Consuming TrustOnCloud ThreatModels¶
TrustOnCloud provides multiple ways to access and integrate ThreatModels, ranging from simple one-off delivery to deeper, programmatic integration. This flexibility allows customers to choose the option that best aligns with their technical maturity, security requirements, and operational workflows.
This document outlines each supported delivery method, including formats, typical use cases, and key considerations.
Overview of Access Methods¶
| Method | Integration Effort | Formats | Best For |
|---|---|---|---|
| Email Delivery | Very low | PDF, DOCX, JSON | One-off or ad hoc usage |
| Pre-signed S3 Download | Low | PDF, DOCX, JSON (ZIP) | Bulk delivery without integration |
| Dedicated GitHub Organization | Medium | JSON only | Programmatic access and version control |
| TrustOnCloud Web Application | None | UI access | Interactive exploration and review |
1. Email Delivery¶
Description¶
ThreatModels can be delivered directly via email as file attachments.
Supported Formats¶
- DOCX
- JSON
How It Works¶
- You provide one or more recipient email addresses.
- ThreatModels are sent as email attachments.
- Each ThreatModel is delivered in all supported formats.
Size Limits¶
- We can deliver compressed ThreatModels up to either 10 MB or 20 MB, depending on your email attachment limits.
Use Cases¶
- One-off deliveries
- Minimal or no integration
- Internal review or manual consumption
Considerations¶
- Best suited for small numbers of ThreatModels or "air-gapped" integration
- Not intended for automation or large-scale distribution
2. Pre-signed S3 Download¶
Description¶
For bulk delivery without deeper integration, TrustOnCloud can generate a pre-signed Amazon S3 URL.
Supported Formats¶
- DOCX
- JSON
How It Works¶
- A secure, time-limited S3 pre-signed URL is generated.
- The URL allows download of a ZIP archive.
- The archive can contain multiple ThreatModels.
- Each ThreatModel includes all supported formats.
Use Cases¶
- Bulk delivery
- Larger data sets that exceed email size limits
- Simple automation without API integration
Considerations¶
- No email size constraints
- URL access is temporary (valid 6 days) and controlled
- No ongoing synchronization or versioning
3. Dedicated GitHub Organization¶
Description¶
TrustOnCloud provides a dedicated GitHub organization for customers who require structured, programmatic access to ThreatModels.
Supported Formats¶
- JSON only
How It Works¶
- TrustOnCloud creates and owns a dedicated GitHub organization for you.
- You may nominate up to three GitHub users to be added. If more users are required, contact TrustOnCloud.
- ThreatModels are maintained as version-controlled JSON files.
- Customers typically access data using the GitHub API or Git workflows.
Security Controls¶
- Two-factor authentication (2FA) is mandatory
- IP restrictions are enforced
- TrustOnCloud manages access and permissions
- Customers must notify TrustOnCloud of any user changes
Use Cases¶
- Automation and integration into internal systems
- Version tracking and change management
- Secure, controlled programmatic access
Considerations¶
- Requires ongoing user management coordination
- Designed for engineering and security teams
4. TrustOnCloud Web Application¶
Description¶
ThreatModels are accessible through the TrustOnCloud web application.
Access URL¶
- https://app.trustoncloud.com
How It Works¶
- Access is activated on demand. It is disabled by default.
- All subscribed ThreatModels are available through the UI.
- Content is always up to date.
Use Cases¶
- Interactive browsing and review
- Non-technical stakeholders
- Centralized access without file handling
Considerations¶
- UI-based access only
- Not intended for bulk export or automation
Choosing the Right Access Method¶
- Email for simplicity and one-off needs or "air-gapped" integration
- Pre-signed S3 for bulk delivery without integration
- GitHub for automation, version control, and API access
- Web application for interactive and on-demand access
If you are unsure which option best fits your use case, contact TrustOnCloud to discuss your requirements.
Support and Customization¶
If you require: - Additional GitHub users - Custom delivery workflows - Alternative integration options
Please contact TrustOnCloud support for assistance.