Skip to main content

Create STRIDE Threat Categories

Define STRIDE threat types as an enumeration in your Polarion project:
  1. Navigate to Project Administration → Enumerations
  2. Create enumeration named stride_category
  3. Add enumeration values:
    • Spoofing
    • Tampering
    • Repudiation
    • Information Disclosure
    • Denial of Service
    • Elevation of Privilege

Configure STRIDE Columns

Open your risksheet.json configuration and add STRIDE-specific columns: 
{
  "columns": [
    {
      "id": "threat_category",
      "header": "STRIDE Category",
      "binding": "threat_category",
      "type": "enum",
      "level": 1,
      "width": 150
    },
    {
      "id": "threat_description",
      "header": "Threat Description",
      "binding": "description",
      "type": "text",
      "level": 1,
      "width": 300
    },
    {
      "id": "impact_level",
      "header": "Impact",
      "binding": "impact",
      "type": "enum",
      "level": 1,
      "width": 100
    },
    {
      "id": "likelihood",
      "header": "Likelihood",
      "binding": "likelihood",
      "type": "enum",
      "level": 1,
      "width": 100
    }
  ]
}

Configure Risk Calculation

Add a formula to calculate risk score based on impact and likelihood: 
{
  "formulas": {
    "strideRisk": "function(info) { var impact = {'Low': 1, 'Medium': 2, 'High': 3, 'Critical': 4}[info.item['impact']]; var likelihood = {'Rare': 1, 'Unlikely': 2, 'Possible': 3, 'Likely': 4}[info.item['likelihood']]; return impact && likelihood ? impact * likelihood : null; }"
  },
  "columns": [
    {
      "id": "risk_score",
      "header": "Risk Score",
      "type": "int",
      "formula": "strideRisk",
      "level": 1,
      "width": 100,
      "readOnly": true
    }
  ]
}

Add Conditional Formatting

Apply color coding to visualize risk levels: 
{
  "cellDecorators": {
    "strideRisk": "function(info) { var val = info.value; $(info.cell).toggleClass('risk-low', val >= 1 && val <= 4); $(info.cell).toggleClass('risk-medium', val >= 5 && val <= 8); $(info.cell).toggleClass('risk-high', val >= 9 && val <= 12); $(info.cell).toggleClass('risk-critical', val > 12); }"
  },
  "styles": {
    ".risk-low": "background-color: #eaf5e9 !important; color: #1d5f20 !important;",
    ".risk-medium": "background-color: #fff3d2 !important; color: #735602 !important;",
    ".risk-high": "background-color: #ffe0b2 !important; color: #8b3a00 !important;",
    ".risk-critical": "background-color: #f8eae7 !important; color: #ab1c00 !important;"
  },
  "columns": [
    {
      "id": "risk_score",
      "cellDecorator": "strideRisk"
    }
  ]
}

STRIDE Analysis Workflow

diagram
Some threats may fall into multiple STRIDE categories. Use the multi-enum column type to allow selection of multiple categories per threat.
Configure downstream task linking for mitigation tracking: 
{
  "dataTypes": {
    "task": {
      "type": "task",
      "role": "mitigates",
      "name": "Mitigation"
    }
  },
  "columns": [
    {
      "id": "mitigation_task",
      "header": "Mitigation",
      "type": "taskLink",
      "level": 2,
      "width": 200
    }
  ]
}
Ensure impact and likelihood enumerations exist in your Polarion project and match the values used in the risk calculation formula. Mismatched values will result in null risk scores.

Verification

You should now see:
  • STRIDE category dropdown in the threat category column with all six categories
  • Auto-calculated risk scores when impact and likelihood are set
  • Color-coded risk cells based on risk score thresholds
  • Linked mitigation tasks in downstream columns

See Also

Support TicketsSource Code
  • risksheet.json
  • PolarionAppConfigManager.java
  • RisksheetProjectProperties.java
  • DefaultTraceProvider.java
  • ComparisonManager.ts