Features
STRIDE Detection AI Analysis Multi-Cloud Support
Security Documentation
Documentation Get Started

Get Started with ThreatMitigator

3 min read

Get Started with ThreatMitigator

Start identifying security threats in your Terraform configurations in minutes. Choose your installation method below.

Installation

Download ThreatMitigator

ThreatMitigator is available for download through our customer portal.

To get started:

  1. Contact sales@threatmitigator.app to request access
  2. You’ll receive credentials to access the customer portal
  3. Download the appropriate binary for your platform:
    • Linux (x86_64, ARM64)
    • macOS (Intel, Apple Silicon)
    • Windows (x86_64)

Installation:

After downloading, make the binary executable and move it to your PATH:

1
2
3
4
5
6

# Linux/macOS
chmod +x threatmitigator
sudo mv threatmitigator /usr/local/bin/

# Windows
# Add the downloaded .exe to your PATH

For enterprise customers, custom deployment options and package manager distribution are available. Contact sales@threatmitigator.app for details.

Quick Start Guide

1. Initialize Your Project

Set up threat tracking in your Terraform repository:

1
2

cd your-terraform-project
threatmitigator init .

This creates:

  • .threatmitigator.toml - Configuration file
  • .threatmodel.yaml - Threat tracking database

2. Run Your First Scan

Analyze your Terraform configurations:

1

threatmitigator scan ./terraform --format yaml

Output formats available:

  • --format yaml - Human-readable, Git-friendly
  • --format json - Machine-readable for tooling
  • --format sarif - Industry-standard code scanning integration
  • --format markdown - Documentation reports

3. Review Detected Threats

Examine the results:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

threats:
  - id: T-AWS-S3-001
    category: InformationDisclosure
    severity: high
    title: S3 bucket allows public access
    description: Bucket exposes data to the internet
    resource: aws_s3_bucket.example
    file: main.tf
    line: 15
    mitigation: Enable S3 Block Public Access

4. Enable AI Remediation (Optional)

Get intelligent fix recommendations:

1
2
3
4
5

# Set up your API key
export ANTHROPIC_API_KEY="sk-ant-..."

# Query specific threats
threatmitigator query T-AWS-S3-001 "How do I fix this?"

Supported providers:

  • OpenAI: Set OPENAI_API_KEY
  • Anthropic: Set ANTHROPIC_API_KEY
  • Ollama: Set OLLAMA_HOST (e.g., http://localhost:11434)

5. Track Threats Over Time

Mark threats as accepted, mitigated, or false positive:

1
2
3
4
5
6
7
8

# Accept a risk
threatmitigator accept T-AWS-S3-001 --reason "Public website bucket"

# Mark as mitigated
threatmitigator mitigate T-AWS-S3-002 --reason "Added encryption"

# Mark as false positive
threatmitigator dismiss T-AWS-S3-003 --reason "Not actually public"

Commit .threatmodel.yaml to version control to track changes over time.

Configuration

Create .threatmitigator.toml in your project root:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

[scan]
# Exclude patterns
exclude_patterns = [
  ".git/**",
  "node_modules/**",
  "**/*.tfvars"
]

# Minimum severity to report
min_severity = "low"  # low, medium, high, critical

[output]
# Default output format
default_format = "yaml"

# Where to store threat model
threat_model_path = ".threatmodel.yaml"

[llm]
# AI provider (optional)
provider = "anthropic"  # openai, anthropic, ollama
model = "claude-sonnet-4-20250514"
temperature = 0.3
max_tokens = 2048

CI/CD Integration

ThreatMitigator integrates seamlessly into your existing CI/CD pipelines. Contact support@threatmitigator.app for detailed integration guides for your specific platform.

Next Steps

  1. Read the Documentation - Full documentation
  2. Create Custom Rules - Custom rules guide
  3. Contact Support - Get help from our team at support@threatmitigator.app

Need Help?

Professional & Enterprise Support

Need priority support, custom rules, or on-premise deployment?

View Pricing Plans | Contact Sales