Listing Thumbnail

    ThreatWerk - Self-Hosted Threat Modeling Platform

     Info
    Sold by: LEGIC 
    Deployed on AWS
    Accelerate threat model coverage across teams with self-hosted STRIDE analysis, real-time collaboration, and continuous CVE correlation from 16+ feeds on your own EKS cluster.

    Overview

    Self-Hosted Threat Modeling With Full Data Sovereignty

    ThreatWerk is a self-hosted threat modeling platform that keeps your threat models, architecture diagrams, and vulnerability data entirely within your AWS account. No SaaS vendor ever accesses your security posture. Deploy to your EKS cluster via Helm chart, connect to your own RDS instance and AWS Secrets Manager, and maintain complete control over your data.

    What You Achieve

    • Faster threat model creation - Teams build Data Flow Diagrams, run STRIDE analysis, score risks with OWASP methodology, and map threats to MITRE ATT&CK and CAPEC frameworks in a single workspace.
    • Continuous vulnerability awareness - The platform ingests CVEs from NVD, CISA KEV, and 14+ additional threat feeds, then auto-correlates them to your architecture via SBOM Package URLs or custom supply chain tags.
    • EU Cyber Resilience Act readiness - Track compliance across all 13 Annex I requirements with built-in controls mapping, reducing manual audit preparation.
    • AI-assisted security engineering - A built-in MCP server connects your threat models to AI coding assistants like Kiro, Claude, and Cursor, letting them query threats, add components, and score risks directly within developer workflows.

    Real-Time Collaboration

    Multiple engineers edit the same threat model simultaneously with real-time collaborative editing. Security architects, developers, and compliance teams work together without version conflicts or handoff delays.

    Deploy in Your Environment

    ThreatWerk deploys to your EKS cluster using a Helm chart. Infrastructure requirements include:

    • Amazon EKS cluster
    • Amazon RDS instance
    • AWS Secrets Manager
    • Standard IAM roles and policies

    All data remains within your AWS account. Export everything in Open Threat Model format - no vendor lock-in.

    Supply Chain Intelligence

    The platform continuously monitors 16+ threat intelligence feeds and matches newly disclosed CVEs to your specific components using SBOM Package URLs. This shifts vulnerability management from reactive scanning to proactive, architecture-aware alerting.

    Built for Security Teams

    ThreatWerk is designed for application security engineers, security architects, and DevSecOps teams who need structured threat modeling integrated into their development lifecycle. The MCP server integration brings threat context directly into AI-assisted coding environments, making security a natural part of the build process rather than a separate gate.

    Getting Started

    ThreatWerk offers Team and Enterprise tiers. The Team tier provides collaborative threat modeling with full platform capabilities. Enterprise customers receive priority support with optional custom SLAs and dedicated onboarding assistance. Contact sales@threatwerk.com  for enterprise inquiries or to schedule a guided deployment session.

    Visit threatwerk.com for product documentation and the deployment guide.

    Highlights

    • Self-hosted with full data sovereignty. Your threat models, architecture diagrams, and vulnerability data never leave your AWS account. Deploy to EKS with a Helm chart, connect to your own RDS and Secrets Manager. No vendor lock-in - export everything in Open Threat Model format. Teams maintain complete control over sensitive security posture data without relying on external SaaS infrastructure.
    • AI-native threat modeling that accelerates security engineering. Built-in MCP server lets Claude, Kiro, and Cursor query threats, add components, and score risks directly in developer workflows. Real-time collaborative editing enables multiple engineers to work on the same model simultaneously. STRIDE analysis, OWASP risk scoring, and MITRE ATT&CK mapping are unified in a single workspace.
    • Continuous supply chain intelligence with automated CVE correlation. Ingests vulnerabilities from NVD, CISA KEV, and 14+ additional feeds, then auto-matches them to your architecture via SBOM Package URLs or custom supply chain tags. Shifts vulnerability management from reactive scanning to proactive alerting. EU Cyber Resilience Act compliance tracking covers all 13 Annex I requirements to reduce manual audit preparation.

    Details

    Sold by

    Delivery method

    Supported services

    Delivery option
    ThreatWerk Container Deployment (ECS)
    ThreatWerk Helm Deployment

    Latest version

    Operating system
    Linux

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    ThreatWerk - Self-Hosted Threat Modeling Platform

     Info
    Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    1-month contract (1)

     Info
    Dimension
    Description
    Cost/month
    Seats
    Number of user seats included in the contract
    $59.00

    Vendor refund policy

    ThreatWerk subscriptions are non-refundable. All plans include a 14-day free trial with full platform access, allowing you to evaluate the product before committing to a paid contract. Buyers may cancel their subscription at any time to prevent renewal, but no refunds are issued for the current billing period. For questions or concerns, contact support@threatwerk.com .

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    ThreatWerk Container Deployment (ECS)

    Supported services: Learn more 
    • Amazon ECS
    • Amazon EKS
    Container image

    Containers are lightweight, portable execution environments that wrap server application software in a filesystem that includes everything it needs to run. Container applications run on supported container runtimes and orchestration services, such as Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). Both eliminate the need for you to install and operate your own container orchestration software by managing and scheduling containers on a scalable cluster of virtual machines.

    Version release notes

    ThreatWerk 26.07 - Initial Release

    Collaborative threat modeling platform with real-time multi-user editing.

    Core features:

    • Visual diagram editor with components, data flows, and trust boundaries
    • STRIDE-based threat identification and management
    • OWASP risk scoring with automatic severity calculation
    • MITRE ATT&CK technique mapping per threat
    • CAPEC attack pattern linking
    • CRA Annex I requirements tracking
    • Real-time collaborative editing with WebSocket sync
    • Model version history with diff view
    • OTM (Open Threat Model) import and export
    • PDF report generation

    Security and identity:

    • Local authentication with TOTP 2FA and WebAuthn/passkey support
    • SSO/OIDC integration (configurable via admin panel)
    • Team-based access control with role inheritance
    • Per-model access grants (owner, editor, viewer)

    Supply chain intelligence:

    • CVE/vulnerability intel feed (NVD, GHSA, OTX)
    • Automatic matching of CVEs to model components via supply chain tags
    • SBOM ingestion from S3 with scheduled sync
    • ATT&CK heatmap showing coverage vs exposure
    • Intel campaigns for tracking related vulnerabilities

    Infrastructure:

    • Helm chart deployment for EKS and self-managed Kubernetes
    • AWS Secrets Manager integration for credential management
    • AWS License Manager integration for entitlement validation
    • SES email notifications (optional)
    • Horizontal scaling with stateless backend pods

    Template library:

    • Built-in infrastructure templates (AWS services, databases, messaging)
    • Personal and team-scoped custom templates
    • Stamp templates onto diagrams with pre-defined threats

    MCP server:

    • Model Context Protocol interface for AI-assisted threat modeling
    • Full CRUD for models, components, data flows, threats, and risk scores

    Additional details

    Usage instructions

    Prerequisites:

    • AWS account with permission to create VPC, ECS, RDS, ALB, ACM, Secrets Manager, and IAM resources
    • A domain name with DNS you control (for TLS certificate validation)
    • AWS CLI configured with appropriate credentials

    Deploy:

    1. Download the CloudFormation template: https://threatwerk.com/docs/cloudformation/threatwerk-ecs.yaml 

    2. Deploy the stack (Console or CLI):

    aws cloudformation create-stack
    --stack-name threatwerk
    --template-body file://threatwerk-ecs.yaml
    --capabilities CAPABILITY_NAMED_IAM
    --parameters
    ParameterKey=DomainName,ParameterValue=threatwerk.yourcompany.com
    ParameterKey=DBPassword,ParameterValue=<min-16-char-password>
    ParameterKey=AllowedInboundCidr,ParameterValue=<your-cidr>/32

    Stack creation takes 15-25 minutes. Validate the ACM certificate via DNS immediately (a CNAME record is shown in the ACM console) - the stack blocks until validated.

    1. Push container images to the ECR repositories (URIs shown in stack outputs):

    aws ecr get-login-password --region <your-region> | docker login --username AWS --password-stdin <account-id>.dkr.ecr.<region>.amazonaws.com

    1. Update the Secrets Manager secret (ARN in stack outputs) - replace JWT_SECRET and ENCRYPTION_KEY with strong random values:

    openssl rand -base64 48

    The DATABASE_URL is pre-configured automatically. The database is created by the stack.

    1. Force a new deployment to pick up the updated secrets:

    aws ecs update-service --cluster threatwerk-production --service threatwerk-production-backend --force-new-deployment

    1. Point DNS to the ALB (shown in stack outputs), then open the URL to create the initial admin account.

    The template deploys 2 backend replicas and 1 frontend replica by default. ALB idle timeout is set to 180s for WebSocket support. RDS is Multi-AZ by default.

    Full deployment guide: https://threatwerk.com/docs/ThreatWerk-ECS-Deployment-Guide.pdf  AWS infrastructure setup: https://threatwerk.com/docs/ThreatWerk-AWS-Setup-Guide.pdf 

    Support

    Vendor support

    Support Channels

    Support Tiers

    Free Trial Access to product documentation and the deployment guide for self-service evaluation.

    Team Tier Email support for deployment, configuration, and product questions. Support is available during business hours.

    Enterprise Tier Priority email support with the option for a custom SLA tailored to your organization's requirements. Includes dedicated onboarding assistance and migration support for teams transitioning from other threat modeling tools.

    Getting Help

    For deployment issues, configuration questions, or product troubleshooting, contact support@threatwerk.com  with your account details and a description of the issue. For billing questions or refund requests, use the same email address and include your AWS Marketplace subscription ID.

    Enterprise customers interested in dedicated onboarding, custom SLAs, or guided deployment sessions should contact sales@threatwerk.com  to discuss engagement options.

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Customer reviews

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 reviews
    No customer reviews yet
    Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.