Merge pull request #229 from izar/colormap

Colormap

README.md

@@ -76,6 +76,7 @@ optional arguments:
   --exclude EXCLUDE     specify threat IDs to be ignored
   --seq                 output sequential diagram
   --list                list all available threats
+  --colormap            color the risk in the diagram
   --describe DESCRIBE   describe the properties available for a given element
   --list-elements       list all elements which can be part of a threat model
   --json JSON           output a JSON file
@@ -113,6 +114,9 @@ Element class attributes:
 
 ```
 
+The *colormap* argument, used together with *dfd*, outputs a color-coded DFD where the elements are painted red, yellow or green depending on their risk level (as identified by running the rules).
+
+
 ## Creating a Threat Model
 
 The following is a sample `tm.py` file that describes a simple application where a User logs into the application
@@ -200,6 +204,8 @@ tm.process()
 
 ```
 
+You also have the option of using [pytmGPT](https://chat.openai.com/g/g-soISG24ix-pytmgpt) to create your models from prose!
+
 ### Generating Diagrams
 
 Diagrams are output as [Dot](https://graphviz.gitlab.io/) and [PlantUML](https://plantuml.com/).
@@ -303,10 +309,13 @@ user_to_web.overrides = [
         threat_id="INP02",
         cvss="9.3",
         response="""**To Mitigate**: run a memory sanitizer to validate the binary""",
+        severity="Very High",
     )
 ]
 ```
 
+If you are adding a Finding, make sure to add a severity: "Very High", "High", "Medium", "Low", "Very Low".
+
 ## Threats database
 
 For the security practitioner, you may supply your own threats file by setting `TM.threatsFile`. It should contain entries like: