-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Eric Fitzgerald edited this page Nov 15, 2025
·
10 revisions
TMI (Threat Modeling Improved) is a collaborative threat modeling platform that makes security analysis easier, faster, and more accurate.
Try it yourself at https://www.tmi.dev
TMI is a server-based web application that enables collaborative threat modeling with:
- Real-time collaborative diagram editing via WebSockets
- Role-based access control (reader, writer, owner)
- OAuth and SAML authentication
- Multiple threat model frameworks (STRIDE, CIA, etc.)
- Extensive extensibility
- Rich metadata support allows you to add your own data to any TMI object
- Webhooks allow your helper apps to subscribe to TMI object change notifications and take action
- Addons allow your webhook helper apps to be invoked from the TMI web application
-
REST API all TMI functionality is accessible via the REST API
- OpenAPI specification is used to build the TMI server; you can use it to generate your own clients
- Pre-generated clients in Go, Python and Javascript
TMI consists of multiple integrated components:
-
TMI Server - Go-based backend API server
- REST API specified in OpenAPI 3.0
- WebSocket support for real-time collaboration
- PostgreSQL database with Redis caching
- OAuth 2.0 & SAML authentication
-
TMI-UX - Angular/TypeScript web application
- Modern, responsive user interface
- Real-time collaborative editing
- Diagram editor with data flow visualization
- Markdown notes with Mermaid support
-
TMI Clients - API client libraries
- Multiple language support
- Simplified API integration
-
TMI Terraform Analyzer - Infrastructure analysis tool
- Automated Terraform code analysis
- AI-powered security insights
- Integration with threat models
-
TMI Promtail Logger - Logging integration
- Sends TMI logs to Grafana via Loki
- Centralized log management
Go to: Getting Started
Learn how to:
- Access TMI at tmi.dev
- Create threat models
- Build data flow diagrams
- Manage threats
- Collaborate with your team
Go to: Deployment
Learn how to:
- Plan your deployment architecture
- Deploy TMI Server
- Deploy TMI Web Application
- Set up authentication
- Configure databases
- Integrate components
Go to: Operation
Learn how to:
- Monitor system health
- Manage databases
- Ensure security
- Scale your deployment
- Perform maintenance
Go to: Development
Learn how to:
- Set up development environment
- Understand architecture
- Integrate with APIs
- Write tests
- Contribute code
- Build extensions
Go to: Troubleshooting
Find solutions for:
- Authentication problems
- Connection issues
- WebSocket problems
- Database issues
- Performance problems
- Real-time editing with multiple users
- WebSocket-based synchronization
- Role-based permissions
- Conflict-free collaborative editing
- Multiple threat model frameworks (STRIDE, CIA, etc.)
- Extensible metadata on all objects
- Custom properties and tags
- Rich markdown notes with Mermaid diagrams
- RESTful API with OpenAPI 3.0 spec
- WebSocket API with AsyncAPI spec
- OAuth 2.0 authentication
- Multi-language client libraries
- PostgreSQL for reliable data storage
- Redis for caching and real-time coordination
- Horizontal scalability
- Container deployment support
- Comprehensive monitoring and logging
┌─────────────────┐
│ TMI Web App │ (Angular/TypeScript)
│ (tmi-ux) │
└────────┬────────┘
│ HTTPS/WSS
▼
┌─────────────────┐
│ TMI Server │ (Go)
│ (tmi) │
└────────┬────────┘
│
┌────┴────┐
▼ ▼
┌──────┐ ┌───────┐
│ PgSQL│ │ Redis │
└──────┘ └───────┘
This wiki is organized by task area, aligned with different audiences:
- Getting Started - For end users learning to use TMI
- Deployment - For operators deploying TMI
- Operation - For SREs/DevOps running TMI
- Troubleshooting - For everyone solving problems
- Development - For contributors and integrators
- Integrations - For power users and developers
- Tools - For using TMI utilities
- API Reference - For API integration
- Reference - For quick lookup
- Visit tmi.dev to use the hosted version
- Read Creating Your First Threat Model
- Explore Working with Data Flow Diagrams
- Review Planning Your Deployment
- Follow Deploying TMI Server
- Configure Setting Up Authentication
- Set up your Development Environment
- Understand the Architecture and Design
- Review API Integration guide
- GitHub Issues: Report bugs or request features in component repositories
- Discussions: Join conversations about TMI development and usage
- API Documentation: http://api-docs.tmi.dev.s3-website-us-east-1.amazonaws.com
- OpenAPI Specification: tmi-openapi.json
TMI is licensed under the Apache License 2.0, allowing for customization and commercial use.
See license.txt for details.
- Using TMI for Threat Modeling
- Accessing TMI
- Creating Your First Threat Model
- Understanding the User Interface
- Working with Data Flow Diagrams
- Managing Threats
- Collaborative Threat Modeling
- Using Notes and Documentation
- Metadata and Extensions
- Planning Your Deployment
- Deploying TMI Server
- Deploying TMI Web Application
- Setting Up Authentication
- Database Setup
- Component Integration
- Post-Deployment
- Monitoring and Health
- Database Operations
- Security Operations
- Performance and Scaling
- Maintenance Tasks