Threat-Dragon-ng

by OWASPv2.6.2

Last updated Jun 8, 2026

Threat Dagon is an open source threat modeling tool and is an official OWASP project. It is used to draw threat modeling diagrams and to list threats for elements in the diagram

Visit homepage

Install with winget

$ winget install --id OWASP.ThreatDragon --exact --version 2.6.2

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for Threat-Dragon-ng

Threat-Dragon-ng uses EXE (NSIS). The silent install switches are /S.

One-line silent install (x64)

Threat-Dragon-ng-Setup-2.6.2.exe /S

See the full silent install reference for Threat-Dragon-ng →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

OWASP Threat Dragon is a free, open-source, cross-platform threat modeling application. It is used to draw threat modeling diagrams and to list threats for elements in the diagram along with their remediations.

Threat Dragon is designed to be accessible for various types of teams, with an emphasis on flexibility and simplicity. It is an OWASP Lab Project and follows the values and principles of the threat modeling manifesto

Installers · v2.6.2

Architecture	Type	Scope	Install	Download
x64	EXE NSIS	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

No known CVEs for Threat-Dragon-ng.

Coverage is best-effort and depends on a winget package mapping to an NVD CPE entry. Absence here is not a guarantee of safety.

Related apps

C
CycloneDX CLICycloneDX Team
CycloneDX.CLIv0.31.0
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
C
CycloneDX Generator (cdxgen)OWASP Foundation
CycloneDX.cdxgenv12.5.1
A polyglot tool and a library for generating various Bill of Materials in CycloneDX specification.

More from OWASP or browse owasp, owasp-threat-dragon, sdlc.

Frequently asked questions

How do I install Threat-Dragon-ng on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id OWASP.ThreatDragon --exact --version 2.6.2. winget downloads the installer from OWASP and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Threat-Dragon-ng silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id OWASP.ThreatDragon --exact 2.6.2 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for Threat-Dragon-ng?

Threat-Dragon-ng uses EXE (NSIS). Run the downloaded installer with: Threat-Dragon-ng-Setup-2.6.2.exe /S. The silent switches are /S.

How do I uninstall Threat-Dragon-ng via winget?

Run: winget uninstall --id OWASP.ThreatDragon --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Threat-Dragon-ng's Apps & Features entry.

Is Threat-Dragon-ng free?

Threat-Dragon-ng is distributed under Apache-2.0. Refer to the publisher (https://github.com/OWASP/threat-dragon/releases) for the full license terms - Wingetly itself does not charge for installation.

Does Threat-Dragon-ng work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Threat-Dragon-ng directly from the publisher.

How do I keep Threat-Dragon-ng up to date?

Run winget upgrade --id OWASP.ThreatDragon --exact, or winget upgrade --all to update everything winget tracks. We index 7 versions of Threat-Dragon-ng from microsoft/winget-pkgs.

Recent versions

2.6.2latest
2.6.1
2.6.0
2.5.0
2.4.1
2.3.0
2.2.0