Consuming TrustOnCloud ThreatModels¶
TrustOnCloud provides multiple ways to access and integrate ThreatModels, ranging from simple one-off delivery to deeper, programmatic integration. Choose the method that best aligns with your technical maturity, security requirements, and operational workflows. If you are unsure which option fits your use case, contact TrustOnCloud to discuss your requirements.
Delivery Modes¶
ThreatModels reach you through one of two delivery modes:
- Push — TrustOnCloud sends an updated ThreatModel weekly as soon as a new version is available. No action is required on your side.
- Pull — You request the latest ThreatModel from TrustOnCloud when you need it.
The TrustOnCloud Web Application uses a separate model: content is refreshed daily and is always current when you log in.
Overview of Access Methods¶
| Method | Formats | Delivery & Cadence | Integration Effort | Best For |
|---|---|---|---|---|
| Email Delivery | PDF, DOCX, JSON | Push or pull, weekly | Very low | One-off or ad hoc usage |
| Pre-signed S3 Download | PDF, DOCX, JSON (ZIP) | Pull, on request | Low | Bulk delivery without integration |
| Dedicated GitHub Organization | JSON only | Push, weekly | Medium | Programmatic access and version control |
| TrustOnCloud Web Application | UI access | Continuous (daily refresh) | None | Interactive exploration and review |
Email Delivery¶
Description¶
ThreatModels are delivered directly via email as file attachments, suitable for one-off or "air-gapped" consumption.
Formats¶
- DOCX
- JSON
Delivery and Updates¶
Email delivery supports both push and pull. With push, TrustOnCloud emails new versions weekly as they become available. With pull, you contact TrustOnCloud to request the current ThreatModel.
How It Works¶
- You provide one or more recipient email addresses.
- ThreatModels are sent as email attachments.
- Each ThreatModel is delivered in all supported formats.
Considerations¶
- Compressed ThreatModels can be delivered up to either 10 MB or 20 MB, depending on your email attachment limits.
- Best suited for small numbers of ThreatModels or "air-gapped" integration.
- Not intended for automation or large-scale distribution.
Pre-signed S3 Download¶
Description¶
For bulk delivery without deeper integration, TrustOnCloud generates a pre-signed Amazon S3 URL pointing to a ZIP archive of one or more ThreatModels.
Formats¶
- DOCX
- JSON
Delivery and Updates¶
Pull only. You contact TrustOnCloud when you need the latest ThreatModels and a fresh pre-signed URL is generated.
How It Works¶
- A secure, time-limited S3 pre-signed URL is generated.
- The URL allows download of a ZIP archive.
- The archive can contain multiple ThreatModels.
- Each ThreatModel includes all supported formats.
Considerations¶
- No email size constraints.
- URL access is temporary (valid 6 days) and controlled.
- No ongoing synchronization or versioning.
Dedicated GitHub Organization¶
Description¶
TrustOnCloud provides a dedicated GitHub organization for customers who require structured, programmatic access to ThreatModels with full version history.
Formats¶
- JSON only
Delivery and Updates¶
Push, weekly. New versions are committed to your dedicated repository as they become available, giving you a built-in change history.
How It Works¶
- TrustOnCloud creates and owns a dedicated GitHub organization for you.
- You may nominate up to three GitHub users to be added. If more users are required, contact TrustOnCloud.
- ThreatModels are maintained as version-controlled JSON files.
- Customers typically access data using the GitHub API or Git workflows.
Considerations¶
- Two-factor authentication (2FA) is mandatory.
- IP restrictions are enforced.
- TrustOnCloud manages access and permissions; customers must notify TrustOnCloud of any user changes.
- Designed for engineering and security teams.
TrustOnCloud Web Application¶
Description¶
ThreatModels are accessible interactively through the TrustOnCloud web application, suited to non-technical stakeholders and centralized review.
Formats¶
- UI access
Delivery and Updates¶
Continuous. Content is refreshed daily and is always current when you log in — push and pull do not apply.
How It Works¶
- Access URL: https://app.trustoncloud.com
- Access is activated on demand and is disabled by default.
- All subscribed ThreatModels are available through the UI.
Considerations¶
- UI-based access only.
- Not intended for bulk export or automation.
Support and Customization¶
If you require: - Additional GitHub users - Custom delivery workflows - Alternative integration options
Please contact TrustOnCloud support for assistance.