View and edit Threat Composer files (.tc.json) directly within Visual Studio Code using the AWS Toolkit extension.
The Threat Composer VS Code extension provides a native editing experience for threat models within your development environment. This integration allows you to:
- Create, view, and edit
.tc.jsonfiles directly in VS Code - Work with threat models alongside your code
- Leverage VS Code's powerful editor features
- Maintain threat models in version control with your codebase
The Threat Composer functionality is included in the AWS Toolkit for Visual Studio Code extension.
- Open Visual Studio Code
- Go to the Extensions view (
Ctrl+Shift+XorCmd+Shift+Xon Mac) - Search for "AWS Toolkit"
- Click Install on the AWS Toolkit extension
code --install-extension AmazonWebServices.aws-toolkit-vscodeOnce installed, .tc.json files will automatically open in the Threat Composer editor:
- Open any
.tc.jsonfile in VS Code - The Threat Composer custom editor will launch automatically
- If it doesn't open automatically, right-click the file and select Open With > Threat Composer
- Create a new file with the
.tc.jsonextension - The Threat Composer editor will open with an empty threat model
- Start building your threat model using the visual interface
The VS Code extension provides the same full-featured interface as the web application:
- Application Info: Define your system description
- Architecture: Document system architecture with diagrams
- Data Flow: Map data flows and trust boundaries
- Assumptions: Capture design and security assumptions
- Threats: Identify and document threats using threat grammar
- Mitigations: Define mitigation strategies
- Insights: Review threat model quality metrics
The extension automatically associates with .tc.json files. You can also:
- Set Threat Composer as the default editor for
.tc.jsonfiles - Use "Open With" to choose between Threat Composer and text editor views
- Edit the raw JSON when needed by opening with the default text editor
All features from the web application are available:
- Threat statement composition with grammar support
- Visual architecture and data flow diagrams
- Threat and mitigation linking
- Assumption tracking
- Insights dashboard
- Export to Markdown, DOCX, and PDF
- Native File Handling: Works with VS Code's file system
- Version Control: Seamlessly integrates with Git and other VCS
- Workspace Support: Manage multiple threat models in your workspace
- Side-by-Side Editing: View threat models alongside code
- Search: Find threat models using VS Code's file search
- Works completely offline
- No external dependencies required
- All data stored locally in
.tc.jsonfiles
The Threat Composer VS Code extension is part of the AWS Toolkit for Visual Studio Code:
- Repository: aws/aws-toolkit-vscode
- Threat Composer Code: packages/core/src/threatComposer
For detailed documentation on using the Threat Composer extension:
- VS Code Version: 1.70.0 or higher
- Operating Systems: Windows, macOS, Linux
- File Format: Threat Composer v1 schema (
.tc.json)
- Commit
.tc.jsonfiles to your repository - Review threat model changes in pull requests
- Track threat model evolution over time
- Use branches for experimental threat modeling
project/
├── src/
├── docs/
│ └── threat-models/
│ ├── api-gateway.tc.json
│ ├── database.tc.json
│ └── authentication.tc.json
└── README.md
- Share
.tc.jsonfiles with team members - Use VS Code Live Share for collaborative threat modeling
- Export to Markdown for documentation
- Include threat models in code reviews
- Ensure AWS Toolkit extension is installed and enabled
- Reload VS Code window (
Ctrl+Shift+P> "Reload Window") - Check VS Code version compatibility
- Review VS Code extension logs
- Verify file has
.tc.jsonextension - Right-click file > "Open With" > "Threat Composer"
- Check file is valid JSON format
- Ensure file follows Threat Composer schema
- Large threat models may take time to load
- Consider splitting very large models into multiple files
- Close unused editor tabs
- Increase VS Code memory limit if needed
For issues and questions:
- AWS Toolkit Issues: GitHub Issues
- Threat Composer Core: GitHub Issues
- AWS Support: AWS Support Center