IriusRisk Team
The Threat Modeling Experts
July 20, 2023

Product Update: Release 4.18

Product Update: Release 4.18

We are excited to announce the release of IriusRisk 4.18 which includes these new enhancements and features

  • Simplified mapping files for Lucidchart AWS Stencils and Terraform Plan files
  • Manage templates faster with bulk actions for threats and countermeasures in Templates
  • Threat model your application logic with 4 new functional components
  • And more!

Simplified mapping files for Lucidchart AWS Stencils and Terraform Plan files

LucidChart stencils are versioned by year, which means that many objects have multiple versions available. For example AmazonCloudWatchAWS19 and AmazonCloudWatchAWS2021. This means that custom mapping files for LucidCharts involve a lot of duplicate entries when mapping those different objects to components in IriusRisk.

As of IriusRisk v4.18 you do not need to specify these years when customizing a mapping file, as the mapping will be agnostic to the year. This simplifies the mapping file customization and also means that there is no need to update a custom mapping file when a new stencil version is used in the diagrams.

Terraform Plan mapping files have also had a drastic reformat, and are now significantly easier to manage. For more information on Terraform Plan file mapping, see Terraform Plan Mapping - StartLeft.

Bulk actions for threats and countermeasures in Templates

Templates are helpful in creating new projects, by speeding things up and giving you a starting point to work from. As of this release it is possible to execute bulk actions over threats and countermeasures on Templates, saving you time creating those re-usable templates.

Keep your threat models tidy with a new setting to automatically remove weaknesses without countermeasures

We have added a new global and project level setting that will automatically remove weaknesses that don’t have any identified countermeasures associated with them.

When the rules engine executes and removes threats and countermeasures that no longer apply, checking this new setting will also remove any empty weaknesses.

Support for Bearer authentication for Jira integration

This was technically released in a v4.17.2 hotfix, but we’re officially communicating this now.

In addition to traditional username and password authentication for Jira, you can now also use “Personal Access Tokens”, giving you a more secure way to connect to Jira. This applies to both Jira 8 and Jira 9.

Threat model your application logic with more functional components

The following new functional components have been released:

  • Push Notification
  • Checkout
  • File Generator
  • Plugin System

Other Security Content

The following new GCP components have been released:

  • GCP Endpoints
  • GCP Private Access
  • GCP PSC (Private Service Connect)
  • GCP Serverless VPC Access

We have also updated two standards:

  • OWASP MASVS updated to version 2.0.0
  • OWASP API Security Top Ten updated to version 2023

Configure IR to run with custom DB schema

On-premise customers that want to use a custom Postgres DB schema for IriusRisk can now do so. You can either do it via an environment variable:


or in docker, adding -DIRIUS_DB_SCHEMA=test_schema to the CATALINA_OPTS environment variable segment will do the same.

Note: If you set a custom schema and you are also a user of IriusRisk Analytics, then you must add that custom schema information to Analytics when configuring the PostgreSQL datasource.


ThreadFix Test Import Notice

From September 2023 the import test result functionality for ThreadFix will be removed.

Release notes

For more information, see the Version 4.18 Release Notes.

Shape the future of Threat Modeling with us!

Join IriusRisk Horizon

IriusRisk Horizon - Customer Research, Product Discovery, and Early Access. Join today.