git clone https://github.com/precogly/precogly.git
cd precogly
docker compose up --buildOpen http://localhost:5173 and log in with admin@precogly.dev / admin123.
Open-source threat modeling tools lack enterprise features. Commercial tools come with heavy price tags and vendor lock-in.
Precogly bridges this gap and democratizes threat modeling for every org in the world.
- Import and export TM-BOM style JSON files - improves interoperability with other threat modeling platforms
- A threat modeling workspace allows for team collaboration
- An advanced DFD editor (allows for nested components, trust zones with trust boundaries and much more)
- Community library packs with links to taxonomies like MITRE ATT&CK, CAPEC, LINDDUN, STRIDE etc. - allows your team to quickly create high quality threat models
- Security architects looking to scale threat modeling in their orgs.
- Vibe coding security engineers who need a well-architected CRUD foundation on which they can build their AI threat modeling assistants.
- Threat modeling consultants and trainers looking for a platform that supports reference images, team collaboration, and structured threat modeling programs.
- Compliance professionals looking to link threat modeling with security requirements coming from standards like ASVS or laws like CRA and DORA
Precogly is designed for enterprise workflows, but smaller organizations can also find value in the DFD editor, library packs, and collaborative workspace.
- Compliance-aware — Built-in traceability to DORA, CRA, ASVS, NIST CSF, SOC 2, and more. Every threat and countermeasure maps to compliance requirements.
- Structured library packs — Not just brainstorming. Curated packs with components, threats, countermeasures, and taxonomy links (MITRE ATT&CK, CAPEC, CWE, STRIDE) give your team a structured starting point.
- AI-agent ready architecture — A clean REST API with full OpenAPI docs, designed to be a foundation for AI-powered threat modeling assistants.
- Pack ecosystem — Community and official packs for AWS, Azure, GCP, banking, and compliance frameworks. Extend or create your own.
- Frontend: React 19, TypeScript, Tailwind CSS, shadcn/ui, React Flow
- Backend: Django 5.1, Django REST Framework, PostgreSQL 16
- Infrastructure: Docker, nginx (production)
- Open an issue
- Contribute a library pack
- Contribute to the codebase
If you find Precogly useful, give the project a star!
A special thanks to Jeroen Verwoest for generously sharing his knowledge about threat modeling at an enterprise-scale in a compliance-heavy environment.
Apache 2.0