At the last step, you can operationalize the threat model outputs. At this step, you can review security requirements, actions, tests, and other tasks that were deemed relevant as a result of the threat modeling.
We group these downstream activities into four groups:
Mitigation Actions: These are tasks that need to be performed by security or engineering teams. You can directly push these tasks to your issue tracking platform.
Automated Tests: These are tests that DevArmor can automatically run in GitHub. They act as policies that apply to code review performed by DevArmor.
Maual Tests: These items are tests that cannot be run automatically and need to be run manually by users.
Penetration Tests: These are penetration test scopes that can be pushed to bug bounty programs or penetration testing consultants.
