
Prerequisites:
- AWS account with permission to create VPC, ECS, RDS, ALB, ACM, Secrets Manager, and IAM resources
- A domain name with DNS you control (for TLS certificate validation)
- AWS CLI configured with appropriate credentials
Deploy:
-
Download the CloudFormation template: https://threatwerk.com/docs/cloudformation/threatwerk-ecs.yaml
-
Deploy the stack (Console or CLI):
aws cloudformation create-stack
--stack-name threatwerk
--template-body file://threatwerk-ecs.yaml
--capabilities CAPABILITY_NAMED_IAM
--parameters
ParameterKey=DomainName,ParameterValue=threatwerk.yourcompany.com
ParameterKey=DBPassword,ParameterValue=<min-16-char-password>
ParameterKey=AllowedInboundCidr,ParameterValue=<your-cidr>/32
Stack creation takes 15-25 minutes. Validate the ACM certificate via DNS immediately (a CNAME record is shown in the ACM console) - the stack blocks until validated.
- Push container images to the ECR repositories (URIs shown in stack outputs):
aws ecr get-login-password --region <your-region> | docker login --username AWS --password-stdin <account-id>.dkr.ecr.<region>.amazonaws.com
- Update the Secrets Manager secret (ARN in stack outputs) - replace JWT_SECRET and ENCRYPTION_KEY with strong random values:
openssl rand -base64 48
The DATABASE_URL is pre-configured automatically. The database is created by the stack.
- Force a new deployment to pick up the updated secrets:
aws ecs update-service --cluster threatwerk-production --service threatwerk-production-backend --force-new-deployment
- Point DNS to the ALB (shown in stack outputs), then open the URL to create the initial admin account.
The template deploys 2 backend replicas and 1 frontend replica by default. ALB idle timeout is set to 180s for WebSocket support. RDS is Multi-AZ by default.
Full deployment guide: https://threatwerk.com/docs/ThreatWerk-ECS-Deployment-Guide.pdf AWS infrastructure setup: https://threatwerk.com/docs/ThreatWerk-AWS-Setup-Guide.pdf
Support
Vendor support
Support Channels
- Email: support@threatwerk.com
- Enterprise inquiries: sales@threatwerk.com
- Documentation and deployment guide: Available at https://threatwerk.com
Support Tiers
Free Trial Access to product documentation and the deployment guide for self-service evaluation.
Team Tier Email support for deployment, configuration, and product questions. Support is available during business hours.
Enterprise Tier Priority email support with the option for a custom SLA tailored to your organization's requirements. Includes dedicated onboarding assistance and migration support for teams transitioning from other threat modeling tools.
Getting Help
For deployment issues, configuration questions, or product troubleshooting, contact support@threatwerk.com with your account details and a description of the issue. For billing questions or refund requests, use the same email address and include your AWS Marketplace subscription ID.
Enterprise customers interested in dedicated onboarding, custom SLAs, or guided deployment sessions should contact sales@threatwerk.com to discuss engagement options.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.