SecureFlag ThreatCanvas for Azure

Threat model your features with AI-powered tooling.

The SecureFlag ThreatCanvas plugin helps you integrate security early in your development lifecycle by automatically generating threat model diagrams from your Azure Boards work item descriptions.

Developers can customize these diagrams to address the unique security challenges of their applications. A security-first approach to application development has never been easier.

Installation

Access the app via Visual Studio Marketplace.

Click the Get it free button. From there, select the organization on which to install the plugin and click Install.

The plugin is available for free.

Admin Settings

Azure DevOps administrators can configure the app to use a Custom ThreatCanvas URL.

Accessing the Configuration

1. From the Azure DevOps organization home page, select Organization Settings (gear icon on the bottom left).
2. In the left pane, under Extensions, select ThreatCanvas Configuration.
   

Configuration Options

Custom URL Settings

Admins can configure a custom URL for ThreatCanvas:

1. Enable Custom URL: Toggle on to allow the use of a custom ThreatCanvas URL.
2. ThreatCanvas Custom URL: Enter the full URL (including protocol).
   
   

Saving the Configuration

After making changes, click Save to apply the settings.

Usage

Navigate to the ThreatCanvas tab on the work item describing a feature.

Click on Launch, and you will be prompted to log in to your SecureFlag account. Optionally, you may include the parent or child work items in the ThreatCanvas context by selecting them from the Additional Work Item dropdown before launching.

Example Additional Work Items Selection:

That’s it! A threat model diagram will be generated automatically based on the description of the current work item and any additional work items you selected. You can now explore and refine the diagram as needed.

For example:

The work item description above generated the following threat model:

Approve Work Items (Read) Permission

The plugin requires the Work items (read) permission to enable the additional issues selection feature.  

Note: For versions earlier than 1.2.0, an admin must authorize this permission to update the plugin to the latest version.  

If you have administrative privileges, follow these steps to authorize and update the plugin:

1. Go to Organization settings > Extensions (under General).
2. Locate the SecureFlag ThreatCanvas plugin banner, which should display Pending review.
3. Click Review on the message: "SecureFlag ThreatCanvas is requesting authorization of new scopes".
   
   
   
   
   
   
   
   
4. In the authorization window that appears, click Authorize.
   
   
   
   
   
   

Once authorized, the plugin will automatically update to the latest version with the required permissions.

Feedback

Got a new feature in mind? Something not working quite right? We genuinely want to hear from you! Please reach out using our contact form.

• Related Articles

• SecureFlag ThreatCanvas for Jira

  AI-powered threat modelling -- for Jira Cloud and Jira Data Center! SecureFlag ThreatCanvas for Jira Cloud and Jira Data Center enables developers to easily generate threat models from issues describing new features or changes to be made. ...

• Azure Plugin

  Contextual software security microtraining for issues and pull requests, powered by the SecureFlag knowledge base. This plugin adds a new page to issues that mention security vulnerabilities, with a recommended lab and information from the SecureFlag ...

• SecureFlag GitLab Integration

  Contextual software security microtraining for GitLab's vulnerability reports, powered by the SecureFlag Knowledge Base. With our GitLab integration you can receive links to SecureFlag training related to the vulnerability identified in a ...

• SecureFlag Analyzer Extension for VS Code

  AI-powered vulnerability detection, right in your IDE. Overview The SecureFlag Analyzer extension integrates into VS Code to deliver real-time security analysis as you code. Powered by advanced LLMs (Anthropic and ChatGPT), it detects potential ...

• Live Notifications for Slack

  Stay connected, informed, and engaged, right in Slack. The SecureFlag Slack Integration brings personalized, real-time updates from the SecureFlag platform directly into your Slack workspace. Whether you're celebrating achievements, staying on top of ...