T
Interactive tour

Guided walkthrough of terep's API-first threat modeling flow

Click through each step to see how terep takes you from DFD JSON to a System Knowledge Graph, STRIDE threats, history and diagrams you can plug into your own workflows.

Step 1 of 4

Step 1 · Define system & ingest DFD

Start with the system you actually ship

Create a system record, then push DFD JSON from your favorite modeling tool so terep can track architecture as it changes.

API flow

  • Bootstrap and log in via /auth/bootstrap and /auth/login to obtain a JWT.
  • Create a system with POST /systems, describing the application or service you want to model.
  • Ingest a DFD snapshot for that system via POST /systems/{systemId}/dfd/json using terep's DFD schema.

How it looks in terep

Create systemPOST /systems

System details

  • Name: Payments API
  • Owner: appsec@company.com
  • Tags: prod, critical

DFD upload

POST /systems/{systemId}/dfd/json

trust_zones, processes, entities, data_stores, flows…

What you bring

  • DFDs exported or generated from tools like draw.io, Lucidchart or custom scripts.
  • Context on trust zones, processes, external entities, data stores and flows.
  • A list of priority systems you want to keep under continuous threat modeling.
1/4Use Next or click any step pill above to jump around the tour.

This interactive tour describes an illustrative version of terep to help you understand how DFD ingestion, SKG, STRIDE threats and versioned history could fit into your threat modeling practice.