Threat Modeling — Design · Code · Review · Ship

Your scanner
can’t see
this.

Arcwall is the threat modeling platform that catches what scanners miss — AI-powered analysis of architectural risks, trust boundary gaps, and design-level vulnerabilities across every stage of your SDLC.

Get free API key → See how it works

✓ Architecture Review ✓ Code Analysis ✓ CI/CD Pipeline ✓ Audit Evidence

// Design-stage threat model — payments service

arcwall — payments-service

► /design-threat-model // System: Payment API — Stripe, PostgreSQL, JWT // Actors: customers, admins, webhook endpoints ✓ Trust boundaries identified: 4 ✓ Data flows mapped: 7 ⚠ Elevation of Privilege — [FROM DESIGN] No role enforcement defined at API boundary layer ⚠ Repudiation — [INFERRED] Webhook actions may not have immutable audit trail ⊙ Webhook auth — [NEEDS INPUT] Does the webhook endpoint validate Stripe signatures? Threat model written → /threat-model.md ►

◆ Architecture review

◆ Design-stage threat modeling

◆ Code-stage STRIDE analysis

◆ CI/CD pipeline integration

◆ Full SDLC audit trail

◆ Not a vulnerability scanner

◆ Collaborative workflow

◆ Audit-ready evidence packages

◆ Architecture review

◆ Design-stage threat modeling

◆ Code-stage STRIDE analysis

◆ CI/CD pipeline integration

◆ Full SDLC audit trail

◆ Not a vulnerability scanner

◆ Collaborative workflow

◆ Audit-ready evidence packages

01 — How It Works

Every stage.
One
audit trail.

From first architecture decision to production deployment. Security built into every stage of how you ship — not bolted on at the end.

Architecture Review

Start at the design stage

No code yet? Good. The best time to find architectural risk is before a line is written. Describe your system through a structured intake — entry points, external services, actors, sensitive data — and Arcwall builds a full STRIDE threat model from your design alone.

Code Review

Continue into the codebase

When code exists, Arcwall scans it — auth patterns, trust boundaries, data flows, external calls. Every finding is tagged by confidence: [FROM CODE], [FROM DESIGN], [INFERRED], or [NEEDS INPUT]. Design-stage models are compared against code output to surface implementation drift.

Continuous Pipeline

Automate into CI/CD

Run Arcwall in your pipeline. Only new risks surface per PR — no re-reading the same findings every merge. Security leads comment inline, engineers get findings assigned, and every disposition feeds back into improving future scans.

Audit Evidence

Ship with proof it was done

Every threat model is versioned, immutable, and exportable as a formal PDF evidence package — signed, dated, pinned to a commit SHA. One click produces everything an auditor needs for SOC 2, ISO 27001, or FedRAMP. The full SDLC trail, from design through deployment.

02 — Three Modes

Three modes.
One workflow.

/design-threat-model

Start at architecture

No code needed. Describe your system — what it does, entry points, external services, actors, sensitive data. Arcwall produces a full STRIDE threat model from your architecture design alone.

~15 min Design stage NIST SA-11

/build-threat-model

Scan existing code

Scans the open repository — auth patterns, trust boundaries, data flows, external calls — and produces a complete STRIDE threat model pinned to the current commit SHA.

~20 min Markdown output Git-tracked

/review-threat-model

Score against your baseline

Evaluates any threat model against OWASP ASVS or your own security standard. Returns severity-rated gaps with control references, remediation guidance, and an audit-ready evidence package.

~5 min Severity rated Jira-ready

03 — What We Find

The risks no
scanner can
find.

Scanners find CVEs. Arcwall finds the architectural risks that require understanding what your system is supposed to do — and what happens when it doesn’t.

S — Spoofing

Trust boundary gaps

Services that implicitly trust internal callers without explicit verification at zone boundaries.

T — Tampering

Broken authorization logic

Role assumptions baked into data flow that break under privilege escalation scenarios.

R — Repudiation

Missing audit trails

Actions in your system that leave no record — impossible to attribute or reconstruct after the fact.

I — Info Disclosure

Data flow exposure

Sensitive data traveling through intermediate services or logs without explicit data classification.

D — Denial of Service

Resource exhaustion paths

Business logic paths that a motivated attacker could exploit without sophisticated tooling.

E — Elevation of Privilege

Architectural weaknesses

Unauthenticated internal APIs, single points of failure, and missing rate limiting assumptions.

Traditional scanners

✕ Find CVEs and dependency vulnerabilities
✕ Flag known bad patterns in code
✕ Only work after code exists
✕ Cannot reason about system architecture
✕ No context about what the system does

Arcwall — SDLC Security
✓ Works at the architecture and design stage
✓ Works at the code stage — scans existing repos
✓ Runs continuously in CI/CD pipelines
✓ Flags design-level risks scanners cannot see
✓ Collaborative — inline comments, assignments
✓ Produces formal audit evidence packages
✓ Complements Snyk, SonarQube, BurpSuite

04 — Pricing

Start free.
Scale when ready.

10 free architecture reviews per month. No credit card. API key in 60 seconds.

Free

forever

✓ 10 reviews per month
✓ All three modes
✓ OWASP ASVS baseline
✓ Markdown export
✓ VS Code + Claude Code
— Custom baselines
— Audit evidence packages

Pro Popular

^$29

per month

✓ Unlimited reviews
✓ All three modes
✓ OWASP ASVS baseline
✓ Markdown + PDF export
✓ Priority processing
✓ Audit evidence packages
✓ Email support

Enterprise

Custom

annual contract

✓ Everything in Pro
✓ Custom security standards
✓ Jira / Azure DevOps sync
✓ Team dashboard
✓ SSO / SAML
✓ Self-hosted option
✓ 14-day free trial

14-DAY FREE TRIAL — NO CREDIT CARD

Your scannercan’t seethis.

Every stage.Oneaudit trail.